Overview

overview

6

Static

static

3

4fbbbe153b...ad.exe

windows7-x64

6

4fbbbe153b...ad.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    0s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 05:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4fbbbe153b596ec96ca00143fb38c8ad.exe

  • Size

    198KB

  • MD5

    4fbbbe153b596ec96ca00143fb38c8ad

  • SHA1

    852ea3e909c8a9b262262664758567b052a68d7c

  • SHA256

    55b6de5f4cc270d44f2e37767d13ea772202d5904136d1305baf1a8bd608e1ab

  • SHA512

    957b86e2abfcd279bbb49c29aca93b3014833835b4a3b9ba9829e6ee5a62e3d04f6cb12aab34b25d6a15b883950ecafcfb5be7230edf535ea00521fec284affa

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8mkgnYO:o68i3odBiTl2+TCU/Tk8d

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4fbbbe153b596ec96ca00143fb38c8ad.exe
    "C:\Users\Admin\AppData\Local\Temp\4fbbbe153b596ec96ca00143fb38c8ad.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3544
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
        PID:1684

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\bugMAKER.bat
      Filesize

      76B

      MD5

      43c85308b3521c5edc2fc74c5f4629d3

      SHA1

      cdcd65495d0f60c78e4ffb0e9432a3ec292ae5ab

      SHA256

      829ba5640530d95f79abe69e953217673dbe37b7f54026ca65c12c65ef7e5f80

      SHA512

      d422f2fed6d274301b39348cb87282c9ec55292be218bf9d09d9309857d2706a34e749a1997a186160468ab24933ca774df1627b5fb68bb66c429ab1618b90c3

      Download Submit

    • memory/3544-24-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download