Overview

overview

7

Static

static

3

181c581224...1a.exe

windows7-x64

3

181c581224...1a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    181c5812241668211ed0bfa3f205231a.exe

  • Size

    51KB

  • MD5

    181c5812241668211ed0bfa3f205231a

  • SHA1

    cc1382a4c47a07485ca9a5afd74198a6f67528c6

  • SHA256

    e90c1b7eed0337d8d4306d279c08c4d676078ec1d2ff4622efa22c84b5ee1beb

  • SHA512

    bc54a2fb02abf79cba92d911eeb9764bbf5dd4040f91488df0bb6057a09b99435608dd5d41d4d4ca3b0eeaf261904094fa000b893ad58a61d5a279e0d9969299

  • SSDEEP

    768:K1/E+99cXleprSazDkusCH2SeRiYGuaZEf5y/ui8Iq90V:4AcnkuAxRXs42

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Windows\Temp\WBCS.bat" "
    1⤵
      PID:2796
    • C:\Users\Admin\AppData\Local\Temp\181c5812241668211ed0bfa3f205231a.exe
      "C:\Users\Admin\AppData\Local\Temp\181c5812241668211ed0bfa3f205231a.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2140

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Temp\WBCS.bat
      Filesize

      22KB

      MD5

      ec9542a24f651659f54e90b8ca39eb7e

      SHA1

      1e81001b6438b228492acedfce5585e38a145477

      SHA256

      c43cc1b1665d3fe9cb1f53e3bbceac463eb63ac7fce90e9ec7fa849f72a256d7

      SHA512

      7ae4a698accd4fae4a2d2ca11a51d77f3c0fcd6a58b8b4c50f16022330197cbc33d54938c882a1013ad1128a2e324d21c5081a153c9eb241adc6e44d55c6a928

      Download Submit

    • memory/2140-8-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download