Overview

overview

7

Static

static

3

03e82644e9...20.exe

windows7-x64

7

03e82644e9...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 03:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03e82644e97370d21e09ec20e87c9120.exe

  • Size

    254KB

  • MD5

    03e82644e97370d21e09ec20e87c9120

  • SHA1

    00b408310c25e88804822ec2d6f0499773255c7c

  • SHA256

    e9de902d7417c13f78f468cbd0ec3c3c3d94a798b557d25ee84564a1a6ebe778

  • SHA512

    9d147ed9756ee1a0c0735220fde657a73ffa3e827d133c4e42b1192f7a3d928aa0cc76796c7dc048f5d9f7aa420e5880e0cccdb40a04a046309dacf38b784041

  • SSDEEP

    6144:09BrhnxHaMr/IOkE+QqFd5Mi00vJtObbfG:gPr/IOkEjibtqfG

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03e82644e97370d21e09ec20e87c9120.exe
    "C:\Users\Admin\AppData\Local\Temp\03e82644e97370d21e09ec20e87c9120.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\AppData\Local\Temp\bibibei12.exe
      C:\Users\Admin\AppData\Local\Temp\bibibei12.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      PID:3004
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\unins.bat
      2⤵
      • Deletes itself
      PID:2496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\unins.bat
    Filesize

    184B

    MD5

    2797a44128df2166e89655df7a653fc3

    SHA1

    d411450221ce951103b52c371cccf61fab180164

    SHA256

    1bb643e5c2a7a854755d479724313f48af8803ba54bcc97ab3eaa3a1d9256280

    SHA512

    cf0fc275a40dc7ebca3ded9dd69bbc8ad6fc49ff15396a5a5c96ea2573ec99130cfa4e313997e5a52ae17fef9ebe630d6d763a279aa7f30b07e9f4affdec1a36

    Download Submit

  • \Program Files (x86)\±È±ÈßÂ\bibibei.dll
    Filesize

    85KB

    MD5

    44bef753e4a6be3c990070aeb7bc994e

    SHA1

    2a45791ebcb41e9c74423573e6c9207bddd8d8bf

    SHA256

    fcf4dc5492b6c99f7620d7b9692e3293d6cc7b95ad0f5dde5890ab7162955da4

    SHA512

    c0dfdd62f3ffda4c886f81051e87aa85096ee0be6452bf0a634b9096fdb6237d065d1a80b5c58b071b2cd4f95d0db3e0949f2808fa8b5a990137eb4d25aa7dda

    Download Submit

  • \Users\Admin\AppData\Local\Temp\bibibei12.exe
    Filesize

    155KB

    MD5

    7c2c7156a8059e828ef25b770672779a

    SHA1

    abd7f60e36931cb5e2943bc4eb1624a979f6da84

    SHA256

    a75943c496ab9dabf46d238d86e49169c25b2a83630296a9a5064fa4efdfb3f8

    SHA512

    91fce6cf74ac0cd17c127ded96259dae17e6f3a56c0400e787419182c78c5cae83b0c4eec4012ac4292a4e4c2600dcd874855b468b98b663a90f197cb0e3efd7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst62BA.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • memory/3000-48-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/3004-28-0x0000000002840000-0x0000000002854000-memory.dmp

    Filesize

    80KB

    Download