Overview

overview

10

Static

static

10

aaf528c6e9...a8.exe

windows7_x64

10

aaf528c6e9...a8.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    27-06-2022 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aaf528c6e9dcc6876871abd209ae90a8.exe

  • Size

    3.8MB

  • MD5

    aaf528c6e9dcc6876871abd209ae90a8

  • SHA1

    9f6392d28cdf543b5508ce7e86f0dc26df53cc0c

  • SHA256

    3d464460a5eca975b045bdf92d3cc2952047279a06a7d618c6ea2c8b66ddce2c

  • SHA512

    11452d10f571800290880696695f4cadcf979558dc096df25f3b2f57622a62571b8836780c48f00989578c1d6ad7ee9f77dd7485115e7e221f5e245b43ae34ca

Score
10/10
persistencesuricata

Malware Config

Signatures

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    suricata
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Suspicious behavior: RenamesItself 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aaf528c6e9dcc6876871abd209ae90a8.exe
    "C:\Users\Admin\AppData\Local\Temp\aaf528c6e9dcc6876871abd209ae90a8.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:324

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/324-54-0x0000000075E51000-0x0000000075E53000-memory.dmp
    Filesize

    8KB

    Download
  • memory/324-55-0x00000000003D0000-0x00000000003DA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/324-56-0x00000000003D0000-0x00000000003DA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/324-57-0x00000000003D0000-0x00000000003DA000-memory.dmp
    Filesize

    40KB

    Download