Analysis
-
max time kernel
119s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07-01-2024 20:21
Static task
static1
Behavioral task
behavioral1
Sample
49ad20efccb56332bf6b1abea1809da0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
49ad20efccb56332bf6b1abea1809da0.exe
Resource
win10v2004-20231215-en
General
-
Target
49ad20efccb56332bf6b1abea1809da0.exe
-
Size
253KB
-
MD5
49ad20efccb56332bf6b1abea1809da0
-
SHA1
11b98f7be070effa40df425c29d661b2edf0ce9e
-
SHA256
cbe595750d217c3e883dfbbf7887f8c0f2e02f8664d3ac0c7893b7d9770f894b
-
SHA512
727eed50e18118bd01104f8e9c1e3620936c34b98ed5b143083cb38fc1056aca4f089cc550582d93ef2bc8da1f7d4f2d6d776424f749ba38464bd1f733a4bfad
-
SSDEEP
6144:o68i3odBiTl2+TCU/8k8rk8KfQlmhuhuq:TNodBiTI+Tp8zA6Yur
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft I Service = "C:\\Windows\\winhash_up.exe /REGstart" 49ad20efccb56332bf6b1abea1809da0.exe -
Drops file in Windows directory 13 IoCs
description ioc Process File created C:\Windows\SHARE_TEMP\Icon2.ico 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\SHARE_TEMP\Icon10.ico 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\winhash_up.exez 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\winhash_up.exe 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\SHARE_TEMP\Icon7.ico 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\SHARE_TEMP\Icon14.ico 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\SHARE_TEMP\Icon3.ico 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\SHARE_TEMP\Icon5.ico 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\bugMAKER.bat 49ad20efccb56332bf6b1abea1809da0.exe File opened for modification C:\Windows\winhash_up.exez 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\SHARE_TEMP\Icon6.ico 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\SHARE_TEMP\Icon12.ico 49ad20efccb56332bf6b1abea1809da0.exe File created C:\Windows\SHARE_TEMP\Icon13.ico 49ad20efccb56332bf6b1abea1809da0.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2876 2164 49ad20efccb56332bf6b1abea1809da0.exe 28 PID 2164 wrote to memory of 2876 2164 49ad20efccb56332bf6b1abea1809da0.exe 28 PID 2164 wrote to memory of 2876 2164 49ad20efccb56332bf6b1abea1809da0.exe 28 PID 2164 wrote to memory of 2876 2164 49ad20efccb56332bf6b1abea1809da0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\49ad20efccb56332bf6b1abea1809da0.exe"C:\Users\Admin\AppData\Local\Temp\49ad20efccb56332bf6b1abea1809da0.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\bugMAKER.bat2⤵PID:2876
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76B
MD5e94a811f98d7ef4e6632721319ee5aa6
SHA19e02df146ce3f059fa2e4f63691a57a9bae3915a
SHA2561cb894e33bded9030ae25cd161639861dd7818003a7e70dbec40e866c28dc7e7
SHA512e775bf67b75f7b62590640a9a5e181eefc4cdfd6f4ddf4ce6239a4021f06b77198b31652c9a0605b62f8ea872d5046d4bc0c49dfcf0999c0c7792d8c2b82b5da