Overview

overview

4

Static

static

1

adobe-air-...-3.exe

windows7-x64

4

Resubmissions

17-12-2024 18:57

241217-xmcbqswkeq 4

17-12-2024 18:49

241217-xgb4sawjbm 10

Analysis

  • max time kernel
    1558s
  • max time network
    1561s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adobe-air-51-1-1-3.exe

  • Size

    5.9MB

  • MD5

    34dba7939065022ad74458acbae28abd

  • SHA1

    5f4e6e7cc0f2970068ff1c05189a8dc6881b8d33

  • SHA256

    da506fa70f7953e840f3eba28faf557a2038e0b3d0a5105a0ebe3434ee5e9e61

  • SHA512

    6271f67b486c7273fd391e4379f987fcce3042947909e97d05290d04469588a94bd501685f686037a400b788d6693e73f7d7799069c772b80da9556322c6cc79

  • SSDEEP

    98304:FOB7drLD5C522D5K6O6DWT9dCrVodEdhIW5LkrNcBByeTTC3qdqH2pjin6uYRjUI:gB7drxU22DJVAbAeOIyBBNiKqMbZUI

Score
4/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adobe-air-51-1-1-3.exe
    "C:\Users\Admin\AppData\Local\Temp\adobe-air-51-1-1-3.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Users\Admin\AppData\Local\Temp\AIRAE68.tmp\Adobe AIR Installer.exe
      "C:\Users\Admin\AppData\Local\Temp\AIRAE68.tmp\Adobe AIR Installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious use of SetWindowsHookEx
      PID:320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AIRAE68.tmp\Adobe AIR\Versions\1.0\Adobe AIR.dll
    Filesize

    13.4MB

    MD5

    b10e155460556fa4667536de7bb40e43

    SHA1

    a17872d7ff29a307fac5b4ed98887a420f716964

    SHA256

    371c442e9ce81a9514d25eccbe6e9c37a7b766bc5de1a7e03e50ac77cb8ce374

    SHA512

    4a3d2b0ec3d3ae868c50530136da228d835234198a41aa47ef11c40843249bad29425d50967ce8205c948336d02107e69655900c071cb5b3cb0c63e57ea557d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AIRAE68.tmp\setup.swf
    Filesize

    512KB

    MD5

    ad5f7d53caef368303bebde302582d92

    SHA1

    9efad61bf69e80d7468236695e0a108d360ae749

    SHA256

    2b501bfdb378ba7130b8e4b4b2263adfb4f95887cf071ded134f4cffeee5f40d

    SHA512

    8a31c0009c915dbb46c054388d793c1db8fc7b5ae1df419b3f284cad1d2f8db1f2ed759dcb126868d64af8a0a94c9e479776e6da86296af4e73a0850821c49e8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\AIRAE68.tmp\Adobe AIR Installer.exe
    Filesize

    383KB

    MD5

    6ba34f521e2de430fa5ba108e399d12e

    SHA1

    830ee63d8db0020201b6d0cb8d5a2ed2dd523256

    SHA256

    1a54ac75b4b671657c4368c6a73143e63462be076312921bc6d1e94a12426c58

    SHA512

    1e3826aa000abaa15d93e516b8398f31a9517d8dbbaa2ee671cfb2619af3818efe8b810e6fde3411c8b05b8c51afbd58b561c6d76e4383ac300bb7a3ce8f6401

    Download Submit