Overview

overview

7

Static

static

3

a97705b2b2...39.exe

windows7-x64

6

a97705b2b2...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a97705b2b2ec6074042fcd8ba8927b39.exe

  • Size

    225KB

  • MD5

    a97705b2b2ec6074042fcd8ba8927b39

  • SHA1

    5f98d963047cfc7617068d7e5e6fedf6289a971c

  • SHA256

    c474e62286535dea753372001b551595499a7da5ca8c366ba945bb3ada0b18cd

  • SHA512

    db34e2ed6f250ebebd57499d43e311b4cbf0333449fffffb0d73985c69f1d954edfcaefa5d9f734be865adbaabdacc2415ce1b7497970cd52c8ff6d1311ffcb4

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8ztkaZgxkt39:o68i3odBiTl2+TCU/Ftkqhk8KfQlt

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a97705b2b2ec6074042fcd8ba8927b39.exe
    "C:\Users\Admin\AppData\Local\Temp\a97705b2b2ec6074042fcd8ba8927b39.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:1732

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            d76ef364aa79eb21a102c133abb0e3a0

            SHA1

            2d9cba68f3fc4bd33863097727263809f47dee1c

            SHA256

            ef1c6d18cc7cebf960de9c0356cf763eba88cda81bc2fb7d89ef6d5560b4f29f

            SHA512

            cb19dc7e140846a649ec372c7587f7fb8c427a30123cc078c2103e0f76ec5984073a440128b72b61089e0e21c496a764cbbbb255dd7b7fbdd04c60cb264b1a53

            Download Submit

          • memory/1732-62-0x00000000009C0000-0x00000000009C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2232-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download