Overview

overview

7

Static

static

3

d624713aab...e4.exe

windows7-x64

7

d624713aab...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 04:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d624713aabb709e346753255146d0e28705d5a7cdaf472d683acb555d99c11e4.exe

  • Size

    2.7MB

  • MD5

    b8ad1858e1248c717cbc7f5b994a90d0

  • SHA1

    4cb705f2824ca064e7406683022c0c654bb4d197

  • SHA256

    d624713aabb709e346753255146d0e28705d5a7cdaf472d683acb555d99c11e4

  • SHA512

    1eedf7cb18216c6339fec2e4bd985e32fb28e307cf3335c49dc67b0e86638e382239a399a83a458a9ec0e18a288eec7d09165735fe4475c79b3b662815b9b682

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB89w4Sx:+R0pI/IQlUoMPdmpSpG4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d624713aabb709e346753255146d0e28705d5a7cdaf472d683acb555d99c11e4.exe
    "C:\Users\Admin\AppData\Local\Temp\d624713aabb709e346753255146d0e28705d5a7cdaf472d683acb555d99c11e4.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Adobe35\adobec.exe
      C:\Adobe35\adobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3472

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Adobe35\adobec.exe
          Filesize

          2.7MB

          MD5

          3550c00aa0f553bd36f3af34c44815a4

          SHA1

          ebb08b7ad1033e14b945807cbcc2382da7e2cc87

          SHA256

          32e25a3a369d1180445c4550ea8bc37018c2dada618f57fc4b6fe54e4b4db1aa

          SHA512

          7b010fe2684b442c9b5e3c5e0ad9fabf24af8fa11a9ea2ba4a4090ecdfbfe6a2dee209dcee24c70688adf388f8fa009847965ea53c6b8ec20e0c478b5b58bc38

          Download Submit

        • C:\MintA3\optixec.exe
          Filesize

          2.7MB

          MD5

          c4ee6514d06da4f0269d498c54217c4e

          SHA1

          bd8822b02073906854f6927c8aae096ab839cba8

          SHA256

          5b5b3cc4b143884c2405fa01eed3a520a80a412b9acfebc6c306d7a754094bfb

          SHA512

          a59d7da1b4ec339f6005d97d9ea03bf9de862915bd42c42de5b6f000bf7b5b1d2ac63d71493530608a875d47b31db5f937da6c2b89365751a15aca15628d2531

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          200B

          MD5

          965298c6875574f2a0850207429196af

          SHA1

          a17c09e04a4d3adbed015febed6a44c2c37df5e8

          SHA256

          df21e71b82fe209153ff6222356ceff87ce955a500ce0ea25e3fe71ad0c50930

          SHA512

          94ce9ee81d1e8d14968178c1e0684c8af52ba3753ab437e65fbfc05e4ee6f87c7e9b5b76bf49be6dba83d9d3b3e5027d92782f28556e364c8ef0e34d9e76712f

          Download Submit