Overview

overview

10

Static

static

1

bt2-202306...01.exe

windows7-x64

4

bt2-202306...01.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    40s
  • max time network
    105s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    23-06-2023 21:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bt2-20230616_301_301002_301002101.exe

  • Size

    10.6MB

  • MD5

    3429c3be6c8c39bce465a2a8735dcc9f

  • SHA1

    e15458cafba1bc8180a9c587e2d84db7417caf7b

  • SHA256

    ad1da074b5a660e91c49c77d851b68137dc277f07c6e2ccd404b4ff7e5d76115

  • SHA512

    3a29c8a4aa38cb83fd2dbb8b2d3af7e0d88f7c2f346b98d42f2c79d0a0f56777e5f96969c11198145bdfa57fea1b70d017de5755ce87acd9f8ef7df337c8705a

  • SSDEEP

    196608:cgUPoZ+n584+baA/9/oC3/FwSb78nfXtkv2OwoY8NNSZSEGaYHmj:HZHNbaA/9/VvFwSHkdkOSTNNBEGaj

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bt2-20230616_301_301002_301002101.exe
    "C:\Users\Admin\AppData\Local\Temp\bt2-20230616_301_301002_301002101.exe"
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1612

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\System.dll
    Filesize

    11KB

    MD5

    75ed96254fbf894e42058062b4b4f0d1

    SHA1

    996503f1383b49021eb3427bc28d13b5bbd11977

    SHA256

    a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

    SHA512

    58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    a6f622a2f12ac10bca04e23deff5cada

    SHA1

    abf851b5ccfb64004e9b49718a467bd754545887

    SHA256

    b8fa7b9393fff910144768588c471ca7c9ec98a2b8b186b2172b8ba7a5279500

    SHA512

    35c8b0db179104e638f1b40f3f8038a41fdc327e112de5cb0dbb97cbf1dfa276fcf6400fcb46b88cb5ba233ca769becbdb4b4d40920adca831e3c0f38193c50f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\example.dll
    Filesize

    8.0MB

    MD5

    ae7b2e1060493290d5ad3f10c6fe8888

    SHA1

    74cd7fea5ada46514d506f5b351f2efac2fbad7f

    SHA256

    67adde9ce3ca7978cb7b17d8beda26974af9f3126446afe19719a94c2cd58cf3

    SHA512

    2debaf01d70614aa9b565511c6a28eb2cc91caace1b2ed89899fd1ec6271243635245adc98665bf8ed10cc71fdfe89fd3888d28671e4e0746921cbd1e21ae29f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\nsProcessW.dll
    Filesize

    4KB

    MD5

    f0438a894f3a7e01a4aae8d1b5dd0289

    SHA1

    b058e3fcfb7b550041da16bf10d8837024c38bf6

    SHA256

    30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    SHA512

    f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy4D58.tmp\wdTrack.dll
    Filesize

    847KB

    MD5

    502c6765efb0ddaa1eac04b0d92603fa

    SHA1

    35a89f9e515df119895fc377f37e780cf8a3a21d

    SHA256

    eaa3998b986ab344d5da97676e3d74742f021b45d95eb1c0c1cdbb81d12cd4cb

    SHA512

    c49b9ad2edaba4878932de6092903a90d8a6dd98d67146ec689d6e0a89b31547215c01c3a7435b0286b624ed35a895d17f413c0bdc729126dc794e319f6e6a6a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4D58.tmp\System.dll
    Filesize

    11KB

    MD5

    75ed96254fbf894e42058062b4b4f0d1

    SHA1

    996503f1383b49021eb3427bc28d13b5bbd11977

    SHA256

    a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

    SHA512

    58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4D58.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    a6f622a2f12ac10bca04e23deff5cada

    SHA1

    abf851b5ccfb64004e9b49718a467bd754545887

    SHA256

    b8fa7b9393fff910144768588c471ca7c9ec98a2b8b186b2172b8ba7a5279500

    SHA512

    35c8b0db179104e638f1b40f3f8038a41fdc327e112de5cb0dbb97cbf1dfa276fcf6400fcb46b88cb5ba233ca769becbdb4b4d40920adca831e3c0f38193c50f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4D58.tmp\example.dll
    Filesize

    8.0MB

    MD5

    ae7b2e1060493290d5ad3f10c6fe8888

    SHA1

    74cd7fea5ada46514d506f5b351f2efac2fbad7f

    SHA256

    67adde9ce3ca7978cb7b17d8beda26974af9f3126446afe19719a94c2cd58cf3

    SHA512

    2debaf01d70614aa9b565511c6a28eb2cc91caace1b2ed89899fd1ec6271243635245adc98665bf8ed10cc71fdfe89fd3888d28671e4e0746921cbd1e21ae29f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4D58.tmp\nsProcessW.dll
    Filesize

    4KB

    MD5

    f0438a894f3a7e01a4aae8d1b5dd0289

    SHA1

    b058e3fcfb7b550041da16bf10d8837024c38bf6

    SHA256

    30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    SHA512

    f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4D58.tmp\wdTrack.dll
    Filesize

    847KB

    MD5

    502c6765efb0ddaa1eac04b0d92603fa

    SHA1

    35a89f9e515df119895fc377f37e780cf8a3a21d

    SHA256

    eaa3998b986ab344d5da97676e3d74742f021b45d95eb1c0c1cdbb81d12cd4cb

    SHA512

    c49b9ad2edaba4878932de6092903a90d8a6dd98d67146ec689d6e0a89b31547215c01c3a7435b0286b624ed35a895d17f413c0bdc729126dc794e319f6e6a6a

    Download Submit