Overview

overview

6

Static

static

3

3d4cc5a766...8f.exe

windows7-x64

6

3d4cc5a766...8f.exe

windows10-2004-x64

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 14:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3d4cc5a7663f1b17bd99b696ecc5b88f.exe

  • Size

    216KB

  • MD5

    3d4cc5a7663f1b17bd99b696ecc5b88f

  • SHA1

    5d88450c1be70273be9733c6f0f041982178f40b

  • SHA256

    a0711de6894921aa9312396715d4cb104fa1e6298bec8a454d0f69019184a32a

  • SHA512

    be904e6112c0c1b15ccb612daa7c465a072f9f314a013d64de0cb08bc5f1e66145c0df694f6c6e0720aa61072e04c2ee2ec8e52378904f306ddd4404074417ac

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B81kgnYHfQlA8:o68i3odBiTl2+TCU/Sk8KfQlEg

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d4cc5a7663f1b17bd99b696ecc5b88f.exe
    "C:\Users\Admin\AppData\Local\Temp\3d4cc5a7663f1b17bd99b696ecc5b88f.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2792

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            8894a17cf69139ad9df3dd38d8e2bb59

            SHA1

            2b00525c708eacac521743a268f4c39ee7285de2

            SHA256

            0418629db03273c2dedb6355ef36715c2ad391ad0f981ff894f61e77aebd9b64

            SHA512

            f575708d7da83888f84b74c28b6b9820b779e9dcf955e747d5fced3e024f5f777233edef4b1a9ba49b0b82caac9453b1896a6f2d909a97e85260bdfd43c72554

            Download Submit

          • memory/2472-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/2792-62-0x00000000021E0000-0x00000000021E1000-memory.dmp

            Filesize

            4KB

            Download