Analysis

  • max time kernel
    24s
  • max time network
    5s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2024 17:54

General

  • Target

    malware2.exe

  • Size

    2.7MB

  • MD5

    f4497ff183c9d08b1c746e2831610054

  • SHA1

    1f60f7b0123f2a9d80eeaabecba1a45ca61baf4d

  • SHA256

    b11b49197d5069e1d48206fb7e4f272cc02207010fe7cbd30776050a4f0a156c

  • SHA512

    611b5f83d6fef3f5a966c0ea5124f815f931b7848d2ff61d57c6dc9d2c22a3580ad5b026b7cd99b3d84e9484f04d5d73e3787509af7305eddd4434f397b6f009

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBf9w4Sx:+R0pI/IQlUoMPdmpSpb4

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 48 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\malware2.exe
    "C:\Users\Admin\AppData\Local\Temp\malware2.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4376
    • C:\FilesPY\adobsys.exe
      C:\FilesPY\adobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesPY\adobsys.exe

    Filesize

    2.7MB

    MD5

    91743e6950ebaba1a6a4c12e5d590c7f

    SHA1

    e38546dc75823f08ea3f17fac6f37cbc4ed20541

    SHA256

    8cf2b4625576d98d18d4d5e1f414c90a0bd8e3c2f85264b9d15f3f16512bed47

    SHA512

    698f6f49621c7dcff53408a610bb2fc302f27427ee06785d990a1467c149e0ff8ef56041a142eae14a58cda471c860f42924abf19980813bcb2ace7e05b0acfb

  • C:\MintCI\dobxloc.exe

    Filesize

    156KB

    MD5

    74fb90a2d14fddda9c2d3e72b467736a

    SHA1

    ad5eec762c4cbb2e25a5405642cfc69e3e52e646

    SHA256

    1e30a87da8c52cdb3c59d3adc5d65a08c6c382ae4cb1eb4273174079d6dc89b0

    SHA512

    80be7cf575567ba88139781274c621b40ccfe2c9869171efc63e1fc9a4f3d674ca0bed54346517de58ebcacc69a046176c5abecab010457ac025719e70a97531

  • C:\MintCI\dobxloc.exe

    Filesize

    2.7MB

    MD5

    d681615a5d00faaf25ec69550f7ca2ac

    SHA1

    c1bc17d038660ab22ae659da27b94301536dbe14

    SHA256

    950825791de219d66292672e0273ce6960dab33671d608d008eb77f9c0f3972f

    SHA512

    1c578488dd3b705130d3e7c9982c205059c02b009b471c3cf876e82f83ae9603d3a722dada1e7207f1e3e816210719514457c39344bcf790e38dff7d2d99c0d3

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    200B

    MD5

    399b78cdfa42a8e9b461b8d193697b9d

    SHA1

    1a85705f369d52962cf00eb508fc085f08ee6c5c

    SHA256

    427cbee77c791edd86700c8c8c585d12ab6523dccd409fa40dac745812fdd36b

    SHA512

    572cf75a9b080a0b9d7d4e7a1b35e7dd1631edda924b991abec20e8e5288e0931acd4d139c601af8dfd11403bed0b722599f469bef6307560a23aeb29327e4ee