Overview

overview

7

Static

static

3

0cddcde4ae...31.exe

windows7-x64

6

0cddcde4ae...31.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 10:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0cddcde4ae4858ca61a932ad0d982531.exe

  • Size

    176KB

  • MD5

    0cddcde4ae4858ca61a932ad0d982531

  • SHA1

    9f79e3bfa2177a0b134f9fcbf9597e227a0bfab5

  • SHA256

    c40cb99ff9db03c6451443b9b6ad23cec396a773f04da079cafcafd368d0f31d

  • SHA512

    70071401e5307c5c4cf9c890b47b6bc99172186bd144cde7147e458ead9cd4ed3bc07f6fe8c7a82d73de198514366b23fe63272c9e64474e50dc203ea0ee27b3

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8fh:o68i3odBiTl2+TCU/a

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cddcde4ae4858ca61a932ad0d982531.exe
    "C:\Users\Admin\AppData\Local\Temp\0cddcde4ae4858ca61a932ad0d982531.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2404

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            a7d290a64b634cb4b7a01a9d159d9404

            SHA1

            3ec2da0f0f3d6577c6bf5cd3c8be7371d89f06ec

            SHA256

            0d171b1af2e2890222a2eaa7d18fb6d5207229d07e874920e0d0514c53fb6024

            SHA512

            354f11835ee22898bc0729eafcfd9505286ac1168ea51aaec6990cd11794793110dca0c1dd3bdb40b7270fe93e9e70b4d54e5ec888f2f38f8dc5156d93621053

            Download Submit

          • memory/1716-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/2404-62-0x0000000000480000-0x0000000000481000-memory.dmp

            Filesize

            4KB

            Download