Overview

overview

7

Static

static

3

22e19e5ffe...0N.exe

windows7-x64

7

22e19e5ffe...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22e19e5ffef48f570272fa10a8323220N.exe

  • Size

    2.7MB

  • MD5

    22e19e5ffef48f570272fa10a8323220

  • SHA1

    3ee2b9852b6153ff8ece701483518be61efe313b

  • SHA256

    7058cb79aaa703aa5f95a4665df0816d6f784c96da699227811009a9ebc9471f

  • SHA512

    90acd7a9d010cfa6c3a1e68efad08a6a006276f90e2e4e9f3cd91b9d76589d480311957eb5086d22fe27c41ee729ccabff9d5c19a32adb9c37f6a9c5d305f61c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBQ9w4Sx:+R0pI/IQlUoMPdmpSpe4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22e19e5ffef48f570272fa10a8323220N.exe
    "C:\Users\Admin\AppData\Local\Temp\22e19e5ffef48f570272fa10a8323220N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\SysDrvWI\adobsys.exe
      C:\SysDrvWI\adobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBOQ\optixloc.exe
    Filesize

    2.7MB

    MD5

    257872c63d3458cd8b28354e502fb21d

    SHA1

    10495775eeb25349b1a6e7f4fb1b3ff2b9489646

    SHA256

    3156a201a1973344424ee78365796f27d21220f59ce6c5587b46d80837e0ea09

    SHA512

    cfa2137ad8844438f4f8f768105040753b99113ebde8b63e639ff7f2dfdde6817e5ba6cda98c06b131b7311f995230f3a53ec7479607b10e894e21ef57cb5355

    Download Submit

  • C:\SysDrvWI\adobsys.exe
    Filesize

    2.7MB

    MD5

    b5a94225c12f65d2a0a5c2661b9dada6

    SHA1

    fc8c408a0cc97bc1cad8176f4a69bb999d716993

    SHA256

    08b16017c2394216a5c5de661eb6cc8fb47a0ea3fc492221a2890318db3e8759

    SHA512

    b33c076d975ffe3bc0da4cb170efff27fbcd6a78688ab152d5cd9bb79ecd42807b79307ec578bd58132da704d16e0cd7487a9eae0ca93793a16f3363201a9acd

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    1624e17a40f7b98f5ac640d7c31140e1

    SHA1

    eccdcf2346490b93b7ffd5bd8a8d3d65c990b838

    SHA256

    1e3d3120587cfd6d640594789d3f2f8792c71607291e1aa5ef9f174a1eaa3674

    SHA512

    f9a01ecbd75126e0ce0b7d0981d2065de769cec6fc0de122b8d6a8075e0665ee56b3d2185fadda06fd18c9f80457d7051d12a9edc871b5db8c684972f1bbffac

    Download Submit