Overview

overview

7

Static

static

7

bacef0c983...7b.exe

windows7-x64

7

bacef0c983...7b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2023, 01:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bacef0c983a1bc1bf5a48cf61ed4397c5b070f824e74e6f9f1aa24cb7f28097b.exe

  • Size

    1.4MB

  • MD5

    2a14734eaa048b443d11d2c73ccbc107

  • SHA1

    409d00ad93c2b7037d56bb722ea8c009366be36d

  • SHA256

    bacef0c983a1bc1bf5a48cf61ed4397c5b070f824e74e6f9f1aa24cb7f28097b

  • SHA512

    28d9e9e32845c5402898fa1d6b7c978e9c36f1edb1db093b3eda2d7eceb645f6e74df238c76a178f402b96f9bd1f22fc869c26ca90cdc7258e4fd9598688d6ef

  • SSDEEP

    24576:BuW/ZvmZbl0S8Dg9lm/GosiYce7Kw3miTz6kDpBqSwV50dCWLAPJVk6Rx1:BuW/ZOycvmuPiJSKwWiTz3D+X0kW0PJ5

Score
7/10
bootkitpersistencevmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bacef0c983a1bc1bf5a48cf61ed4397c5b070f824e74e6f9f1aa24cb7f28097b.exe
    "C:\Users\Admin\AppData\Local\Temp\bacef0c983a1bc1bf5a48cf61ed4397c5b070f824e74e6f9f1aa24cb7f28097b.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2584

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VKWFGCX\edit1[1].cur
          Filesize

          766B

          MD5

          32f16cde74ed4f9a62355331ceb78514

          SHA1

          5542b3fa427e2f57dc6bf8935e2020c883607fb3

          SHA256

          1ad0bc5b343c9b98013108e85540ce6411b22a0bdfed576d760e5fa8d366950e

          SHA512

          eea88300cbeb99ceb127d3bb48add411e94e14129f0123ce34cd22b7bae39899a1ff7bfbb8672f8f3a8ae673a0cad423aa745f39214f1e0e3cebf3631aed5870

          Download Submit

        • memory/2584-0-0x0000000000400000-0x00000000012F4000-memory.dmp

          Filesize

          15.0MB

          Download

        • memory/2584-1-0x0000000000400000-0x00000000012F4000-memory.dmp

          Filesize

          15.0MB

          Download

        • memory/2584-4-0x0000000005600000-0x0000000006662000-memory.dmp

          Filesize

          16.4MB

          Download

        • memory/2584-5-0x0000000006A30000-0x0000000006A6A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/2584-6-0x0000000006A70000-0x0000000006AA8000-memory.dmp

          Filesize

          224KB

          Download

        • memory/2584-40-0x0000000000400000-0x00000000012F4000-memory.dmp

          Filesize

          15.0MB

          Download