Overview

overview

7

Static

static

3

811fc88e7e...0N.exe

windows7-x64

7

811fc88e7e...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    811fc88e7ef5817f42efcb0f27431a10N.exe

  • Size

    3.1MB

  • MD5

    811fc88e7ef5817f42efcb0f27431a10

  • SHA1

    d460cafd428643637275b76a5984adb8e8ca5689

  • SHA256

    fa394392e03984e884859ff2783f41c316fe8122df6e0441268bc68b6b1c94b0

  • SHA512

    723edc64c2b1570953f5c4db828371d8079563b5795db69bff902a7e9272f1ef74529204ea40273898382865fa5a8a5d53b9333d991377c61756163804dad556

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBE9w4Su+LNfej:+R0pI/IQlUoMPdmpSpO4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\811fc88e7ef5817f42efcb0f27431a10N.exe
    "C:\Users\Admin\AppData\Local\Temp\811fc88e7ef5817f42efcb0f27431a10N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\AdobeOA\abodsys.exe
      C:\AdobeOA\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    1c59b4aa6edea6aec692c4e2189e9226

    SHA1

    bbebafac77a352737ce0e1df6244d56307e80ed5

    SHA256

    4fca514a2412c7fb32e7c6f9b4a7384e917d61291c9c896926800e679f6a0674

    SHA512

    81e4c747ef11669e00cbefa518ee043dfaa3f88f20d76ff38efc57acbe4fb540c77babe73979e8b9f4be4e5586888fd2634ea33017bad191dac9c9c4387109f0

    Download Submit

  • C:\Vid14\optiaec.exe
    Filesize

    3.1MB

    MD5

    12f923bf0b612fb5a74541c5f7826f6e

    SHA1

    442b5aababe3cd0e37370be56b4cb830dc4e978e

    SHA256

    ca449fa2d551892a215048c84532f7e7bf87a2952ce7897a1eec741818eab240

    SHA512

    a4a31a8ee914c3ca32beb376b4846b72de1dd5c98b84f572a531b5c25e5c054d8990d09a4cd8fcfee20be8a7f70bfaad2fc8a994f2775d3f40f5a3da57b3e527

    Download Submit

  • \AdobeOA\abodsys.exe
    Filesize

    3.1MB

    MD5

    e340f409da3dc59e85cf80179f81cb25

    SHA1

    6f2af228594759346aa908195980fb2ccd4d9470

    SHA256

    b3021345620a28a3091b307e4df498e5b4a330b555607269946efa0b67594903

    SHA512

    f9e46028d5183222aee78b13ebcf82be399d9094bafaacd497fc13c07f453e136d06ccaa41d6f9b12a518411c4f97df9c1fc790af140b547066cf0390edcdc06

    Download Submit