Analysis

  • max time kernel
    116s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2024 21:24

General

  • Target

    3b1cd5d4161fb80b4d89cc267a65c6d0N.exe

  • Size

    9.7MB

  • MD5

    3b1cd5d4161fb80b4d89cc267a65c6d0

  • SHA1

    07d3a65e89cc922ae3b2fa7e74c27c80677f7296

  • SHA256

    49066be6efe8eb7be603f476422e41d4ee041791b81b49aa7d836c5a4df20e88

  • SHA512

    f93108a654b3f1baead06be043f685866d234fafa5f2ab3b9460f309a4afbfabcba1339b8f3ffa4095004a16412c3214ff7b6219315cf422b01f0af2a21e2743

  • SSDEEP

    196608:rNqnhgJuP3LAhCiVXOWvd6A1oMuWr45hrr2u:KS+LJYeJWGhrr2u

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 37 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 60 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b1cd5d4161fb80b4d89cc267a65c6d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3b1cd5d4161fb80b4d89cc267a65c6d0N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\RCXEDD4.tmp

    Filesize

    9.7MB

    MD5

    465239b92bc46e951332c2dd544ffa82

    SHA1

    1c4c5c10f0d4ae401c90c9b28dc11a11b4d599e8

    SHA256

    9d74db84c6a0029b2726b9600d9940a6158eeb7a6719fb46bbabde9eee7b5aae

    SHA512

    2c8d6018165f5431ac6e7d8872f98ca86cd4121138883b2d12bf8b689b93582062e1c99fe5ddcea740811a23518d17dd589f703a34a1f6a27b9c7e376b3bbbe9

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2Runtime.exe

    Filesize

    9.6MB

    MD5

    03e0b2991d6d8885b6c8c40a64c70819

    SHA1

    9309b545b1c42d2a8e0afe314fd26277c59cfb08

    SHA256

    f39d2fc7d5a98826cdaec771914bb66582e690eafd361f0fccda93ff71495e9b

    SHA512

    fbb575066d38ed6d3080845bd6e28971933815c204a4d25799fc3356194d89cf2e298262f6230f9cbb258e2f17240a671b34a0daaff759821b183a10c251c18e

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\DynamicPlugin.exe

    Filesize

    9.7MB

    MD5

    35c8883fb43fbe40cca89e52872c1142

    SHA1

    93fedf6e6083d963ccfb8572cb9ad31cbae71c9e

    SHA256

    6a33d0296589c804c232174c7608d69b2309107b31ddfcf2b0e68b32ffb15718

    SHA512

    44fc9c71b95c71815109bfa5dec947c9bff53792cd9f9898d28480c2f28f641abb3c42bea744feff48eb0a3271f407650e04fc73ef9431a421feef7be9030d6b

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prcrplugin.exe

    Filesize

    9.7MB

    MD5

    27d7b9889d25aedae5d001ac3176979f

    SHA1

    20f93ba3347ded849080057fcab45e2e36656672

    SHA256

    6a39b812e9f49c56ec2b0e8351de97884de3d4a32d45cef1b0683c79b1954d39

    SHA512

    214d49800df12501cba0ba0f9040e2b44a25fdcc3e3ddae6a3231a82b64ff0798a4c574bdcd4c7f7db30453cb8f73775f61f4cc05dcded443dc43564191df75a

  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceserviceinstallermaintenanceservice.exe

    Filesize

    9.7MB

    MD5

    3b1cd5d4161fb80b4d89cc267a65c6d0

    SHA1

    07d3a65e89cc922ae3b2fa7e74c27c80677f7296

    SHA256

    49066be6efe8eb7be603f476422e41d4ee041791b81b49aa7d836c5a4df20e88

    SHA512

    f93108a654b3f1baead06be043f685866d234fafa5f2ab3b9460f309a4afbfabcba1339b8f3ffa4095004a16412c3214ff7b6219315cf422b01f0af2a21e2743