Overview

overview

7

Static

static

3

f448a19121...0N.exe

windows7-x64

7

f448a19121...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/09/2024, 16:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f448a19121fbe153fa7ac2113d70feb0N.exe

  • Size

    2.7MB

  • MD5

    f448a19121fbe153fa7ac2113d70feb0

  • SHA1

    7d4f4ad0db81277fae1eb865cca49556819f2f37

  • SHA256

    607c607ec847b2190a1f695514914d81bc60921ed29e639f35bb89981f976bbe

  • SHA512

    7accafabb944235959473bb337a0a7d82fb99064edc454d9096bf19b2736f059f908f777c2429d7b21215a845703798bf8d811a33f6bc7143468b88c3ce906c0

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB49w4S+:+R0pI/IQlUoMPdmpSpW4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f448a19121fbe153fa7ac2113d70feb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f448a19121fbe153fa7ac2113d70feb0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1016
    • C:\Files8A\adobec.exe
      C:\Files8A\adobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3636

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Files8A\adobec.exe
          Filesize

          2.7MB

          MD5

          c21e51c07daf94992f7c9d0e99fa0536

          SHA1

          9bc75aee599c39e3ca82fa771cf63fbefabdf9a5

          SHA256

          4b3bef3e6dfa66bfeb56c2bb569cc7e38a158dc2b9d62ef14619260e95a331d0

          SHA512

          e3cf1b6f0827c0705ee486fe43a95aea5351f263261ea7ecad4bcb14e139e675f17000ac6ae76b4978f745d6e2299b69068fdc32753fb5fe91b623d179f09a88

          Download Submit

        • C:\LabZIZ\bodxloc.exe
          Filesize

          135KB

          MD5

          56b685630ddb2903ce17c53e5e7c73ef

          SHA1

          41eb300a052c603401d7df98cfeb3f0323cd504a

          SHA256

          51766f8bfc92f55ee21a11829756b6e9f143d9bc57247d60dc6ef4812a5411d3

          SHA512

          2c1050d1f04e86fcc300bfc8d961ac7659fb2f46212c505fc31e0b7228d48acf457ec996e2533e331cc19c7727508627f24418a9072a3682d23ef032d898e691

          Download Submit

        • C:\LabZIZ\bodxloc.exe
          Filesize

          2.7MB

          MD5

          0845a1abcd363d5f74ab2af728c9ae45

          SHA1

          1c8e1147efec3c2f725b144e85e415e72049c582

          SHA256

          058db6ac9143f8c11adc2cb895b76e69b91bcb667d718c2789e22ebebc619028

          SHA512

          e8bee42bc8d6846e28b0f0c02ccabb2ca7a5f4c04c15bd0e0fa6184e280cdf730e002569904b8ae213f3173f921ff111d054a4612977121c9b007dfba43e3c53

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          200B

          MD5

          0075f89ee2da0fcfb7eef9e8ad439de1

          SHA1

          a37cdf792b62a4fd2175e29ac7af39a47b317e4e

          SHA256

          fbd1f2ffe710c685cdbcba89f52bb8ca6c0f2c9b62ff55483f1f923b700065d8

          SHA512

          9d473c93a4dea56eb1c0b377672469bdb157b59d8ff0198f6604c546236bb208550e4b65274a3c408cddb3b3cf5650230faf883d33c289cd8cde5e1278e78631

          Download Submit