Overview

overview

6

Static

static

3

8e5d1564c7...bc.exe

windows7-x64

6

8e5d1564c7...bc.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 05:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8e5d1564c74b663a088a14a43534cfbc.exe

  • Size

    192KB

  • MD5

    8e5d1564c74b663a088a14a43534cfbc

  • SHA1

    9aa5753c9ee2846bfa2818704eff6fd8b258fad8

  • SHA256

    e8f0117d7e6bac61214111d08bb871dac0c3837f0b1a2b77e7279e27259ba809

  • SHA512

    021babdfe9024b9e039193de94365318486bf5efb0eed403db97626afdbe5c666f154d53ad01d99febb355d407d8308d5ccf49695d2ef1931215566eda781920

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8xkgnYZ:o68i3odBiTl2+TCU/ek8A

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e5d1564c74b663a088a14a43534cfbc.exe
    "C:\Users\Admin\AppData\Local\Temp\8e5d1564c74b663a088a14a43534cfbc.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:736

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            7ca238788b322e348478a3ef6f653850

            SHA1

            1fbd1767b0f5ff3e89ba9dde4df897e3c062f48b

            SHA256

            e2ffb507cf9605adc4f70fb561922d6a5b5c529f5cc8978650359860f91f4c69

            SHA512

            bbdab1f09b9003359602c956e73e4d9908152194b1701ba618644eb8d78d58a7211eaf48fa1bc6b221b3d915bf04a712bb395e45995d45be4b19f6b843b6dbe7

            Download Submit

          • memory/736-62-0x00000000029E0000-0x00000000029E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1384-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download