Overview

overview

7

Static

static

3

54ecc5a864...af.exe

windows7-x64

7

54ecc5a864...af.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2024 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54ecc5a86401b76141949f5cd11d96af.exe

  • Size

    78KB

  • MD5

    54ecc5a86401b76141949f5cd11d96af

  • SHA1

    16df221f62193e7c5156b31ccc1dab36a0828607

  • SHA256

    43e44ad194b4e54571ec96ac66728541353fca0a89407796d950880c4d89a415

  • SHA512

    5a2047ececb7048631e408e4124b1b1b7aaf357b3abbf70092a357509ca8ff7460aab9175090a5d4603ced27917d5dd2bdaa0e68f3032d521163f4b613e6f7a8

  • SSDEEP

    1536:tR8jgVoGs8pQjci3Qi6mDfq+TKsySfizW7KsdN36M/w6YZ8:MjasFgi3pySay7KS/w58

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54ecc5a86401b76141949f5cd11d96af.exe
    "C:\Users\Admin\AppData\Local\Temp\54ecc5a86401b76141949f5cd11d96af.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Brb..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Brb..bat
    Filesize

    210B

    MD5

    d5f1d2f5b5bb624e54eca6a32f248e09

    SHA1

    83569abc57b5e615a7b519f0c90d82766eaa2e11

    SHA256

    b9705d29e69dda621cae7a6f0d29b06fb52b922aad3e1e76ba9adfc6e77d1c8c

    SHA512

    2172536ebc16c805edc9e62be56d7171014260a212487576bfe175d805d3a09bbfbb16a863bc8bee75426640855781776390ccf4f3d093d72fff9cac7fa2d365

    Download Submit

  • memory/1060-0-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1060-2-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1060-1-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1060-3-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1060-5-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1060-6-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download