Overview

overview

7

Static

static

3

b144fa996d...6f.exe

windows7-x64

6

b144fa996d...6f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b144fa996dfbdb305cc673fecd8e806f.exe

  • Size

    63KB

  • MD5

    b144fa996dfbdb305cc673fecd8e806f

  • SHA1

    d97c8939bed314bde89ccdd552ccb728148a10bd

  • SHA256

    7819c6af1b36870d15b4b954936837b5c5a8ba57ebdee462772bd6fb9f66afc9

  • SHA512

    72a8e177bc926143482556cb3c0b35a98436279daf98753ba80da52361e1480644006f318b821d2497492a3d803faf3520e551405bfb9db4c3283b8c1f1d7759

  • SSDEEP

    1536:JJl0x2vMziE9caRZglZSP+QIOPnToIfwEFy:JJa0vM+la0iP+GfTBfwEFy

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b144fa996dfbdb305cc673fecd8e806f.exe
    "C:\Users\Admin\AppData\Local\Temp\b144fa996dfbdb305cc673fecd8e806f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1\3E19.bat C:\Users\Admin\AppData\Local\Temp\b144fa996dfbdb305cc673fecd8e806f.exe"
      2⤵
      • Enumerates connected drives
      • Suspicious use of WriteProcessMemory
      PID:2140
      • C:\Windows\system32\Robocopy.exe
        Robocopy C:\users\Admin\Desktop L:\Admin\Desktop /MIR /FFT /Z /XA:SH /W:5 /XJ /Xf *.jpg *.png *.mp3 *.mp4 *.exe *.avi *.mkv *.mov *.wma *.wmv *.flv *.mpg *.divx *.wave *.m4a *.swf *.dov *.app *.bat *.com *.jar *.wsf *.iso *.dmg *.bin *.mdf *.bcd *.bak *.tmp
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2452
      • C:\Windows\system32\Robocopy.exe
        Robocopy C:\users\Admin\Documents L:\Admin\Documents /MIR /FFT /Z /XA:SH /W:5 /XJ /Xf *.jpg *.png *.mp3 *.mp4 *.exe *.avi *.mkv *.mov *.wma *.wmv *.flv *.mpg *.divx *.wave *.m4a *.swf *.dov *.app *.bat *.com *.jar *.wsf *.iso *.dmg *.bin *.mdf *.bcd *.bak *.tmp
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2108

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1\3E19.bat
          Filesize

          689B

          MD5

          cbe07fa128cc33463cca9926ea3cd5cf

          SHA1

          22376f5b9cc408937418546e4005a7cc0f5dd8a7

          SHA256

          a21fa4e242ecfdecfd30189504ea030045e054faec2aba32cf2eb87649c56f8f

          SHA512

          b7f2f35f6710ab41cbb3f5ecc858371f1a6acb03139f97b8daf7f829391236283d2eb85c1cf376cd6ce5747e19f4676f8aca08cf6bdabe9763388400fe06b2de

          Download Submit