Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
21-01-2024 19:12
Behavioral task
behavioral1
Sample
CrybtBot Sealer Unpacked.bin.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
CrybtBot Sealer Unpacked.bin.exe
-
Size
280KB
-
MD5
681457fa460dff885eef657f166d5ef8
-
SHA1
44cac83393e0d6d083f0f2ae064090e2478f715b
-
SHA256
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
-
SHA512
369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
-
SSDEEP
6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
cmd.exepid process 2892 cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
CrybtBot Sealer Unpacked.bin.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString CrybtBot Sealer Unpacked.bin.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 CrybtBot Sealer Unpacked.bin.exe -
Delays execution with timeout.exe 1 IoCs
Processes:
timeout.exepid process 2348 timeout.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
CrybtBot Sealer Unpacked.bin.execmd.exedescription pid process target process PID 1764 wrote to memory of 2892 1764 CrybtBot Sealer Unpacked.bin.exe cmd.exe PID 1764 wrote to memory of 2892 1764 CrybtBot Sealer Unpacked.bin.exe cmd.exe PID 1764 wrote to memory of 2892 1764 CrybtBot Sealer Unpacked.bin.exe cmd.exe PID 1764 wrote to memory of 2892 1764 CrybtBot Sealer Unpacked.bin.exe cmd.exe PID 2892 wrote to memory of 2348 2892 cmd.exe timeout.exe PID 2892 wrote to memory of 2348 2892 cmd.exe timeout.exe PID 2892 wrote to memory of 2348 2892 cmd.exe timeout.exe PID 2892 wrote to memory of 2348 2892 cmd.exe timeout.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CrybtBot Sealer Unpacked.bin.exe"C:\Users\Admin\AppData\Local\Temp\CrybtBot Sealer Unpacked.bin.exe"1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1764 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c rd /s /q C:\Users\Admin\AppData\Local\Temp\vkbAPImWONw & timeout 4 & del /f /q "C:\Users\Admin\AppData\Local\Temp\CrybtBot Sealer Unpacked.bin.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:2892
-
C:\Windows\SysWOW64\timeout.exetimeout 41⤵
- Delays execution with timeout.exe
PID:2348