7434bf559290cccc3dd3624f10c9e6422cce9927d2231d294114b2f929f0e465

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
01-10-2023 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VC_redist.x64.exe
Size

14.5MB
MD5

77c0f604585fb429c722be111ca30c37
SHA1

bdb645ebaf3c91eceb1a143be6793ca57e6435c3
SHA256

7434bf559290cccc3dd3624f10c9e6422cce9927d2231d294114b2f929f0e465
SHA512

1de6aaaf0390d3def3bf07e8186454e6a480b1f0c800ed99c4dc737198a48c1fddb03ea9530bac9d4acbe4459cd20faf80693ed08baaa91cc817c58ad2ae911e
SSDEEP

393216:0UAlp+dkBSuF2SfUfn6Hw/bVz1+rNi51oxDIGYfNZApwm:0Jp+Ty2SfUfn2wjVpSN01oxsff4Z

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2424	VC_redist.x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2424	2032	VC_redist.x64.exe	28
PID 2032 wrote to memory of 2424	2032	VC_redist.x64.exe	28
PID 2032 wrote to memory of 2424	2032	VC_redist.x64.exe	28
PID 2032 wrote to memory of 2424	2032	VC_redist.x64.exe	28
PID 2032 wrote to memory of 2424	2032	VC_redist.x64.exe	28
PID 2032 wrote to memory of 2424	2032	VC_redist.x64.exe	28
PID 2032 wrote to memory of 2424	2032	VC_redist.x64.exe	28

C:\Users\Admin\AppData\Local\Temp\VC_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\VC_redist.x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\VC_redist.x64.exe
  "C:\Users\Admin\AppData\Local\Temp\VC_redist.x64.exe" -burn.unelevated BurnPipe.{CBC71A59-BC9D-4277-843C-C60B58CCB888} {997E8802-C25E-42B1-AF64-E21724A1A2D7} 2032
  2⤵
  - Loads dropped DLL
  PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}\.ba1\1055\license.rtf

Filesize
177KB

MD5
f1a281f74d3e91d16dd26d1f313cd8a9

SHA1
ddb2ca9032c5a9c091eac53b679f6ba428077b00

SHA256
f79108a254f876e0f6bbcb05a9effbe25dc252e7ea256bfe3fd28ceb79737f25

SHA512
484c5ca26275427e1fb74d3217a22a0e4aac409aba973e78d7ad68834e7ad1d86c7855d34b227925200f941d288dfc09477b2d7dfe0856810c6c847297b8d625

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\Users\Admin\AppData\Local\Temp\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}\.ba1\wixstdba.dll

Filesize
126KB

MD5
a973cfa4951d519e032f42dc98a198b0

SHA1
2ba0f1e1570bc2d84f9824d58e77b9192ea5dd94

SHA256
25ee85c14c9be619b4f0bf783963ace1dc0af0e802014728c2a2ca8da213d31d

SHA512
b4a8c4f08a51bdd9ce7708fe8e2477182a52f1d853954eb5af0430c2df99839b6076a7d93b00391a73d446a6ad9da3ed77ef79c8b23353d32c72fc540415b8ef

Download Submit