Overview

overview

7

Static

static

3

c55a1025c4...0N.exe

windows7-x64

7

c55a1025c4...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c55a1025c4df82e48ceb1a5dc2b5b0b0N.exe

  • Size

    2.7MB

  • MD5

    c55a1025c4df82e48ceb1a5dc2b5b0b0

  • SHA1

    93c653780f77f5ccf2d5579e98735f1b19a24977

  • SHA256

    309f7038bb084779ad99eab6dcb95152129a8b5ed2622ec4c6d95ab5d7b888ed

  • SHA512

    61a89bcf47e7a21eb4e407832905489499c321154fd626f2881f02fdf56c9fdf41ddbd786fa09915c0c0ad2ef17d1fd10e0100dcca1da946d013039d67770371

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Sx:+R0pI/IQlUoMPdmpSpz4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c55a1025c4df82e48ceb1a5dc2b5b0b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\c55a1025c4df82e48ceb1a5dc2b5b0b0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1892
    • C:\AdobeRD\xbodloc.exe
      C:\AdobeRD\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeRD\xbodloc.exe
    Filesize

    2.7MB

    MD5

    dac427088f5d37a7dab4ab5d5fcaeda1

    SHA1

    518b0c5ab9f62e87d9f1469f5e05fbdd6bb1c199

    SHA256

    ea06d027b23882c532722b9d13756f77a7f2fee94e2f3e8c95d2cb021ef020ed

    SHA512

    e1f2e913e61110082b3c2a817b6731c1cce9feefe3766b2fa66cf0183bc2592ff2f3c4628732eb4262801baf53c734753b626d7f287c0a762f2b79976f6a3286

    Download Submit

  • C:\KaVBO0\dobxsys.exe
    Filesize

    2.7MB

    MD5

    8cefce4cbd43d66972dbca7bcb7ade26

    SHA1

    33d166df153e282f91c67bc079e3894d28221e6d

    SHA256

    05394f94f27e4029ce66aeb13dd8980ee895480904043dd7255f8092e65ee2ff

    SHA512

    872221a1909c84c5f6066f715757a013c9619172297ec5968242d2b55c21a85cf3a2caec86fbabf0768ee588aded63f6333147868ddd6a3680d8fea2efde8522

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    e61d3223691d431143f9593e4828d5c3

    SHA1

    335def4d17d72a2fd521adf3d448bbac2c723e15

    SHA256

    d7cef62e40b0e4eba1a999eef1e60492444ee4bf36512011881292dece18ba98

    SHA512

    0ed853f7afa4768cfbe0027095d56b549cec386b55a2d4868e58ea392d7b632e2e17b3d6c6deee8cfefc367968a26702663e4a505bc09947ce48d818015ea1ea

    Download Submit