Overview

overview

7

Static

static

3

d624713aab...e4.exe

windows7-x64

7

d624713aab...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 04:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d624713aabb709e346753255146d0e28705d5a7cdaf472d683acb555d99c11e4.exe

  • Size

    2.7MB

  • MD5

    b8ad1858e1248c717cbc7f5b994a90d0

  • SHA1

    4cb705f2824ca064e7406683022c0c654bb4d197

  • SHA256

    d624713aabb709e346753255146d0e28705d5a7cdaf472d683acb555d99c11e4

  • SHA512

    1eedf7cb18216c6339fec2e4bd985e32fb28e307cf3335c49dc67b0e86638e382239a399a83a458a9ec0e18a288eec7d09165735fe4475c79b3b662815b9b682

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB89w4Sx:+R0pI/IQlUoMPdmpSpG4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d624713aabb709e346753255146d0e28705d5a7cdaf472d683acb555d99c11e4.exe
    "C:\Users\Admin\AppData\Local\Temp\d624713aabb709e346753255146d0e28705d5a7cdaf472d683acb555d99c11e4.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\IntelprocKV\adobec.exe
      C:\IntelprocKV\adobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:468

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          206B

          MD5

          1afecc0c5baaf5537275099a32bf98ae

          SHA1

          e89b09dd06a5a68c609b4f0c6b0936cf16a3406c

          SHA256

          d79b6576b3322b3173aa2b186670668821fdfe50799458b51b2ff8e29dc3846e

          SHA512

          6b9b11d7f5227ce5336ff1f0231baed77c39cc6cee143402d4600cd44881e9ede8b629b615abc9ee4e78ff468dd95b79a40372c3648fc359339cf6856e1ca6fa

          Download Submit

        • C:\VidVV\optixloc.exe
          Filesize

          2.7MB

          MD5

          1ef118e9637a066271e96573e0399f68

          SHA1

          854dff88031396f111021878476866baabee50bb

          SHA256

          e388d66b60bdc1e9a608c847351609fd11feabab7a4107d89fbd31df3c1f8a93

          SHA512

          b4972cb7a8dcc49d567c61c4684f44fa9bdc59f38f0bdd877bac004f1a66f4021bccd4daab9026423c474b39370f5301e2ff23336a06deb3d95d696e18ccd54c

          Download Submit

        • \IntelprocKV\adobec.exe
          Filesize

          2.7MB

          MD5

          2d2275de03780afa19b31d144091a5a3

          SHA1

          9fdab444d00a5628632fcff6fd801bc217171685

          SHA256

          4c78e37b39007afc7a0bc209be924979ef86694f3466176d3c01b8e323727145

          SHA512

          77b9048cf164c152ece5f81422dabde4079ece15e9f461807972164fd0a61ed00d27faba417cf75f01df37de750038262d5624ccbab41c481cdfa7a32b818018

          Download Submit