Overview

overview

7

Static

static

3

443d0e9efb...0N.exe

windows7-x64

7

443d0e9efb...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-08-2024 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    443d0e9efbd05dc2761753c077069060N.exe

  • Size

    2.7MB

  • MD5

    443d0e9efbd05dc2761753c077069060

  • SHA1

    57f21bf26cfe7762eeca442a55723ba6c0a9a3d9

  • SHA256

    bc3f378ce15ab212fb89368d475798e0377eead4630fcc8935ca3daca48bda06

  • SHA512

    27624815a881aceb03fef90f0124ed57ec20845c074a879b3564ba192b0605a37ff835c5afdcfb1f0d10b872367042f703418bead9d56df0a0201eb5b4150de0

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBz9w4S+:+R0pI/IQlUoMPdmpSpf4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\443d0e9efbd05dc2761753c077069060N.exe
    "C:\Users\Admin\AppData\Local\Temp\443d0e9efbd05dc2761753c077069060N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\AdobeGS\xdobsys.exe
      C:\AdobeGS\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3836
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4336,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8
    1⤵
      PID:2684

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\AdobeGS\xdobsys.exe
      Filesize

      2.7MB

      MD5

      758beeb50af9c24920a5b58adb8952da

      SHA1

      a405073c4af4df1155f64707da4b733d367ef66a

      SHA256

      b14b8cdea114954529c2385169754832ade3321240fce82c049828255c6dad61

      SHA512

      4cdacffdff2ac2c284216044813e950c2083929767f30a9393b600f07bb248b97557585e88cdb2f5f413ad8d108361bf49a0c43f5c688ea2c33f280b73fabf9d

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      201B

      MD5

      b85bcb06612870625342f8343d71dc52

      SHA1

      6ba7d416877081da10ab4435db2fd6030c948a86

      SHA256

      c9b84d75c753a37047e31ed734454570b778f403641af38e7ec962c1110593c3

      SHA512

      7cbc65169123b95536ed4913d1ccc6525100fe6726051b281f8b8b1f5a7b50e66f778fbc81d7ca4ee680128efb2582e7b114d12c90de565db695c9c2ad0c178f

      Download Submit

    • C:\VidUR\optixloc.exe
      Filesize

      2.7MB

      MD5

      74fb540c355c0a10348385a91a81447f

      SHA1

      0fb018794fc30560d893727790ca3d839384d622

      SHA256

      97b6ae110694a7e267189e09df3c25b852470ff1b0d3586bdc82822a556a7755

      SHA512

      14ac7aea9dd6d3fccd7b248c9393c33349b1e82cb0d3a230cd4629c7dc69702c3c6b24f81ee69e20baa27a1284552fb085b9a15a9cc9768112c3d43e3c705c74

      Download Submit