Overview

overview

7

Static

static

3

b52a1cd4e2...0N.exe

windows7-x64

7

b52a1cd4e2...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 09:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b52a1cd4e226f46b7602e7026fcb6710N.exe

  • Size

    3.1MB

  • MD5

    b52a1cd4e226f46b7602e7026fcb6710

  • SHA1

    4cc3ca02561bf9a9618db1e0c186430249e82d67

  • SHA256

    486e014fb47948bfe6c4ad02f2eb7492d4a84cff4089118ddc3331bfbf363884

  • SHA512

    bedf9ff1a8a39cafe06b8b36403f20712565a05b89a5f701a668da0f327caabc874c99bcc41858fd14bea59ed95bd07528ce54568289fef4ee4cab203c340608

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBe9w4Su+LNfej:+R0pI/IQlUoMPdmpSpY4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b52a1cd4e226f46b7602e7026fcb6710N.exe
    "C:\Users\Admin\AppData\Local\Temp\b52a1cd4e226f46b7602e7026fcb6710N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\AdobeOL\adobsys.exe
      C:\AdobeOL\adobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB4G\dobdevec.exe
    Filesize

    3.1MB

    MD5

    7ebe693de239fcfab2725e5be41a465b

    SHA1

    6f5e19011e101908d8fe325a083e95ea038c7628

    SHA256

    343c9003e241335c7c54b3e5ceb63756a78c1ea05f37082c55bd95cd75f7e2bf

    SHA512

    a97e816d38765e5d6ab7645aff8bee835d0f46ba9d621ba9274cc74f66fdc8409bcd493f1e85e21819178f208cfcfe3a00cb26d699c64aa439807e17818cd380

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    4c4867258802f6de9b8efa780ba92b66

    SHA1

    6efe5a1ff2ac88ba4271f162bd3a0fb914136eac

    SHA256

    7a3ac00418329534fb05be31d0b2cc2462842bed42bd0c6ea9ac360dc859d6b0

    SHA512

    e017b119224708c704d84dced1c5d29bc54c29d9d6827fb5a23690f034737a2b2dd29a7385a19fd20113470442d0d22de027625907fc46e2d17ebac84bb82b09

    Download Submit

  • \AdobeOL\adobsys.exe
    Filesize

    3.1MB

    MD5

    3a79dfabbe562c75c2f5d2617c831377

    SHA1

    f35f2351e532bbfed66515e8d9568d97c5134180

    SHA256

    3c9f66f566a4f2a1d275b2505c7f96ffb22bed1971ec1add8ef62cbc4ae7daef

    SHA512

    6091d7cd28adca674391240ccd1ee7fa6f508f51d0a0d5a75e21a28b83bf1b1283a607af940351c52ed5e445b81baaf3325d07b093954027687676246cec5faf

    Download Submit