Overview

overview

7

Static

static

3

50b6905527...0N.exe

windows7-x64

7

50b6905527...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50b69055278acd61d583b1ee97970960N.exe

  • Size

    2.7MB

  • MD5

    50b69055278acd61d583b1ee97970960

  • SHA1

    688496cb8f3969c2477b5ca551b6ef04ae8c5eea

  • SHA256

    fd2ed74bf18c5ae5cd0eeafb1b07b9bd94a43102adc1ba99ed8aacd60c58306b

  • SHA512

    ef0a31729a7fd9449cafb413db752bed0c8d0253a6ebb081b9bae14fc7981b915231e6084b1612cf397dd55f8fad46a215fb1cee9a18494bfd03b6e877ca4c6b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBs9w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50b69055278acd61d583b1ee97970960N.exe
    "C:\Users\Admin\AppData\Local\Temp\50b69055278acd61d583b1ee97970960N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\AdobeNN\abodsys.exe
      C:\AdobeNN\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeNN\abodsys.exe
    Filesize

    2.7MB

    MD5

    b7624673ea883950bc0ca27aa32cb1e6

    SHA1

    a48d5dd27e98dab31699deed95801d70a87534c1

    SHA256

    572abab0fa079d57d727ca01d297fd679ef2647b44530228a21161587154a542

    SHA512

    83769862cdf89d321304bfc0b83974f9f0c62f58a483c60af8793ee0cd5ffb6772049f135ff1f8527122d37cd56b747724f7ec7f3e06df5fa26e3caa9a89dc5a

    Download Submit

  • C:\MintE2\optixsys.exe
    Filesize

    342KB

    MD5

    5ca82217c7a6c70c5a767fa3f0ba4d12

    SHA1

    d61947c5c54ec5f788c1b3cc94439e5063c8937f

    SHA256

    610714ba9d7e8d1e0ee41a8b8f8d5a35317a10f612fa0989d030fc9306e97454

    SHA512

    5638ba7d2bdeed4be71e973590d4536320cb161e9f282a03a69f02ba4532478f7afb33b90d42ce2888422ea3c47b2b8e51e9ed36d72b8372e4f9bc09e5c0e4cf

    Download Submit

  • C:\MintE2\optixsys.exe
    Filesize

    2.7MB

    MD5

    5d0f7ec6835cefa25e1262cd9bd29f49

    SHA1

    01d1c7a17ac8fc6c4975c20ad92f636fac56089e

    SHA256

    fd34ef35631a36fd9f82de009d6b9427c13e4af4f746767b02b55bbbe8727274

    SHA512

    3f8730c2787737397948d14b6ef923de844798ff24792af171ca8d3d2ba268ae8fa0882f1e6e084fccaa1821be855e600906fc8fa0a04b1f4e010e3c8063a1f6

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    ceb9608b2b139088d13f14373ed477bc

    SHA1

    bf10e4104652bbb00741063399b365b83545074f

    SHA256

    f2c4f7e3b1551cdb1a07d31ea80cc21997119609a55fc6f7a9ae05feb1e0f918

    SHA512

    5a65b252bb5856eb7e717a9c4db92274f09cc4435ed51665d6b661784315b10b0d146d771cddf241f1f6b7324f58e15f3b2b920e46a5ff67dab14e5e0013a7de

    Download Submit