Overview

overview

7

Static

static

3

4095ae2397...0N.exe

windows7-x64

7

4095ae2397...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    24/07/2024, 03:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4095ae2397a943026297f724e72c6060N.exe

  • Size

    2.7MB

  • MD5

    4095ae2397a943026297f724e72c6060

  • SHA1

    5747fc0df0e573d4d5290b5e6cc7d32bdb905fe7

  • SHA256

    04911ff54ef313201449bf5b1508900582d8f5c6afea3a618f4f5f5b55f067cf

  • SHA512

    a60f2a7588245d0d952dd55a9c7906f9781f78a8ea7bce99766029d742859d09ec36c4ff6628d5aa8f10e0ecb0fa82ca34eb98e134f65b4b5eca0f36b0ed9456

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBd9w4Sx:+R0pI/IQlUoMPdmpSp94

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4095ae2397a943026297f724e72c6060N.exe
    "C:\Users\Admin\AppData\Local\Temp\4095ae2397a943026297f724e72c6060N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\AdobePL\devoptiec.exe
      C:\AdobePL\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBXS\dobxec.exe
    Filesize

    97KB

    MD5

    110bf7818ba66545aa138324b90a80d3

    SHA1

    d1b8e85e2768a3e5c7925c9602d95a349d6afed8

    SHA256

    3a70675d35e4a7ee6317294577aaee93d0ec67bffe684c623d4a94d8bd40f961

    SHA512

    6c33a7365b3298978fd860259326a530a6bef21e8f752c5d885f7b4583d17a522f035988ba26ea6d59474d48d908bb005c1ec573f187abe5dddb4b3bf1775e82

    Download Submit

  • C:\KaVBXS\dobxec.exe
    Filesize

    2.7MB

    MD5

    55a0d122982ec08a032338aa8ed63f54

    SHA1

    233e53dea022a322e1e28df919030fd5b27f1869

    SHA256

    ab728faf302187f17e5a2ce9ec495d516074103352b8c34aec06b46fa3b856cc

    SHA512

    f4c4ff56d74a1874789fb13e6ac849f1fee891adc23c03b846fa64f325992cbc52903b9a847ec5d7b4df630b3670055b56bd0aeff0c68a41fb4ac1863ad11981

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    3d0a4c906b18a2a0331eb177124a7187

    SHA1

    ea43513abeaf23c453ca67aa1e5ff1390d1c4f90

    SHA256

    8211dc6a011aca23df8bda41ea39b1971eb902532f939f9e820f5f47e4999a97

    SHA512

    8827e1a7d838a2b8aa63560d623c3039b896dc6341501c8aef26c52489dcb599e3ebdee3aa0db148558aad98cfe483dcd601816385265b3ab50ad5aad5cf8db6

    Download Submit

  • \AdobePL\devoptiec.exe
    Filesize

    2.7MB

    MD5

    afccfad89d41e694db063c816848ced8

    SHA1

    3b7e393227c0a4741bcae13c82656fcc675d1cc6

    SHA256

    ae2471e638b728ddb0a89938c57e306411238871f4768c979eb49d2217fe4515

    SHA512

    76493f4a85f72d18ffd45bcfe6e7705fd4f8efa836c4d54c96fc49eb0efcb130e42736768c2097e8dbf1231198282b19907ef83dd321daf94a18377f47b8f4c0

    Download Submit