Overview

overview

7

Static

static

3

752fc1aa93...5f.exe

windows7-x64

7

752fc1aa93...5f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    752fc1aa93dc13eb629aa47fc26c215f.exe

  • Size

    75KB

  • MD5

    752fc1aa93dc13eb629aa47fc26c215f

  • SHA1

    c18612df3b863d1baaa0846ba2ed9ada80716e2d

  • SHA256

    63c935401393ed6400a339d0e78950fb66e9b5a1f74261fab1bb111cc4334c48

  • SHA512

    0b095ae961794bd35d673b8eb1cb560c9fc3623e54718e2522718457042420cf94d1f296603f923b7d10ada7bc02a46ecf63a34c13e8312b5d03c66aa25f5864

  • SSDEEP

    1536:bLb46dIqQz5eHcFDW7dj0Ok633uOS/TGdB2+uPUu:bXBdIqe51n3TA8Z

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\752fc1aa93dc13eb629aa47fc26c215f.exe
    "C:\Users\Admin\AppData\Local\Temp\752fc1aa93dc13eb629aa47fc26c215f.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Bkb..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Bkb..bat
    Filesize

    210B

    MD5

    899756718aa19fd6b3bcf234f49c30bf

    SHA1

    445cee0d084c1f2d3626dc43ded43660042c67d7

    SHA256

    214272686c32f8211cf90b80a9e790cc171c20d585aca56e1f4e9dd58a795713

    SHA512

    9e04d1b4f8699733381036415756167e33e06a8ae1b6ac74d12c69730a65e0198e85e975f3c2cae1476470c953bd94956d78352141de3abf0865ce9dcd57988f

    Download Submit

  • memory/2976-0-0x0000000000430000-0x0000000000455000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2976-1-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2976-3-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download