Overview

overview

10

Static

static

8285247cf6...0d.exe

windows7-x64

10

8285247cf6...0d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8285247cf6343e420162f48a986428c3e06aad70284b7497ebda168f1451b00d.exe

  • Size

    45KB

  • MD5

    07a412834d3c4b96ac079a4e2cf1c3a0

  • SHA1

    26a5398e2d42f9ab73667e38e78bbd6363709355

  • SHA256

    8285247cf6343e420162f48a986428c3e06aad70284b7497ebda168f1451b00d

  • SHA512

    00d2a067d1f88e8ac66bcb04ad1907fc47eaeb0c7d030b00a1beb6da83e4a1ae7dab8d8d83e3e501bfffb7a3585866f41b0b3293d369311533963c0fcb232bc6

  • SSDEEP

    768:DBlMRpTIOV2bvM901W/gj5PV0ygta1aRSgfYLT77PbVAzHDb+znLu/1H5Y:DBCRpcOV2bvTW/stgta1aRX0THsHDb/

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8285247cf6343e420162f48a986428c3e06aad70284b7497ebda168f1451b00d.exe
    "C:\Users\Admin\AppData\Local\Temp\8285247cf6343e420162f48a986428c3e06aad70284b7497ebda168f1451b00d.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Windows\SysWOW64\Bgmnejip.exe
      C:\Windows\system32\Bgmnejip.exe
      2⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2036

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Bgmnejip.exe
    Filesize

    45KB

    MD5

    96cda83f692822bf6e9e631165632f89

    SHA1

    91863c52eb5e15e57540943b85394d47e22c6e8b

    SHA256

    a849ed65c14bda2594244caaf20509d48b6ec85d40cf7076746aaf80c78ec57a

    SHA512

    e043e14b814434f18bf3640c7e34d754be5e25ea294340247b2572f70648354c9e4c5d8995daa1c72e117cbca450cc118e3b8774834d88a8a78421ec32ee5e3a

    Download Submit
  • C:\Windows\SysWOW64\Bgmnejip.exe
    Filesize

    45KB

    MD5

    96cda83f692822bf6e9e631165632f89

    SHA1

    91863c52eb5e15e57540943b85394d47e22c6e8b

    SHA256

    a849ed65c14bda2594244caaf20509d48b6ec85d40cf7076746aaf80c78ec57a

    SHA512

    e043e14b814434f18bf3640c7e34d754be5e25ea294340247b2572f70648354c9e4c5d8995daa1c72e117cbca450cc118e3b8774834d88a8a78421ec32ee5e3a

    Download Submit
  • memory/2036-132-0x0000000000000000-mapping.dmp
    Download
  • memory/2036-136-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/2036-137-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/4980-135-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download