Overview

overview

7

Static

static

3

5de2318df9...0N.exe

windows7-x64

7

5de2318df9...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-08-2024 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5de2318df9b9aa7b32408e7fb759da80N.exe

  • Size

    2.7MB

  • MD5

    5de2318df9b9aa7b32408e7fb759da80

  • SHA1

    e27676f3c11575686763ed91a57af4ae6467156e

  • SHA256

    5c73a37077fceadedaa90f3b3412f1cf10496bf35ccd01339a7499ae40af50a7

  • SHA512

    24b39f1929b1e8ecd0bf06f68bd913651d862b459833c523bc56248a691fbe0f21ef64581c113d1c3a7b44de8ad716bebb3f75a9b7a9c517751ac9fd98d34ac0

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB59w4Sx:+R0pI/IQlUoMPdmpSpB4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5de2318df9b9aa7b32408e7fb759da80N.exe
    "C:\Users\Admin\AppData\Local\Temp\5de2318df9b9aa7b32408e7fb759da80N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5488
    • C:\IntelprocW2\adobloc.exe
      C:\IntelprocW2\adobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocW2\adobloc.exe
    Filesize

    2.7MB

    MD5

    d33e193afd0cdb0032498db86fc20a24

    SHA1

    199426941a8f42a507a4f0582f852261fadeda6c

    SHA256

    0c10c56232bd80c08043bc9c3c37d57ef7909022984643773d51b8cfd0a04de0

    SHA512

    1230cab4decc432579ab2980acacb3f8bf0dedc6f65fdc128066952a94da81d8c22d4b5d4926b6adea8b875ac8cc4f076908e772874c437af8a20d42b9e022c7

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    f5ce26e373c876f18d6a3ca4cac9ddc9

    SHA1

    9329b347d963803dc74260ba5992cf9b9374b869

    SHA256

    ad1b3ddade28c947bb4a519e97f0753e23a80d33fbd49c7c52a0b7cfd029f294

    SHA512

    3119aecaf029d5fa8121ce61276ed9d03a487563dbf84ef317c028f481565bdaef584a13073c2cc0fe7b9b14bb5ddfd76673698c4131b7b305729438a4bd3090

    Download Submit

  • C:\VidJE\optixloc.exe
    Filesize

    488KB

    MD5

    8aaef3f8b26449122e13927420418419

    SHA1

    7cfa91758a903fe518c961d7d05d46609d1dcaa3

    SHA256

    fbf786f3c6ee3de335a10b86e8a699b583feef42657d310e50dd7df748f80cad

    SHA512

    08173b13b133bf298a6bd0dcfb365c6be3573c338587dbdd599a8cf66fab6bcdf4a9e0d54fa2358d30f706a3d440887743406f7938b94dbb23612379f5d25311

    Download Submit