Analysis
-
max time kernel
119s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
15-07-2024 23:55
Static task
static1
Behavioral task
behavioral1
Sample
31271f0f4246219c520a7884fa86b330N.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
31271f0f4246219c520a7884fa86b330N.exe
Resource
win10v2004-20240704-en
General
-
Target
31271f0f4246219c520a7884fa86b330N.exe
-
Size
2.7MB
-
MD5
31271f0f4246219c520a7884fa86b330
-
SHA1
61ffd943ec90bde4043c89ecbcd46df2ff3dd0b1
-
SHA256
935f8a02e3b8197351243184f33448b450c2d3fdeb4cfacf9a1ba8f790288066
-
SHA512
fabcb1a98438fa936965bb6058e9654971d682ef325112e7be44bbc846df6421d9eae4ba8b7ecd107471da2c062f006e2297073c60ccaa13bf50f6457fbd11ec
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSps4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3788 abodsys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\AdobeNN\\abodsys.exe" 31271f0f4246219c520a7884fa86b330N.exe Set value (str) \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintE2\\optixsys.exe" 31271f0f4246219c520a7884fa86b330N.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3788 abodsys.exe 3788 abodsys.exe 3656 31271f0f4246219c520a7884fa86b330N.exe 3656 31271f0f4246219c520a7884fa86b330N.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3656 wrote to memory of 3788 3656 31271f0f4246219c520a7884fa86b330N.exe 86 PID 3656 wrote to memory of 3788 3656 31271f0f4246219c520a7884fa86b330N.exe 86 PID 3656 wrote to memory of 3788 3656 31271f0f4246219c520a7884fa86b330N.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\31271f0f4246219c520a7884fa86b330N.exe"C:\Users\Admin\AppData\Local\Temp\31271f0f4246219c520a7884fa86b330N.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3656 -
C:\AdobeNN\abodsys.exeC:\AdobeNN\abodsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3788
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5cc9a7e8526fbbc7f261f2531dca9c254
SHA152bdd9b6f442e268ea70c74591f0308dcb357237
SHA2560c83d94a4a7b10d5fab0c77ed34793a0c3f9e8047bc7dde0f4d583e90f7a14cd
SHA512417830955df4c7be0b9718f2ecb14d7d905f0156b068787ff4a7fef8ad588f4a16d6d27a217a0d596de972b535838c264953f4260f401109d780b8db0d4d6315
-
Filesize
206KB
MD56f239db8ea00bf2d01738c71bcd705b3
SHA1bddcb75dc0acb6f6da3596fd5da36d052dd21795
SHA256e492f79a2fc180b9e1fce09d399d34639ac3034554432ce785344d4bf07c2b4e
SHA5126f3d0cb935a9c0303f88fabb4258a69e40ab011a7d47f2053c77af54395cd2d6ea941d17017bce4b9435c51497e256c5bf4240620e853cfd83dc2610a988ea14
-
Filesize
2.7MB
MD5a1dd73e4f103bff521265dab13029e36
SHA1eaf62b3d4bb1b36d9da4af1b172a5bc2c098e0ef
SHA256279695402464ad911cd417a766252c4e6e9eb5b8aa0d5b2579f78743fd4422a6
SHA512d8af8e03be589bb5bbf98e6ff44d9e3f5d3572a6575315dce2b1fcbe3e4edce7eef5a9d2483a0290f7b37cc7e7b11875a0bcd5a8095162d5c5f8cff7fae4d0dd
-
Filesize
201B
MD53de40bd148e2f4c787ddd50c95f0f059
SHA1895f90349e172ef005c2d4bf422cb7f737239bf2
SHA25691bdce8d76d3296cb0fccbcb7cbfb05eb8d29161038b7aaec68ca30134b89d51
SHA5129f893e369dab8f1b89d8eebdeb39f121d3b1c4a0807ae7538103abb251dcf4f400d49476a1e995b43ece623702540c048cc53dee617065dc006b2ccef9c6ba9a