Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01/02/2024, 07:05
Static task
static1
Behavioral task
behavioral1
Sample
863fb63c46c2124e5f6a67fdd09badd3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
863fb63c46c2124e5f6a67fdd09badd3.exe
Resource
win10v2004-20231222-en
General
-
Target
863fb63c46c2124e5f6a67fdd09badd3.exe
-
Size
187KB
-
MD5
863fb63c46c2124e5f6a67fdd09badd3
-
SHA1
16f9a7187e1afeef09136d7902b69972c80f8ea0
-
SHA256
f9215430ff0a9e3a5a6d082e8952c12c70d15b2478ce58153e60d4d977adb1ef
-
SHA512
e67339186ed34b7e04ea7bde6412fee29d122c6beb81aa9ce79bb582f39020c9f55b7a65e275c1da17dbd0fbc579d5360a60f075ec5ff252b5972579a027ce23
-
SSDEEP
3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8yX:o68i3odBiTl2+TCU/UX
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft I Service = "C:\\Windows\\winhash_up.exe /REGstart" 863fb63c46c2124e5f6a67fdd09badd3.exe -
Drops file in Windows directory 13 IoCs
description ioc Process File created C:\Windows\winhash_up.exez 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\SHARE_TEMP\Icon13.ico 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\SHARE_TEMP\Icon3.ico 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\SHARE_TEMP\Icon7.ico 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\SHARE_TEMP\Icon12.ico 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\bugMAKER.bat 863fb63c46c2124e5f6a67fdd09badd3.exe File opened for modification C:\Windows\winhash_up.exez 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\winhash_up.exe 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\SHARE_TEMP\Icon2.ico 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\SHARE_TEMP\Icon5.ico 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\SHARE_TEMP\Icon10.ico 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\SHARE_TEMP\Icon6.ico 863fb63c46c2124e5f6a67fdd09badd3.exe File created C:\Windows\SHARE_TEMP\Icon14.ico 863fb63c46c2124e5f6a67fdd09badd3.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2908 wrote to memory of 2872 2908 863fb63c46c2124e5f6a67fdd09badd3.exe 28 PID 2908 wrote to memory of 2872 2908 863fb63c46c2124e5f6a67fdd09badd3.exe 28 PID 2908 wrote to memory of 2872 2908 863fb63c46c2124e5f6a67fdd09badd3.exe 28 PID 2908 wrote to memory of 2872 2908 863fb63c46c2124e5f6a67fdd09badd3.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\863fb63c46c2124e5f6a67fdd09badd3.exe"C:\Users\Admin\AppData\Local\Temp\863fb63c46c2124e5f6a67fdd09badd3.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\bugMAKER.bat2⤵PID:2872
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76B
MD5f2a8fb510fd01b913f53d72c8f9b5ace
SHA19753f1b74c28d1fcab670242050363aeb923bc8a
SHA2567e40973f5ac78484bf7932da37811a1ed8197fa4d81bcd6e2830bbbb304954a5
SHA512ba72db94d6f2cc44929ddf2a1d26836f102b24fc9f8480d28c7a73e6243ee562c1f12fea9e403243dea50a13ebb16dcf09da813d8fadf17099aca897fac6f51c