Overview

overview

7

Static

static

1

3dfabdf1cc...ac.exe

windows7-x64

7

3dfabdf1cc...ac.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    467s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3dfabdf1cc3df5521a2c27efe518e2ac.exe

  • Size

    159KB

  • MD5

    3dfabdf1cc3df5521a2c27efe518e2ac

  • SHA1

    fefb9793a8ad227356c65b8a355860711de63845

  • SHA256

    47ae57e46aa7539a2bc0931764946464db89af4f5a6dbffe32414bebfc63eacd

  • SHA512

    035130a3d82e39169b4d4626df1e7d7111b92e676f9fa797404ca8b27f205d606cf9b87a87bcf79a0b8e5d2ec1c5e1fa9c5a36bfc2fad4559ef5b1966fbfb322

  • SSDEEP

    3072:m22ihA0m3BJf0AW2szLrpwChDFSWCr9wQJ70Iv/b2Te/pPBx:ZA0m3T0A0zLrfkrWy0SfxP3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3dfabdf1cc3df5521a2c27efe518e2ac.exe
    "C:\Users\Admin\AppData\Local\Temp\3dfabdf1cc3df5521a2c27efe518e2ac.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4128
    • C:\Users\Admin\AppData\Local\Temp\biclient.exe
      "C:\Users\Admin\AppData\Local\Temp\biclient.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "ffonts" /id "adventlight" /name "advent Light" /uniqid 3dfabdf1cc3df5521a2c27efe518e2ac
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\biclient.exe
    Filesize

    219KB

    MD5

    c66293ccd7cbe84b1b8f393ca5e4e6d7

    SHA1

    c24089d407e6280b79bec86532e9de0118e4de71

    SHA256

    ffbae29e2f233767fd42909720497165ce3552427ef93efb2fc714fb4204755f

    SHA512

    7ff97aa71f182035f90ba10c3bf8087280e3f34bf717bda139d642f4e043c64aa2b98d82a90a32f1df4b76f9d7610af62390fe934e514c90c703381a421c00b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\config.ini
    Filesize

    86B

    MD5

    f490e9d745d923bffee052ca39ae893b

    SHA1

    cf4e027375b7860901182ef9f315b173fce5b562

    SHA256

    a7f37e3bfb2de2baefb50f38285e08f64d89d6150b08bfda7ce5705b35c2d6d8

    SHA512

    0ce4297574729bfa31d1ba2293ca7ab3b77576239b57324ea775bac794e93f37e406aed161cb2a2753e8cdc3fad9e029b7a233737f26e7abd9777a769d8fa7f2

    Download Submit

  • memory/4128-14-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4444-15-0x0000000001460000-0x0000000001461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4444-16-0x0000000001460000-0x0000000001461000-memory.dmp

    Filesize

    4KB

    Download