Overview

overview

7

Static

static

3

23e48f1a2d...0N.exe

windows7-x64

7

23e48f1a2d...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2024, 23:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    23e48f1a2defa4b1e7ed2425512f6400N.exe

  • Size

    3.1MB

  • MD5

    23e48f1a2defa4b1e7ed2425512f6400

  • SHA1

    024cc9d60ae54112394f1d84c418947a47e9889c

  • SHA256

    5887dfe404963fad85aed64bc64ad7f359cea72c20f59d80634f415bd7148db9

  • SHA512

    c1e7b897796d420a3d3190f497c2185093b665a863b0fe0bb70ba0285436be34a34da1100b43d76593f112c1b5f452583445bd7ba478d786c67139651fe26a70

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Su+LNfej:+R0pI/IQlUoMPdmpSpH4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23e48f1a2defa4b1e7ed2425512f6400N.exe
    "C:\Users\Admin\AppData\Local\Temp\23e48f1a2defa4b1e7ed2425512f6400N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\AdobeSA\devdobsys.exe
      C:\AdobeSA\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4756

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\AdobeSA\devdobsys.exe
          Filesize

          3.1MB

          MD5

          b9bf607c4ce7138f8f516b9fac4924d6

          SHA1

          1bc824c72a3ae33e8e31a9656cd61659e669f368

          SHA256

          c18d8026ce8a5da19a24c51706da4e91d817ba09725c977b6e2fe2fe88c6c54b

          SHA512

          16be4705087f1286c1ae0d19ca0aad91d92fcbd5153345a49138e4fc90ce535cd18060b5628b43e3e66dd1dac367f5066469281c30eefe41436e54011bcaefcf

          Download Submit

        • C:\KaVBFY\boddevloc.exe
          Filesize

          409KB

          MD5

          1d577539ab091a24f94d1cec800ac0cc

          SHA1

          78e709321601e925cc8fe856c40bd2e84aa7e790

          SHA256

          8b02778adb3a5a3abb73bcdbbf6482f8b63326461f6b4d4fda3420b793089ce1

          SHA512

          02feaf4f8e6440f1a29c15c894e5c71b87ec0d40b1f4efa95cd6141468389549264c21d60f6754fb51189045ff8af780e00ad72fe036f2d2a3d0b43e8e597a1e

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          204B

          MD5

          f891e8b2c4d1e94b432e6620512e8e09

          SHA1

          f1a8521c44933ee9dff9f55738f76c5fc36a7bb1

          SHA256

          e22989fc5340abdd3e603d00c296bc21189e99ee59fab43753ba8281e3d49ef4

          SHA512

          9f81dd263dc8991d9f8c3cd0db3beb80a6a8bbfa358f209943e47c63868db9f2f0c07c992517423ccc0a4990a99e9d84bcc73eee51e86e492f080f16a2656dab

          Download Submit