Overview

overview

7

Static

static

3

ab8c916707...0N.exe

windows7-x64

7

ab8c916707...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2024 07:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab8c916707269105a4ab4e9086f8a4b0N.exe

  • Size

    2.7MB

  • MD5

    ab8c916707269105a4ab4e9086f8a4b0

  • SHA1

    8273d2fd32f313a0e99d50b47a5991420423c14e

  • SHA256

    fa2ef8046fdd2a42ba0affdc439e70886fe80ef99ea7983067f4046587c8005c

  • SHA512

    6e914647e89ff5e48e50587164cf4d875e04cdc758f5260fabc45eabbe869c4ad7d1ce90c3c67e807fac89279eab050961382ad7b44ff541326d0155d823b402

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab8c916707269105a4ab4e9086f8a4b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab8c916707269105a4ab4e9086f8a4b0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\SysDrvXG\adobloc.exe
      C:\SysDrvXG\adobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZUD\bodxsys.exe
    Filesize

    2.7MB

    MD5

    a8484e8314e4a938b7f068caf740b6b6

    SHA1

    dfb8996b5bda64cfe84b4d19dd7b40a59d5571ff

    SHA256

    a6e6a71dcea426edbbef5d5965b9b16d37ff51ddcf1a5606c6b95a5f1100ef55

    SHA512

    841eb2b934110a680a577f91cd105d997c2d90315ab8b971a1ddd865b11228bc719645481dc4c63595b4ab5d3536572cc9aeb050693eb6f019868595ba0a92b2

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    5ea6ef73b76a5d6b9cf36b70c2da4438

    SHA1

    e892814409be8b5981410c31856ab296674849e6

    SHA256

    3fe53cbd1afd58db48869c856a50e87a19026d08699545f74108630304ba514a

    SHA512

    2f12bf24f43386793fe3917452746860979d5f6e0282cd6967fa8e4654ef6eabbe40dfebc1d248082c636a1c4663393dfbfac666129bd8b92653f92f253f31be

    Download Submit

  • \SysDrvXG\adobloc.exe
    Filesize

    2.7MB

    MD5

    cbb496aa6ca7ac96f216f1142646b6d4

    SHA1

    ae93da7b958b4504b4def56c21a519383ec81dc0

    SHA256

    c44abfd5830aab1ae089df8a44ebbb09574334b87414e5223eefdd2f476fb7b8

    SHA512

    b6658e16e5a60786eed3c163491416d17155a403ea93283c18df58b82a812a64cbb4d024676feada0622af0e18f3152645719e7c1b5ba122d1100ef0ed15d5ea

    Download Submit