Overview

overview

6

Static

static

3

49ad2764a7...34.exe

windows7-x64

6

49ad2764a7...34.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 20:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    49ad2764a77bc908747c473020197b34.exe

  • Size

    203KB

  • MD5

    49ad2764a77bc908747c473020197b34

  • SHA1

    c2d927551b848355844ed22fd407e14c0cb0fb50

  • SHA256

    cf6cb96559fe9af2519e31499ef5b4f8ef732066bb0bd6d162b9b310ff578b6a

  • SHA512

    c73fd4277ddac7655b44bce818cc9dc27736abd662168695ebb189656a02218ebe33452d8e17a91c2d3ed9b67c2c34ca5abed8f3dcbcad702fe3def31cb6b849

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/k8ZpYpjmtutv:o68i3odBiTl2+TCU/6mtutv

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49ad2764a77bc908747c473020197b34.exe
    "C:\Users\Admin\AppData\Local\Temp\49ad2764a77bc908747c473020197b34.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2800

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            ba8cc373999299d5374e4e4ef032a124

            SHA1

            eddf25a2ea5b6ee368add39f5cdc612f879e9f8c

            SHA256

            7bbf487c4b28e45575ed12ca875e5e9feee7ccd223cdfb7fc093ddf3b76196b1

            SHA512

            b37850a901d69badc219f3ea0e7a42f0b21a77aab1f43fea299e7283f43f3c906b034dc6fbac2d9e948450813bbe5042f9ab4ea78caa78c178ba9a94c9de912f

            Download Submit

          • memory/1976-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/2800-62-0x0000000002260000-0x0000000002261000-memory.dmp

            Filesize

            4KB

            Download