Overview

overview

7

Static

static

3

044abdfa44...ed.exe

windows7-x64

7

044abdfa44...ed.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-08-2024 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    044abdfa44e72d4f353e5137214ba4088d799a5f6a003181dfaee1ba4ca286ed.exe

  • Size

    3.1MB

  • MD5

    850ce6c590bedb12d5f1006eb878640d

  • SHA1

    2662a8c75bd3bea75cb90545e60c3f18d7e7dea8

  • SHA256

    044abdfa44e72d4f353e5137214ba4088d799a5f6a003181dfaee1ba4ca286ed

  • SHA512

    67ac8b3426879f5fdc97e5bd6e1c65f473aab98c294d8a7dd1ce7abdc24b3e35c8d06aed4b8e6ee44eafe16f7cc33f2ae3ac4ecf965849a9ccecc9a1610cd740

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBz9w4Su+LNfej:+R0pI/IQlUoMPdmpSp74JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\044abdfa44e72d4f353e5137214ba4088d799a5f6a003181dfaee1ba4ca286ed.exe
    "C:\Users\Admin\AppData\Local\Temp\044abdfa44e72d4f353e5137214ba4088d799a5f6a003181dfaee1ba4ca286ed.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3360
    • C:\SysDrvFQ\abodsys.exe
      C:\SysDrvFQ\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintW5\optixsys.exe
    Filesize

    256B

    MD5

    7b3cffac7066949173af9dec430e50ef

    SHA1

    4c7dd08e8b1cbe82c512820c7053bd053b06d424

    SHA256

    82e8f656f8eb55c46453962cd11965172a5564eb82c56788f85f83dda46995a8

    SHA512

    23b204cb0e6bdfb0aa9170914f3a82b60f8ddda4c76fd13b8df933d68165658435a634f1fa5974cde19cb1ee82cc61a4618c9b581c7ae6d0dfb43223fe6e8151

    Download Submit

  • C:\SysDrvFQ\abodsys.exe
    Filesize

    3.1MB

    MD5

    838db9950035b0ece45849be55031671

    SHA1

    c52c51ad16befc48dcdf73416d9b6eeb45a86144

    SHA256

    b922e506a42d5570d9d854e8e0c3b18d64fde295ada94b84bcaf8c5fdc71765d

    SHA512

    9621c5cf437a8ba53be8217956c3dfbe35bd145f1a296aef4bb41da27c40d859a14b66fef9da2dbdea7e629be91f974b2f5535cb48469c64f0571b379b083f20

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    e65b0b874e8d8a10d51f00667a16a56f

    SHA1

    a432b9163f07817c3d2a17cfe79d85a5fe3a6f9e

    SHA256

    2f3ee069af900f89338b6f5e7c7007001a2e0a1975a2f0121a8f53cceb9a69b1

    SHA512

    44d363cbe62575bcab6d4f593bc429efff1a783b52be05b5953b8dc75eebbfc9474be898325c3b3df84c93d0ba0267724b82c96908cbac70c266a85282607ff0

    Download Submit