Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 18:59

General

  • Target

    AdobePIM.dll

  • Size

    2.1MB

  • MD5

    beb8e03bb664c6715efb2523d48a10a8

  • SHA1

    a366eef76eb31fca69c0e4ad9f4ca1c8747dbf87

  • SHA256

    e9df32510cecde28b237510f8e04c6861b2b27bc38886450e26e9f57044ccacf

  • SHA512

    36b291fc2b808cec4668fb091f80afcdcadc7dec464b3da4364ac6213657378626fd12cd9e578206c9d3293aeb07e9b9807c9ef5576da1f1a1b2dfb4990b695d

  • SSDEEP

    49152:g15hDTdnSb8oibZAPxoVxBFxo8GMcsNWsniXNTOfZ1D8LnU24M:g15hndnSOOyxBjo8GMcsNWtS1inUK

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\AdobePIM.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\AdobePIM.dll,#1
      2⤵
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads