Analysis

  • max time kernel
    119s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-07-2024 23:55

General

  • Target

    31271f0f4246219c520a7884fa86b330N.exe

  • Size

    2.7MB

  • MD5

    31271f0f4246219c520a7884fa86b330

  • SHA1

    61ffd943ec90bde4043c89ecbcd46df2ff3dd0b1

  • SHA256

    935f8a02e3b8197351243184f33448b450c2d3fdeb4cfacf9a1ba8f790288066

  • SHA512

    fabcb1a98438fa936965bb6058e9654971d682ef325112e7be44bbc846df6421d9eae4ba8b7ecd107471da2c062f006e2297073c60ccaa13bf50f6457fbd11ec

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSps4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31271f0f4246219c520a7884fa86b330N.exe
    "C:\Users\Admin\AppData\Local\Temp\31271f0f4246219c520a7884fa86b330N.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3656
    • C:\AdobeNN\abodsys.exe
      C:\AdobeNN\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeNN\abodsys.exe

    Filesize

    2.7MB

    MD5

    cc9a7e8526fbbc7f261f2531dca9c254

    SHA1

    52bdd9b6f442e268ea70c74591f0308dcb357237

    SHA256

    0c83d94a4a7b10d5fab0c77ed34793a0c3f9e8047bc7dde0f4d583e90f7a14cd

    SHA512

    417830955df4c7be0b9718f2ecb14d7d905f0156b068787ff4a7fef8ad588f4a16d6d27a217a0d596de972b535838c264953f4260f401109d780b8db0d4d6315

  • C:\MintE2\optixsys.exe

    Filesize

    206KB

    MD5

    6f239db8ea00bf2d01738c71bcd705b3

    SHA1

    bddcb75dc0acb6f6da3596fd5da36d052dd21795

    SHA256

    e492f79a2fc180b9e1fce09d399d34639ac3034554432ce785344d4bf07c2b4e

    SHA512

    6f3d0cb935a9c0303f88fabb4258a69e40ab011a7d47f2053c77af54395cd2d6ea941d17017bce4b9435c51497e256c5bf4240620e853cfd83dc2610a988ea14

  • C:\MintE2\optixsys.exe

    Filesize

    2.7MB

    MD5

    a1dd73e4f103bff521265dab13029e36

    SHA1

    eaf62b3d4bb1b36d9da4af1b172a5bc2c098e0ef

    SHA256

    279695402464ad911cd417a766252c4e6e9eb5b8aa0d5b2579f78743fd4422a6

    SHA512

    d8af8e03be589bb5bbf98e6ff44d9e3f5d3572a6575315dce2b1fcbe3e4edce7eef5a9d2483a0290f7b37cc7e7b11875a0bcd5a8095162d5c5f8cff7fae4d0dd

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    201B

    MD5

    3de40bd148e2f4c787ddd50c95f0f059

    SHA1

    895f90349e172ef005c2d4bf422cb7f737239bf2

    SHA256

    91bdce8d76d3296cb0fccbcb7cbfb05eb8d29161038b7aaec68ca30134b89d51

    SHA512

    9f893e369dab8f1b89d8eebdeb39f121d3b1c4a0807ae7538103abb251dcf4f400d49476a1e995b43ece623702540c048cc53dee617065dc006b2ccef9c6ba9a