Overview

overview

7

Static

static

3

baaa96aff3...9b.exe

windows7-x64

6

baaa96aff3...9b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 14:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    baaa96aff39ab469dd7b9f349a0ca99b.exe

  • Size

    165KB

  • MD5

    baaa96aff39ab469dd7b9f349a0ca99b

  • SHA1

    89ad3ad3e453ef1d0eb98f39f82f9311a5e2c552

  • SHA256

    b5ea6c0b6046f1df64aa99356e4d1055ee55ae60fad8d747e30759fd0802c1c7

  • SHA512

    c96eb7d1e75330a41ef83a4405ed264abf5ad52bbe2667a374f8eef70a254f772b6b185a6076b04ab2fa0e13d8d7ccf88d7114cb8a9106c60c3c33bf1803a9e2

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8f:o68i3odBiTl2+TCU/K

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\baaa96aff39ab469dd7b9f349a0ca99b.exe
    "C:\Users\Admin\AppData\Local\Temp\baaa96aff39ab469dd7b9f349a0ca99b.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2668

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            976e10803d68d378cf2b6b1352d80ec8

            SHA1

            9bdf379ec8b5e824d97ab099c08819a59346453c

            SHA256

            9eebe910f79d4761c35235335590fdab6ce82bceeef643cc921c01bab550967c

            SHA512

            2a7f6438198e2841978be14138d52aa80900c7084c496c9bfaff4ec8b6aebbfc7e79b2345ca09878aa009c73cc4eb5bfba48ba7ef34ba78775bc02d1fe5576b1

            Download Submit

          • memory/2668-62-0x0000000002220000-0x0000000002221000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2872-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download