Analysis
-
max time kernel
24s -
max time network
5s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08-08-2024 17:54
Static task
static1
Behavioral task
behavioral1
Sample
malware2.exe
Resource
win10v2004-20240802-en
General
-
Target
malware2.exe
-
Size
2.7MB
-
MD5
f4497ff183c9d08b1c746e2831610054
-
SHA1
1f60f7b0123f2a9d80eeaabecba1a45ca61baf4d
-
SHA256
b11b49197d5069e1d48206fb7e4f272cc02207010fe7cbd30776050a4f0a156c
-
SHA512
611b5f83d6fef3f5a966c0ea5124f815f931b7848d2ff61d57c6dc9d2c22a3580ad5b026b7cd99b3d84e9484f04d5d73e3787509af7305eddd4434f397b6f009
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBf9w4Sx:+R0pI/IQlUoMPdmpSpb4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2124 adobsys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesPY\\adobsys.exe" malware2.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintCI\\dobxloc.exe" malware2.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language malware2.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language adobsys.exe -
Suspicious behavior: EnumeratesProcesses 48 IoCs
pid Process 4376 malware2.exe 4376 malware2.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe 2124 adobsys.exe 2124 adobsys.exe 4376 malware2.exe 4376 malware2.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4376 wrote to memory of 2124 4376 malware2.exe 86 PID 4376 wrote to memory of 2124 4376 malware2.exe 86 PID 4376 wrote to memory of 2124 4376 malware2.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\malware2.exe"C:\Users\Admin\AppData\Local\Temp\malware2.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4376 -
C:\FilesPY\adobsys.exeC:\FilesPY\adobsys.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2124
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD591743e6950ebaba1a6a4c12e5d590c7f
SHA1e38546dc75823f08ea3f17fac6f37cbc4ed20541
SHA2568cf2b4625576d98d18d4d5e1f414c90a0bd8e3c2f85264b9d15f3f16512bed47
SHA512698f6f49621c7dcff53408a610bb2fc302f27427ee06785d990a1467c149e0ff8ef56041a142eae14a58cda471c860f42924abf19980813bcb2ace7e05b0acfb
-
Filesize
156KB
MD574fb90a2d14fddda9c2d3e72b467736a
SHA1ad5eec762c4cbb2e25a5405642cfc69e3e52e646
SHA2561e30a87da8c52cdb3c59d3adc5d65a08c6c382ae4cb1eb4273174079d6dc89b0
SHA51280be7cf575567ba88139781274c621b40ccfe2c9869171efc63e1fc9a4f3d674ca0bed54346517de58ebcacc69a046176c5abecab010457ac025719e70a97531
-
Filesize
2.7MB
MD5d681615a5d00faaf25ec69550f7ca2ac
SHA1c1bc17d038660ab22ae659da27b94301536dbe14
SHA256950825791de219d66292672e0273ce6960dab33671d608d008eb77f9c0f3972f
SHA5121c578488dd3b705130d3e7c9982c205059c02b009b471c3cf876e82f83ae9603d3a722dada1e7207f1e3e816210719514457c39344bcf790e38dff7d2d99c0d3
-
Filesize
200B
MD5399b78cdfa42a8e9b461b8d193697b9d
SHA11a85705f369d52962cf00eb508fc085f08ee6c5c
SHA256427cbee77c791edd86700c8c8c585d12ab6523dccd409fa40dac745812fdd36b
SHA512572cf75a9b080a0b9d7d4e7a1b35e7dd1631edda924b991abec20e8e5288e0931acd4d139c601af8dfd11403bed0b722599f469bef6307560a23aeb29327e4ee