Overview

overview

7

Static

static

3

766183bd07...d0.exe

windows7-x64

6

766183bd07...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 04:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    766183bd078b0a05cdcfed1f0ad4a8d0.exe

  • Size

    187KB

  • MD5

    766183bd078b0a05cdcfed1f0ad4a8d0

  • SHA1

    e58dbfcbac0f896948f64b63a3c00c07565a951e

  • SHA256

    45c54bd1f77849b135d0dfe3f23ed3b874e6d06a69ab4cb1ceba1c5816a2ea5e

  • SHA512

    1f58fcef602caf30e289d1a0b8405e0052734649c842bd9957d55a09b139479b4b027232451b5adc48a782bdbc1c3af4ec5bc720d72a0e0c2a7b0131222e253e

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8/pjBFy11Awp:o68i3odBiTl2+TCU/yhuhuW

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\766183bd078b0a05cdcfed1f0ad4a8d0.exe
    "C:\Users\Admin\AppData\Local\Temp\766183bd078b0a05cdcfed1f0ad4a8d0.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2684

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            d9bd8e412192f532e038da89384fc16a

            SHA1

            2c12493159cb3abca00750d361b3eccf55297ad5

            SHA256

            b12d4b978561a75a34abff48c544210cd78eae7965d1b1f5a06d7f2c8550c25b

            SHA512

            bcde00898a2338533705bb26dbac20a325dcd478f1350085a77d5c4d67cf16999043d7c6ceb44b7549492aad57c2588456982d2657c396bfbf9f87985215fbe0

            Download Submit

          • memory/2636-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/2684-62-0x0000000002360000-0x0000000002361000-memory.dmp

            Filesize

            4KB

            Download