Overview

overview

7

Static

static

3

f256b84171...0N.exe

windows7-x64

7

f256b84171...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f256b8417180964dd0c32294e7e0d670N.exe

  • Size

    2.7MB

  • MD5

    f256b8417180964dd0c32294e7e0d670

  • SHA1

    9e4ba5fa77ec32077a43901bf8bfcc2011089294

  • SHA256

    918d3f2d20453b54e1507098f949af54cce2f54ea0ba353a44231eb15697e407

  • SHA512

    6dd402e292e2268fb10e342001d0093f67ba5f8aefecdd325b77ea0405ee3c13d2572b222964c492cab4d0580c52d444d1e9c1fecb3f7fa43de61bdb9c30f170

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBe9w4Sx:+R0pI/IQlUoMPdmpSp04

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f256b8417180964dd0c32294e7e0d670N.exe
    "C:\Users\Admin\AppData\Local\Temp\f256b8417180964dd0c32294e7e0d670N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\SysDrvQ0\adobloc.exe
      C:\SysDrvQ0\adobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    2926045e60e4c1f786a037fd3ee23b5f

    SHA1

    682ab310cf6eff397785fe514f87eb052d6867a9

    SHA256

    7dceceeff41723ba91656ea4cb18e5dc554cd50acf05a085b72e4add73d82555

    SHA512

    98c6a6b49efd75ce7858f45ca24076858541319fb0dd3284bf747144e461a958546fc771a9d0683224270314d2326db5fc51fd6687fef16dd02b4134ce63fba7

    Download Submit

  • C:\Vid4N\optixsys.exe
    Filesize

    2.7MB

    MD5

    273d69a04cc93040fb7a3af4b165110e

    SHA1

    3545b9b36cb73e44dc9ce4e375c9b1a2e7890d79

    SHA256

    becdda71f2580bbc8f9008264ec17c2406299b87a2a1495c7b08addfc4978bca

    SHA512

    f672219f152a84110ca9244aaf48bd5a7d6ad7685f94f58204223222e2cde7327f75d1751c49f6520b81cacc949c96a160cd01c5c185e3e82b952781928979a5

    Download Submit

  • \SysDrvQ0\adobloc.exe
    Filesize

    2.7MB

    MD5

    d83c026f1bb7b328b7fe09fed55c7583

    SHA1

    4bab0156a2ac0d0e3fdf1d61ca574b60a1b99c0f

    SHA256

    b6743363cefb1e5b791240b44005924cede304fabcb7f4933bf43e0b5479a028

    SHA512

    767f4cce28ec63b1aaf321da2b78762364edec1022f384a97f4b4e2b66cbb93f2b08417fcd4323a110896b06862b7033157c972785cd3ec91f656ecb7dd2875c

    Download Submit