Overview

overview

7

Static

static

3

7529815744...15.exe

windows7-x64

6

7529815744...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/01/2024, 18:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7529815744bf63c794a0b4615fd85a15.exe

  • Size

    220KB

  • MD5

    7529815744bf63c794a0b4615fd85a15

  • SHA1

    eb19d2925180d4cb73755160a5f42b34d0414472

  • SHA256

    da0466e2b11673085988f5759e21a235379f71b958c804dd3953043dc3725e5b

  • SHA512

    2b241fee1e94134bee4c8c5ea5bc5665fb24297c512535eb442160f9c69df27c10263ac0aaf955db24a94dab3f7dd2bdf0dbca992283680af869e33daace91a9

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8VkgnYHfQlAL:o68i3odBiTl2+TCU//k8KfQlE

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7529815744bf63c794a0b4615fd85a15.exe
    "C:\Users\Admin\AppData\Local\Temp\7529815744bf63c794a0b4615fd85a15.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:324

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            0455239aa0d819dac53864954c154a6a

            SHA1

            9c89dd38f098d19a79e92f6af6eb61ba1466a3b4

            SHA256

            f7fc0f19cf84f03f38210d6878518b1a3c82b9954f68eb90500294a0d0575af9

            SHA512

            7e1a81f9e732ed8dcbd3650089a1e38fa50367c06cd90e523a7adf604b5367a4ce6f376573820e1113990a9b6104f44c2abd2afdb515bb5e2421b1c48bcb90c7

            Download Submit

          • memory/324-62-0x0000000000620000-0x0000000000621000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1384-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download