Overview

overview

6

Static

static

3

24c412eaa4...81.exe

windows7-x64

6

24c412eaa4...81.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    146s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 02:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    24c412eaa4e6b5af9419ec3d67b69781.exe

  • Size

    226KB

  • MD5

    24c412eaa4e6b5af9419ec3d67b69781

  • SHA1

    6c2308437abbc814f122e7b1c50ac2a7e23459c4

  • SHA256

    56712218e09f625b1ba90764b9e39613894b987bd61e393ed725a732e63ee651

  • SHA512

    1f9c65a54a5f8daeaf5e031d82091ac3466dcbb0de224517f810bc179dd04a157754c354869db6075341239081dcebbecd86a1b827b3f63ce6ed96b117563240

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8ztkaZgxk+pz:o68i3odBiTl2+TCU/htkqUhuhuIpq

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24c412eaa4e6b5af9419ec3d67b69781.exe
    "C:\Users\Admin\AppData\Local\Temp\24c412eaa4e6b5af9419ec3d67b69781.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
        PID:3784

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            d961958490e77b31dc27806dc0c77024

            SHA1

            c0ece5adede605830ff40c404e20de7dfd598767

            SHA256

            12ffca55317f9973ef69ec30fa45ca8c702d73717fc06d2e165fbbf9713bdc28

            SHA512

            42840b4f87187439fe8ae425a7a9b78c88d3b3fb66344ac28333ef15a356e4f5a71040de3d7e5741594c069237b5a10c677f0c8460800856f6b6c254b69df1f3

            Download Submit

          • memory/4872-5-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/4872-23-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/4872-26-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download