28d8071b89dc9e9840bd84aadc834d2c17470ed4d73455d5fb41c25d6910dd04

Analysis

max time kernel
122s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2024 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f02ebd8b7ef88c59e5e3b385c457dfb.exe
Size

6.8MB
MD5

3f02ebd8b7ef88c59e5e3b385c457dfb
SHA1

98e949ea188c382ef97293ec243f9aa8ad04fd06
SHA256

28d8071b89dc9e9840bd84aadc834d2c17470ed4d73455d5fb41c25d6910dd04
SHA512

ffa5ebe26165a30f7580b5b0d21605f6443042b4530b36872f0e1dafe927370e18829443860594a75d68f5942d136fd4f08044824df412cdc6c731ee047a5986
SSDEEP

196608:ckwkczi278pICLOKKSe63cggSwg/TmMPmA0YkUvSZHICZInI:cLziC8pLCKranSx/9mvYYJ9ZP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2920	bcwipe-total-wipeout-2.3.exe

Loads dropped DLL 1 IoCs

pid	Process
1932	3f02ebd8b7ef88c59e5e3b385c457dfb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2920	1932	3f02ebd8b7ef88c59e5e3b385c457dfb.exe	89
PID 1932 wrote to memory of 2920	1932	3f02ebd8b7ef88c59e5e3b385c457dfb.exe	89
PID 1932 wrote to memory of 2920	1932	3f02ebd8b7ef88c59e5e3b385c457dfb.exe	89

C:\Users\Admin\AppData\Local\Temp\3f02ebd8b7ef88c59e5e3b385c457dfb.exe
"C:\Users\Admin\AppData\Local\Temp\3f02ebd8b7ef88c59e5e3b385c457dfb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\bcwipe-total-wipeout-2.3.exe
  "C:\Users\Admin\AppData\Local\Temp\bcwipe-total-wipeout-2.3.exe"
  2⤵
  - Executes dropped EXE
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bcwipe-total-wipeout-2.3.exe

Filesize
62KB

MD5
4694fdbc5098107fe2dd9f03990c909c

SHA1
7078ea3eb9cb8bbddb1444e3edaedfaabfae9064

SHA256
3e35a39ebd90c6c4fc7e8eebcc46369613bccbcc1cd4d3a76c11710445ed0139

SHA512
32355f2e822b71512d28532fa5c53071cddfd6c173f3663c9aaed03dec93c830572aeb1694c7b95eb8ad2247724cf1fcddc3e2e1e33ebb21663c28c561d6cf8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bcwipe-total-wipeout-2.3.exe

Filesize
92KB

MD5
250427fd2a916c823e54d7a63147fb39

SHA1
49c8f06b00efb99bbb3adadfc81f9f4768ee2b51

SHA256
13ec69826bc274a7e4c3f23a45b0738162e880e5a23aafcd10fb9bcf937f6555

SHA512
ae2d28b6efaec11b14ee8ea5d99f72593156b9eb8c74b053ceacb748c28fc9f5dbf60efb1964471ee44dea091f4519b18fad6a72b793bc1d0c37ab5160c94f47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc4BDF.tmp\NSISdl.dll

Filesize
72KB

MD5
b13935bfa7a3e43c112bd9fa02f08f28

SHA1
dec4f136057097c412f53c2ae41b80a8ad0c6810

SHA256
796f7efb91904fa4105528e18f6f87e3fdab9a070dabef83e02f9ae375b2b060

SHA512
1b92cde7bf74fc181b4d2602a269ef1f581b75eb67e3e46b256ddaddc153b95ee17d422a56ca04d68eafe61ab468b708f7f3691f3b47c554a67af00d49b2709a

Download Submit
memory/1932-11-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download