Overview

overview

7

Static

static

3

b6576f3ab5...0N.exe

windows7-x64

7

b6576f3ab5...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6576f3ab56d9eb0ed3c49ae32f79200N.exe

  • Size

    2.7MB

  • MD5

    b6576f3ab56d9eb0ed3c49ae32f79200

  • SHA1

    11b145961a5e0d3866cf04acf6572185cd79bccd

  • SHA256

    78db052a45b70fa9641178a25561d4e3c95e2d3cda7264d5f5df68ab6eabb817

  • SHA512

    7aacd18b486ba70ed8a99ac1bf6bc87c38f4bcc5b90d2b28e25aaec6dff1883a8d940f4f93de99e519a991b77047074d425dda48d3894a7387960539cdc4c4ba

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBT9w4Sx:+R0pI/IQlUoMPdmpSpv4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6576f3ab56d9eb0ed3c49ae32f79200N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6576f3ab56d9eb0ed3c49ae32f79200N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\SysDrvK7\adobsys.exe
      C:\SysDrvK7\adobsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintVB\bodxloc.exe
    Filesize

    2.7MB

    MD5

    096c5b2c3ad37f22e32c025fb2b444c5

    SHA1

    0c60ec71c173b897f4863f93bdb00521d79bb1bd

    SHA256

    2faf0f9e26b6c4ddce48cb5a7af38568d37170aef86d384f29b9a2b981071f93

    SHA512

    056ad37e74ca74ddf2b4702313be89612236bf1fb3da4a91dc993e4ed7ad7613e0dc9b5a03987aef00ca5ac7d16fa6cff928cdba163c1e19eff17d5f158f96f6

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    ea74e2685fa4aba37d7f7514967613d5

    SHA1

    51b26de38680bb68d25572d6fc55981fb2aed36b

    SHA256

    36fd698266abd156c1d122653806b29b32d25b470a6da96b788870ab8141015a

    SHA512

    5ff994afa985ae6ace30219aeab05b0ccddff29099272382596f7b2167e73b0a3158e71f0b7e14436f9edf191844e5b4ebe4a2c9c29fd6c293699a3b43c9e7af

    Download Submit

  • \SysDrvK7\adobsys.exe
    Filesize

    2.7MB

    MD5

    d17e0a6e089e70818131fe1a3cc43d2e

    SHA1

    a21b08e659f31ec192f6d204f759b74c23170ef6

    SHA256

    8cdc87ccbb3da65fc528c7b469e46fad74f73fa2a415f2559aabf7e692d180fa

    SHA512

    bbcd674d57d0e00d72712192974697933d2bf3a32140b118f7c3534394c172504a00fc18b05db33af7ec8d198cde9ef9e399b2ca7f995f07bdd2fdd365827fa4

    Download Submit