Overview

overview

7

Static

static

3

4a2a0cfad5...0N.exe

windows7-x64

7

4a2a0cfad5...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2024, 04:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4a2a0cfad51618235b44a5c629637110N.exe

  • Size

    2.7MB

  • MD5

    4a2a0cfad51618235b44a5c629637110

  • SHA1

    c1faacc7a00e51cc627bccc3cafb4224d2ed87d2

  • SHA256

    eb32bac29171920944ee9e4f2ce4797d5fded2bd8f98f9eee01635ddff4651ef

  • SHA512

    631d14b3bf820026ef90f5eb66065f703c590165b4aa2303bca859b5c21600fa6458af9c6dbdc3fdb6280e25e9486cbe08a97f0c9534e096d5eaf0c0cb5d500f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a2a0cfad51618235b44a5c629637110N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a2a0cfad51618235b44a5c629637110N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3496
    • C:\Adobe30\aoptiec.exe
      C:\Adobe30\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:908

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Adobe30\aoptiec.exe
          Filesize

          2.7MB

          MD5

          e420817c29c40086040cbaede3eea8b2

          SHA1

          462330855c34b87de38f26537fbdadc10470ca8d

          SHA256

          9451a83cc8eda6700db3abf3a93e7306ead83593ef78e918424013e1d0b7927a

          SHA512

          dcf444ada23615cc3d1aaacc811f3cc44842e7c2888254f9b924cafcdca913a1ac03e0dca03c5f0f5496792a8224bc30625ce680060f9f6c707f1da2733460a7

          Download Submit

        • C:\KaVBEW\dobxec.exe
          Filesize

          2.7MB

          MD5

          839bdd8d3a3ae97449bcac9e6009da39

          SHA1

          1ab61a39ead6d5f84037d246093b5b07540768b0

          SHA256

          d0a6c92dd15a2b2e5c837e504620319b6438c2ae88fa5c332e70e00d3f73e9fc

          SHA512

          6ebe51357138822afb6ff4afb740995c5c9f9642654b2c7087061209a0ac6b5da1487873acc24aa5bbed83b07f4a2bdca97148decf1e05d0a2e6c27424fbf728

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          199B

          MD5

          fd5c5e68a513c3c8e5341bea3df565ad

          SHA1

          5bdf702ca903d7c0219878192777766a146e7877

          SHA256

          2da148ef97500d7349377f97234498c6b2afaefa1ff61ea4fe8ecef8770800ad

          SHA512

          7cced411c7d6cd40bced096797f32210ca19c8f5beca00c7618508a5ac6bc9eed647972983f6d4aceae5f11fe9c5a44d39cc9214351e888161730e0d24b82c76

          Download Submit