b982542c94cb393effdaa335c0d7cbcd0c12b849d436fb1c87d317d36655e269

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cf8526c608724747aa2db9bef9cd1d2.exe
Size

41KB
MD5

7cf8526c608724747aa2db9bef9cd1d2
SHA1

cb63b4b0d9aa5423821ba89d4ecf32bc629eb55b
SHA256

b982542c94cb393effdaa335c0d7cbcd0c12b849d436fb1c87d317d36655e269
SHA512

7e3e3d0e8fedd04f14e9d6f11ded92e4f9d9cc1593bce451c9882a48532f43e635a2b3bbacddfecd65c8aa3bc7f3a4ae4d6c741fb13ef6496df835a26616ec44
SSDEEP

768:DGdMKtW2JRsRyHmlHpfyuZSERepKGM8yLE6I7w0AH9NK4fvxQurAsUCFM6:DGdML2BEJf7UPLMz7I7G9surbUCFM6

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\braviax = "C:\\Windows\\system32\\braviax.exe"	7cf8526c608724747aa2db9bef9cd1d2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Run\braviax = "C:\\Windows\\system32\\braviax.exe"	7cf8526c608724747aa2db9bef9cd1d2.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\braviax.exe	7cf8526c608724747aa2db9bef9cd1d2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2168	2980	7cf8526c608724747aa2db9bef9cd1d2.exe	28
PID 2980 wrote to memory of 2168	2980	7cf8526c608724747aa2db9bef9cd1d2.exe	28
PID 2980 wrote to memory of 2168	2980	7cf8526c608724747aa2db9bef9cd1d2.exe	28
PID 2980 wrote to memory of 2168	2980	7cf8526c608724747aa2db9bef9cd1d2.exe	28

C:\Users\Admin\AppData\Local\Temp\7cf8526c608724747aa2db9bef9cd1d2.exe
"C:\Users\Admin\AppData\Local\Temp\7cf8526c608724747aa2db9bef9cd1d2.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat" "
  2⤵
  PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\delself.bat

Filesize
202B

MD5
cfb37ccc19a1973f05965ed01ed9772f

SHA1
a01d91b5ff9664ffd143c39f4fd4e7581f6a68bd

SHA256
6d791ec550b6e94f94cdea35f6cffd8306650ae441cb2f24af7169ebc41fefe6

SHA512
99d68bfc94754928f55f33fc3e70bb7c38b9f44e3ab887e994e433c58a00de0f5d4825d061ee92b45ab0fc6b5ce6692892ddb90b11f4c5863a7f9625a3e19597

Download Submit
memory/2980-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2980-3-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2980-4-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads