Overview

overview

7

Static

static

3

4c2710f137...0N.exe

windows7-x64

7

4c2710f137...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 18:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c2710f13741730b028ce8c2416e6bb0N.exe

  • Size

    2.7MB

  • MD5

    4c2710f13741730b028ce8c2416e6bb0

  • SHA1

    48cac1dbb843140cf5efd6b60312ce65a3dfe68b

  • SHA256

    6cefce0c80f23efe4f6df700691d52cbe155215bbbbcca340b47b88f880599a8

  • SHA512

    fba30299f31a2f9269e3e2540e07e42be1e5974e8a7fa76540f85650e30c336eedfa31a97a3e1e7c1cc4fee66b1a06f8e344e46277e63f1401cda2ca99fc93a8

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBo9w4S+:+R0pI/IQlUoMPdmpSpe4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c2710f13741730b028ce8c2416e6bb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4c2710f13741730b028ce8c2416e6bb0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4248
    • C:\AdobeFG\adobec.exe
      C:\AdobeFG\adobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeFG\adobec.exe
    Filesize

    2.7MB

    MD5

    4aa65fcf5d18c068218eee5b79fa3d6a

    SHA1

    6f31643e0d1c89e8ba03543711d33304b7bab5fa

    SHA256

    825ee1dc6afdc64b32e7371ffb7017e6c1792df02cb351e99557a0f66c825d22

    SHA512

    470661123a68fe1fdf0d6e415fe03cc14a783dcbaf40ecb63f88923d3485c1e54d3f4090979a7463cfc35b129dd6bd4a94101aa214a896da6ad23603f6b0ef13

    Download Submit

  • C:\GalaxPB\dobaec.exe
    Filesize

    28KB

    MD5

    c0b5a335108a310fc6d5fd355a6901e3

    SHA1

    adcffc72bb6f2d986765a82a5b42cf7ef122f1a2

    SHA256

    652dba79b20ca7d8ab5f06aab64948bddef364ed1ee3b1e7cba3cc6c548004de

    SHA512

    2284a1315376c85f3ce3a235f6369457e0bdf0cc95223992585944f36cf3497ff6762e7ddcac6092600370aff03884a0542c3049e3f7fe96926b7ab4ef2b4bbb

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    925ada8ca4b0ef2f08f5fb1b136cc307

    SHA1

    cdb574e79d45689e032107d7b4fa32f1de5648c1

    SHA256

    a95b830fa0f62733e5e8d77ebe7c3c38b2ed4cbd5e77f19fa4fbee534a23f05e

    SHA512

    8beda1ac983badbed457fea8f16931290bf77534960f7336cc98429b532c2d7867e44e3e05310f743c936227a9f069c4185d8d112dbc291cbddc6656a0650246

    Download Submit