Overview

overview

7

Static

static

3

26d1389553...0N.exe

windows7-x64

7

26d1389553...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2024 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26d13895532e66adf318a94b972becb0N.exe

  • Size

    2.7MB

  • MD5

    26d13895532e66adf318a94b972becb0

  • SHA1

    fd190ece74b2c2e76bfc49d4679b084827c9818c

  • SHA256

    fd440efe98060b44918fd9c0874a1d2105d2f59864c44c9a22e298fcb571b454

  • SHA512

    01a68678ac3180201e38700ea095124c196eb9e539bd8be07123a050ba69b1696e0c0b572bc475ba0695840ba3bb2300688fb1338db5db4d2e598c31c0ede16f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpz4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26d13895532e66adf318a94b972becb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\26d13895532e66adf318a94b972becb0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3464
    • C:\AdobeQI\adobec.exe
      C:\AdobeQI\adobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeQI\adobec.exe
    Filesize

    2.7MB

    MD5

    ab2271647a78966d3e6cb4da28d8a038

    SHA1

    d4c158772869dada362ea54fcfe332df5376227f

    SHA256

    ce8019697e569761b566dc388766b425830f14db2dfdfe6021b924f0261b57a9

    SHA512

    d43434030d5ea619dee58d27d4f7d55b0534372e1c1d976943fe6d5ea0209ace14edd524a01be747bcd3da0ea6893b437d5d20951e05fc0bea2751ee0750d41b

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    201B

    MD5

    251c502b333462b2edce5756b2d49182

    SHA1

    72d79a0e41b51e4c2c117e7e3e2e13c5bab7ecaa

    SHA256

    5c2fb81c63b75cd5b6f0da24e43ae28cdb248b7d07936ba8e841e70d4976a51a

    SHA512

    81c80a00fa6ff5b3266f83c5b325d756dde5be081dda73d5f6e6e13c6535cb4b9de084725c9045b79f514220508c5d0611d8f4868a6ebad274838e524d334bcc

    Download Submit

  • C:\Vid9P\boddevsys.exe
    Filesize

    2.7MB

    MD5

    ee699310897678350cc8cc63b40b8c3b

    SHA1

    c4457d4ef7da5df93bb4bbb546d3107e76b01ead

    SHA256

    e2d866d3065660c2ec5fae3967d92951384f48fdb3639a92c4919f225a32046a

    SHA512

    6ad8b42ff5d777b6a17ac50fa0f49133cea3310ae49cfd2900d800606ab52067a070014c395e0f64988daa3c852d56d544ec03c9a22bbe90ef2782b59dc9c7ca

    Download Submit