Overview

overview

6

Static

static

3

faa4482d01...1d.exe

windows7-x64

6

faa4482d01...1d.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2023, 21:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    faa4482d012dfb7b4938bc34d884061d.exe

  • Size

    205KB

  • MD5

    faa4482d012dfb7b4938bc34d884061d

  • SHA1

    188b281e830e485db85569369de89a55ba89a996

  • SHA256

    58355bfb727d4facd0250089f94c5367d1e9a07070cb099117bda247ab7065f2

  • SHA512

    88224998823bcf8ff4102a45ea8513f21c39b771da5a97a9895c79abb1341efd396ded27b1f875f52a54d3c7b3204e16c9481826c76eb06c249f8caa5459439f

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/18Kh1thz/u:o68i3odBiTl2+TCU/R1thzu

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\faa4482d012dfb7b4938bc34d884061d.exe
    "C:\Users\Admin\AppData\Local\Temp\faa4482d012dfb7b4938bc34d884061d.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2460

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            44adb98c88063b181c37122190ee95d6

            SHA1

            ff4ce914eac5502270e46e4fbaa564c0e107eab9

            SHA256

            e67378fd831b8c6783607d0971e87a35044196577d8b360dfb38aace39354c44

            SHA512

            dd633caf98bc877050ab4d8ecccbfe341d7902cc6b00faabf73968d5f9124fa0c4eabd4f2dacb66d833dd6a25317b379356796c83aacbaf7ce4dbb2a184e3cd3

            Download Submit

          • memory/2460-62-0x00000000022A0000-0x00000000022A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2512-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download