Overview

overview

8

Static

static

bc77bf0cc6...2d.exe

windows7-x64

8

bc77bf0cc6...2d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe

  • Size

    80KB

  • MD5

    5fce64eb222aa41e4fb967e9d8fb6a22

  • SHA1

    c2c980297d985c0e62e461b76fa584e79a6b3822

  • SHA256

    bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d

  • SHA512

    35fa7f7ec6339700febba68d30ca17554a926bb8011f1345609689460399f2a2d7c7d0d027db0b8e22df546dbc89b8c03bc127c3a72c304cfc1354a598f3ccac

  • SSDEEP

    768:pZxqi0P+d1QgdggdoXL8X7FqTLaIixHOtIlYFK1Zk6YayZek31s8gJeIdcE6t7Sy:3w+d/WXLDLFrce6lyZhq8CuE6tvn

Score
8/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe
    "C:\Users\Admin\AppData\Local\Temp\bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Users\Admin\AppData\Local\edg2492.exe
      C:\Users\Admin\AppData\Local\edg2492.exe C:\Users\Admin\AppData\Local\Temp\BC77BF~1.EXE cp
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:2036

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\edg2492.exe
    Filesize

    80KB

    MD5

    35d6f65d3e551ac6cc21ff9a5c3eddac

    SHA1

    f5bf8963f99bd6ad5addcbcf0c81b95eab1cc1ba

    SHA256

    e502320ad97e3e8a4cf7f3e007baad6a8acf0257b38a7f3cab5f2d44700f961a

    SHA512

    d2af966f091965501349f2cc545bc995f785fd5e6452670efd73df2af26afe55bd2f3725a57044bd44837f93fdd8b89df2460fd8d224914407d8b3973e928356

    Download Submit
  • \Users\Admin\AppData\Local\edg2492.exe
    Filesize

    80KB

    MD5

    35d6f65d3e551ac6cc21ff9a5c3eddac

    SHA1

    f5bf8963f99bd6ad5addcbcf0c81b95eab1cc1ba

    SHA256

    e502320ad97e3e8a4cf7f3e007baad6a8acf0257b38a7f3cab5f2d44700f961a

    SHA512

    d2af966f091965501349f2cc545bc995f785fd5e6452670efd73df2af26afe55bd2f3725a57044bd44837f93fdd8b89df2460fd8d224914407d8b3973e928356

    Download Submit
  • \Users\Admin\AppData\Local\edg2492.exe
    Filesize

    80KB

    MD5

    35d6f65d3e551ac6cc21ff9a5c3eddac

    SHA1

    f5bf8963f99bd6ad5addcbcf0c81b95eab1cc1ba

    SHA256

    e502320ad97e3e8a4cf7f3e007baad6a8acf0257b38a7f3cab5f2d44700f961a

    SHA512

    d2af966f091965501349f2cc545bc995f785fd5e6452670efd73df2af26afe55bd2f3725a57044bd44837f93fdd8b89df2460fd8d224914407d8b3973e928356

    Download Submit
  • memory/1516-54-0x0000000075F01000-0x0000000075F03000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1516-55-0x0000000000400000-0x0000000000415000-memory.dmp
    Filesize

    84KB

    Download
  • memory/2036-63-0x0000000000000000-mapping.dmp
    Download