Overview

overview

8

Static

static

8

BDRT Rv1.exe

windows7-x64

8

BDRT Rv1.exe

windows10-2004-x64

8

Visit www....ET.url

windows7-x64

1

Visit www....ET.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BDRT Rv1.exe

  • Size

    1010KB

  • MD5

    df857b2a471042fe5b0f1cef290a1b94

  • SHA1

    88b8bf5be0361beb785c514f2ccb8fd7ed5277f8

  • SHA256

    fb167c97ab6c0114a008ee39873a5ebf3ba67844d389d8d98809281faa1b311c

  • SHA512

    66273390a7639736052cff6039dc86c3406446a9c3bc7731d3960b5f9cd2c0f47d8f4e1e542ae8d19b853bbd9831de97e79f24646619885ab85ab492212d7128

  • SSDEEP

    12288:F6Wq4aaE6KwyF5L0Y2D1PqL9GzRBN0H9KWAVASWC9ksouLFncasMo1Kdk3sOxyqk:TthEVaPqL8e9KtWCmzSws7GkyIJR

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BDRT Rv1.exe
    "C:\Users\Admin\AppData\Local\Temp\BDRT Rv1.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3696

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3696-132-0x0000000000400000-0x0000000000506000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3696-133-0x0000000000400000-0x0000000000506000-memory.dmp

    Filesize

    1.0MB

    Download