Overview

overview

7

Static

static

3

13999c39c3...4b.exe

windows7-x64

7

13999c39c3...4b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13999c39c39ff30de74731043ac535fa4b4928cc95a1e291eda2ace8eddcd74b.exe

  • Size

    2.7MB

  • MD5

    b31f6d825a2bb92ba08b9ef8218bcfc7

  • SHA1

    044b5ef5826a5f43a8ee8d8bef867b3c9e009b7d

  • SHA256

    13999c39c39ff30de74731043ac535fa4b4928cc95a1e291eda2ace8eddcd74b

  • SHA512

    1f22044d0b7b51ed0a30defd1be30977d97cb246d929fae2c00875af8aa6d55666504ff5c6a426a4b9f43fd1962a0c4b3407f106ff78bb924eafc175f5dd1b62

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBT9w4Sx:+R0pI/IQlUoMPdmpSpv4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\13999c39c39ff30de74731043ac535fa4b4928cc95a1e291eda2ace8eddcd74b.exe
    "C:\Users\Admin\AppData\Local\Temp\13999c39c39ff30de74731043ac535fa4b4928cc95a1e291eda2ace8eddcd74b.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\AdobeOG\devbodloc.exe
      C:\AdobeOG\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    1e17f697601dd901aed4ff5179fc8c22

    SHA1

    a3cf1a78c55ea13ba266e6291b8356a7b2c3f3df

    SHA256

    af14be8942020cf3e6870e9afca24b0d5fb59d045b6dae6368abecf42f77878e

    SHA512

    2242989694258b0a236e07b5082ace4ea23d5901cfa95a1915f5731db767ebfba9af1d88844362c3cea6b3e42122551d5c9b1b5932991600d71433400084fb5c

    Download Submit

  • C:\VidTS\boddevsys.exe
    Filesize

    2.7MB

    MD5

    2cfd506fd1ac66b7274b6052156d3d1c

    SHA1

    513b37157c6c68f9dcd3ea00d33df98c98f2e98f

    SHA256

    8803496c80101dbd7c22becc29134f52cc2d4bf394856e932222d957296552c1

    SHA512

    2c4f41bbfec5723063a80934c535e1d2e0c4209d5abc80932eaf2e29d6bbe4510930724168066e7cc5094913a1f431f916e44ad7e43bf5ce6932b9a18de2358d

    Download Submit

  • \AdobeOG\devbodloc.exe
    Filesize

    2.7MB

    MD5

    880fa59e3b4954f8eb63e0f09fbe2d8e

    SHA1

    fde15786b5bfd6bc7afd63281bd812befb693951

    SHA256

    4ce91dd74dc85f0f54d67279c0e309fe8e503625134775c6a5263d1b2b804b77

    SHA512

    545fc0d08dcc25ed0426b6554740f835ba35ef763faf41fb344c017d335f76d8e76a67730173cf98427d0c111f9586c88861fbecc8e79652acbbc2827e26f536

    Download Submit