Overview

overview

7

Static

static

3

099436d058...0N.exe

windows7-x64

7

099436d058...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 21:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    099436d058ecb275e4cfc404e7e817e0N.exe

  • Size

    4.1MB

  • MD5

    099436d058ecb275e4cfc404e7e817e0

  • SHA1

    289362185b4a1fb5c3375fa99bc255f0c53a8490

  • SHA256

    89368d5b3583aa91e766e67e5501e23550d5e31cf39d2b18595078d9ae155c58

  • SHA512

    5a9acf265e0d9c544128b627f2700b3d30337a5e63cec577e1d6c9d754a6b7936ece6621c34bdfe60c47abc66f941dc5c15c6227161cdfefb15201e9209c158a

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpZ4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmm5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\099436d058ecb275e4cfc404e7e817e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\099436d058ecb275e4cfc404e7e817e0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\AdobeFW\abodloc.exe
      C:\AdobeFW\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2320

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\MintFT\dobxec.exe
          Filesize

          4.1MB

          MD5

          ccfa562a4f6749c78e734677e1052229

          SHA1

          5c99bffba614380426ff581b1e9f03461c8b4cae

          SHA256

          6554b11fbc9e846366a825b36981a80e2469f8ca35b9da37ffdca5cb0aaa9264

          SHA512

          a97f89af6d8b84d35e1f084f889f4a766d587c5df013b8af065ae86f31d2d319022f7c7102a54d73f708f591d2f2a6c9269911f2b5a7fe013bc0feeea8dd0ff0

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          198B

          MD5

          f2b7f9e4db28241b33b34c4a109bb2f4

          SHA1

          3b451d82fc13bfabda8bef26e1991fa056ef16e0

          SHA256

          502854852d27cd86e8c9939d7e92c09fc86a602ac3ac2ed67be7bf0b5fba7dc6

          SHA512

          306f69448da3a9f85bb4d4a9d1f4c429c158bc36fb884c6d51548d1e241cb8cf73e4d36fd31b62cc8d521e37ba27b55ab28c046e86162df242953752a1840472

          Download Submit

        • \AdobeFW\abodloc.exe
          Filesize

          4.1MB

          MD5

          d0b2ea6b10090abf38157db9c75bcc08

          SHA1

          4701826c9e76d2dc21ba885f897f68c42f2c8d20

          SHA256

          b32ee8b6cceca19d7a162064edd3241ba02379f2676c3cb2579d1fcd7d308d84

          SHA512

          2ae5cd91b2563a4fc80c84a1dbe31b718a326c45911552d3edcfa609c81092b09f69edb89093077fb35645fdc85861ec311298ada38eff594baa3f9bac1ed41b

          Download Submit