Overview

overview

7

Static

static

3

8bf62b9946...0N.exe

windows7-x64

7

8bf62b9946...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 20:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8bf62b994617b4b305d7162e907355c0N.exe

  • Size

    2.7MB

  • MD5

    8bf62b994617b4b305d7162e907355c0

  • SHA1

    155a5a449e89431fd616b877020fd0677eb18a83

  • SHA256

    03af4a29336a171ee7b72d17cd1ad82ce32371ef93dae4b8245c51f189e43527

  • SHA512

    191a07b6812e08cb0e3f6daa8c0c48a03b388d829930522b60128bf18ff799d4333b328f1940fa911f26cc3765cd1c8d23e9acbba25abaff4cd4656066d9931b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Sx:+R0pI/IQlUoMPdmpSpg4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bf62b994617b4b305d7162e907355c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8bf62b994617b4b305d7162e907355c0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3984
    • C:\AdobeSD\xdobloc.exe
      C:\AdobeSD\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4116

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\AdobeSD\xdobloc.exe
          Filesize

          2.7MB

          MD5

          9d34542776cb3364063ab8097b574830

          SHA1

          3c97ce96ac2b02d3a4d587868086d8fbcfe269ce

          SHA256

          425dcb87c7794003f29d627d4050b200432518011fc9093afcd03f3fe3943fee

          SHA512

          2c66584ade3c448f1836bc00e41df6ec0f4cd5d6ca7a91646ced1f9b89ff3876833ff9f6bbe78ae9b5b6f46179558252dc528f5ea0374832da1e932a4966204c

          Download Submit

        • C:\GalaxQX\boddevec.exe
          Filesize

          135KB

          MD5

          ca4f54a252e10abf9a3faf25cdb28884

          SHA1

          b2553ee6adb54abd68b3019a463dc5a72a25592e

          SHA256

          47041a255022b0311863b35db8f8a38c557bc969a927ab925358bdbe3d635717

          SHA512

          889cc61891ae862eb8adfa3073a772f0510571573bba2e7a9a690054869a7884080554cd5f0db6b1fcdd440d58d20221a724321091ccf56e9726dea49fcc1c48

          Download Submit

        • C:\GalaxQX\boddevec.exe
          Filesize

          2.7MB

          MD5

          566e44c07939202c7e5aca2204a2e2f1

          SHA1

          63275687898af770608e8e0402703abd3e571192

          SHA256

          469115b5bdaccc3f77cb72dd738a471e1530d1c2fb6488227797580b163a82e8

          SHA512

          5dd87f6ce43e6b7eefc3e83694a19293e079ae93956e23174f0c060db33965f78ad833d2315915e19e4df00da475daeaa58e79ac89cb6803bdc551f27585439b

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          204B

          MD5

          f50c05477dba14571cd9458e07b782cf

          SHA1

          61224ae6da8df8dba816b6461766b2af43bfff7a

          SHA256

          d846b88f68bcbbe28f28f272b538f0767dcfaf43b7e11166bd275edff4218c5a

          SHA512

          00771bee8b7d4b1d8ab76dea1d0000b8b006acbfa8c8cf62c4bf13ff6d5772497caf0502fc3e3f219b98ca48d7549a0a7a265ffea1c6c738ae53ed2d4cd401df

          Download Submit