3b75615babef6b23d7cda39f8f82610af508fc7166d2dc1af530c1b95dbf43da

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0460055aa1d22db6f782ea7d193292f5.exe
Size

244KB
MD5

0460055aa1d22db6f782ea7d193292f5
SHA1

0ab97aefae9a123066b3cb75ccc2d1c46ab7c9a8
SHA256

3b75615babef6b23d7cda39f8f82610af508fc7166d2dc1af530c1b95dbf43da
SHA512

cc2369c0f6f1a2af6b033406ec5b74d06f8e69483df489d328d7132bc18c602abd395b264671f562b5d2ce76c8f5f096b3c61e244cf91fe1fc3890c58199008b
SSDEEP

6144:o68i3odBiTl2+TCU/jk8khuhuIp0huhuj:TNodBiTI+Tpjquauy

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft I Service = "C:\\Windows\\winhash_up.exe /REGstart"	0460055aa1d22db6f782ea7d193292f5.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\winhash_up.exez	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\winhash_up.exe	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\SHARE_TEMP\Icon7.ico	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\SHARE_TEMP\Icon14.ico	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\SHARE_TEMP\Icon10.ico	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\bugMAKER.bat	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\SHARE_TEMP\Icon3.ico	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\SHARE_TEMP\Icon6.ico	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\SHARE_TEMP\Icon12.ico	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\SHARE_TEMP\Icon13.ico	0460055aa1d22db6f782ea7d193292f5.exe
File opened for modification	C:\Windows\winhash_up.exez	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\SHARE_TEMP\Icon2.ico	0460055aa1d22db6f782ea7d193292f5.exe
File created	C:\Windows\SHARE_TEMP\Icon5.ico	0460055aa1d22db6f782ea7d193292f5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2740	2908	0460055aa1d22db6f782ea7d193292f5.exe	28
PID 2908 wrote to memory of 2740	2908	0460055aa1d22db6f782ea7d193292f5.exe	28
PID 2908 wrote to memory of 2740	2908	0460055aa1d22db6f782ea7d193292f5.exe	28
PID 2908 wrote to memory of 2740	2908	0460055aa1d22db6f782ea7d193292f5.exe	28

C:\Users\Admin\AppData\Local\Temp\0460055aa1d22db6f782ea7d193292f5.exe
"C:\Users\Admin\AppData\Local\Temp\0460055aa1d22db6f782ea7d193292f5.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\bugMAKER.bat
  2⤵
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\bugMAKER.bat

Filesize
76B

MD5
c679d65df302c6d54770907ab147c953

SHA1
db6e4bff3122fb1b1c5ed4204cccaf613082e8fa

SHA256
fc43f3cffa6c8f87d39c58169e4fff83de0a89346c68a005f2f17670a60aabfd

SHA512
fae207df4385369fe807bebb70db58b47994868b9d528a00321f186447216f0ceb554ef75b2222d315e71a9fd9caca8e9777e47b0cdee03d0b08e492de907b00

Download Submit
memory/2740-62-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/2908-67-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads