Overview

overview

6

Static

static

3

4bd29d5e09...66.exe

windows7-x64

6

4bd29d5e09...66.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    0s
  • max time network
    57s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bd29d5e096bfbf5895b246c1a3ec166.exe

  • Size

    164KB

  • MD5

    4bd29d5e096bfbf5895b246c1a3ec166

  • SHA1

    db2871203e8afd5c25dbd764fa9f2a3e53ed09cd

  • SHA256

    5643541aec142b004b35afe2ca8c23635445f20d23b83da90bc391ebd3138321

  • SHA512

    4924df34f0def25217d3fa56c7f2d1d97f75c1b9e5ad0f2e3e07d7da3a6f22b4a41d1cf669dac3afe1380acf7f0f56f30c5509897fe9f86638096d0a56f49b4d

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8Z:o68i3odBiTl2+TCU/Y

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bd29d5e096bfbf5895b246c1a3ec166.exe
    "C:\Users\Admin\AppData\Local\Temp\4bd29d5e096bfbf5895b246c1a3ec166.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
        PID:1672

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\bugMAKER.bat
      Filesize

      76B

      MD5

      6c0ac573d4af6394f03ea6217b780e69

      SHA1

      941111fb9c0ba3b7df4e5f8cc96dfe85c5524ccc

      SHA256

      ca6cd2022822e195450c5bfa6a6423729aa9292dd67fd2714c9cb9ca30f0c3e5

      SHA512

      609ad34cccba8e2aa9cb339d8f9c67fd397cff966686a4db6e55fc0b34dc5202c8c64dd2fe9539cd418625f825dcb7c9adb07c827e36a75a9e2c09c1a3cf578d

      Download Submit

    • memory/1752-24-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download