c6bdf93f4b2de6dfa1a3a847e7c24ae10edf7f6318653d452cd4381415700ada

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
21/11/2023, 01:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

32ab6a1058dfbde76951b7aa7c2335a6.exe
Size

25.3MB
MD5

32ab6a1058dfbde76951b7aa7c2335a6
SHA1

4182a4c9dc2ca685c0fe01e376982f77593abf80
SHA256

c6bdf93f4b2de6dfa1a3a847e7c24ae10edf7f6318653d452cd4381415700ada
SHA512

0399a452bb565eddbf4cbe9058be6d0d1ed75e61009a85f51130f97bc75f0b97168543881a25874edbba5418ed23153b1d01f71e2b75ecac52ef52c2de0f9d3e
SSDEEP

786432:NBq40lIOkMNg87H2efKh6HJdOfLo++QRphDQBINQIM9O0fgCzH:Ok0g87WefKh6HJwfLiegG6IV07H

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2912	32ab6a1058dfbde76951b7aa7c2335a6.exe

Loads dropped DLL 2 IoCs

pid	Process
2888	32ab6a1058dfbde76951b7aa7c2335a6.exe
2912	32ab6a1058dfbde76951b7aa7c2335a6.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2912	2888	32ab6a1058dfbde76951b7aa7c2335a6.exe	28
PID 2888 wrote to memory of 2912	2888	32ab6a1058dfbde76951b7aa7c2335a6.exe	28
PID 2888 wrote to memory of 2912	2888	32ab6a1058dfbde76951b7aa7c2335a6.exe	28
PID 2888 wrote to memory of 2912	2888	32ab6a1058dfbde76951b7aa7c2335a6.exe	28
PID 2888 wrote to memory of 2912	2888	32ab6a1058dfbde76951b7aa7c2335a6.exe	28
PID 2888 wrote to memory of 2912	2888	32ab6a1058dfbde76951b7aa7c2335a6.exe	28
PID 2888 wrote to memory of 2912	2888	32ab6a1058dfbde76951b7aa7c2335a6.exe	28

C:\Users\Admin\AppData\Local\Temp\32ab6a1058dfbde76951b7aa7c2335a6.exe
"C:\Users\Admin\AppData\Local\Temp\32ab6a1058dfbde76951b7aa7c2335a6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\Temp\{046FE505-BB85-4979-9A1A-B0C4A868A0C2}\.cr\32ab6a1058dfbde76951b7aa7c2335a6.exe
  "C:\Windows\Temp\{046FE505-BB85-4979-9A1A-B0C4A868A0C2}\.cr\32ab6a1058dfbde76951b7aa7c2335a6.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\32ab6a1058dfbde76951b7aa7c2335a6.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\{046FE505-BB85-4979-9A1A-B0C4A868A0C2}\.cr\32ab6a1058dfbde76951b7aa7c2335a6.exe

Filesize
858KB

MD5
c2cb26b35a28e60c89496481cf488845

SHA1
52e1808b67c16848a865e8fa60dd698e79ad0739

SHA256
8b670ed69431d112c0786dc4bf8e44a0b42b9f635ee4fbd46c49976837686dbc

SHA512
eb28325fe4b37f99796ce18d8ddc3bc2f8be2003a94e844397b4361f2f93f5b287530ab98d7ef6117f86788d12e0798bfcea071bb60915a6b1d5b52096d2f115

Download Submit
C:\Windows\Temp\{046FE505-BB85-4979-9A1A-B0C4A868A0C2}\.cr\32ab6a1058dfbde76951b7aa7c2335a6.exe

Filesize
858KB

MD5
c2cb26b35a28e60c89496481cf488845

SHA1
52e1808b67c16848a865e8fa60dd698e79ad0739

SHA256
8b670ed69431d112c0786dc4bf8e44a0b42b9f635ee4fbd46c49976837686dbc

SHA512
eb28325fe4b37f99796ce18d8ddc3bc2f8be2003a94e844397b4361f2f93f5b287530ab98d7ef6117f86788d12e0798bfcea071bb60915a6b1d5b52096d2f115

Download Submit
C:\Windows\Temp\{6EEE3A46-A150-43AC-9686-8ACDEB694FF5}\.ba\SideBar.png

Filesize
50KB

MD5
888eb713a0095756252058c9727e088a

SHA1
c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

SHA256
79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

SHA512
7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

Download Submit
\Windows\Temp\{046FE505-BB85-4979-9A1A-B0C4A868A0C2}\.cr\32ab6a1058dfbde76951b7aa7c2335a6.exe

Filesize
858KB

MD5
c2cb26b35a28e60c89496481cf488845

SHA1
52e1808b67c16848a865e8fa60dd698e79ad0739

SHA256
8b670ed69431d112c0786dc4bf8e44a0b42b9f635ee4fbd46c49976837686dbc

SHA512
eb28325fe4b37f99796ce18d8ddc3bc2f8be2003a94e844397b4361f2f93f5b287530ab98d7ef6117f86788d12e0798bfcea071bb60915a6b1d5b52096d2f115

Download Submit
\Windows\Temp\{6EEE3A46-A150-43AC-9686-8ACDEB694FF5}\.ba\PythonBA.dll

Filesize
674KB

MD5
0a0ccca07cc97cd3b02946469379240e

SHA1
0802d171427bea137afc8aac4d9a4b471c3bd7cb

SHA256
12a0bb777cd7ee658394fc3452ba06e715d9328d7f2c2c3ee5b8fbb5c51e661f

SHA512
ee877e73b835f8c5af18eb047f66b9d704a1cbd598cd50058617f1b65bc4d9b9f54a30d4b1f8eabf911c2ba0dd15ad6b36cfb092a539961dd8c9002b0d5a22d6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads