Overview

overview

6

Static

static

3

3e1966565d...23.exe

windows7-x64

6

3e1966565d...23.exe

windows10-2004-x64

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2023 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e1966565d384447ac30ee488d3e2e23.exe

  • Size

    164KB

  • MD5

    3e1966565d384447ac30ee488d3e2e23

  • SHA1

    ba19d1dc7ccf532158e3a4bbad8e1f3fbe24d733

  • SHA256

    1048783b90572918df27b625ba592995964bdd3a80721261993972276f259695

  • SHA512

    d3674bd4fa70ad3efe4020e147a3415c62451503653a32dc06cbfbca79e0309b92b37efda18b2b7e4c60b7d730d34d62eae948eb873c57b1a31591bca2330620

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B86:o68i3odBiTl2+TCU/z

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e1966565d384447ac30ee488d3e2e23.exe
    "C:\Users\Admin\AppData\Local\Temp\3e1966565d384447ac30ee488d3e2e23.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2816

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\bugMAKER.bat
      Filesize

      76B

      MD5

      5417791ccd21a2d464cb15d8515b111f

      SHA1

      76a5234f7fd31c89366835a7986cce3c6a151ccb

      SHA256

      71dd208a647c3f13338ded340e575dedee7e2425e22fe8a70276bbb6b2a7f537

      SHA512

      42b63765af080387fbedcb47756833807192bed4727442110600d7502e9db16f9834726483d4a14835675513a0d8216f9e5ea3173403e57fef2ffc390cebc1ec

      Download Submit

    • memory/2192-67-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/2816-62-0x0000000000500000-0x0000000000501000-memory.dmp

      Filesize

      4KB

      Download