Overview

overview

7

Static

static

3

BluetoothC...56.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14/02/2024, 01:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    BluetoothCLTools-1.2.0.56.exe

  • Size

    3.2MB

  • MD5

    6c3e357ce2da314dbd00e058f949003a

  • SHA1

    6f065511080e471152298e4e29f65f745854be61

  • SHA256

    a110c457e26a42debb5008038190a5f4a1c8ddeb828b8cd4676fb28eeddfc075

  • SHA512

    f9061d8daf07f000ae81c75d009a63dc960998082e2a5d8652423fe1379be43e052dd661a8c0669792145dcec3993996b2820ed9cb83804256089573ebff3d50

  • SSDEEP

    98304:mg/LSZyY3oEAyt/vgIThsv8QjAUDYKnOV:3OZh3oEAkQIiA0nU

Score
7/10
discovery

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BluetoothCLTools-1.2.0.56.exe
    "C:\Users\Admin\AppData\Local\Temp\BluetoothCLTools-1.2.0.56.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3884
    • C:\Users\Admin\AppData\Local\Temp\is-I6FVJ.tmp\BluetoothCLTools-1.2.0.56.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-I6FVJ.tmp\BluetoothCLTools-1.2.0.56.tmp" /SL5="$E01E2,2934297,140800,C:\Users\Admin\AppData\Local\Temp\BluetoothCLTools-1.2.0.56.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Program Files (x86)\Bluetooth Command Line Tools\bin\btinfo.exe
        "C:\Program Files (x86)\Bluetooth Command Line Tools\bin\btinfo.exe" /reg
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3648
        • C:\Program Files (x86)\Bluetooth Command Line Tools\bin\btinfo.exe
          "C:\Program Files (x86)\Bluetooth Command Line Tools\bin\btinfo.exe" /reg
          4⤵
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          PID:2668
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Bluetooth Command Line Tools\readme.txt
        3⤵
          PID:4832

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Bluetooth Command Line Tools\bin\btinfo.exe
            Filesize

            1.6MB

            MD5

            b5b591aab96f87c9f8451d80ac61a84f

            SHA1

            76c174fb5075bcc50898da63eaed2dcc2708ebb4

            SHA256

            20f260920dc086d48fde40bcb7f1c388ef91bcea25d4f4ee2fd2403777e1dc82

            SHA512

            25730264fbe38d4cc6a1cd2b5cb973fa94233fb31b98e3383e3fbbc038f13b07c516eb35323b561f996e728d7649126887571e4b90184eefd7bba9b065cf2456

            Download Submit

          • C:\Program Files (x86)\Bluetooth Command Line Tools\readme.txt
            Filesize

            9KB

            MD5

            0316a6b79241e133be89487fa2cb6268

            SHA1

            d14238f64e58229320bde469e24bb7b87eab3f51

            SHA256

            85e3aaefe698554eefafa0b7265262aa50cdb9eafd6592b3eaac17a6165383d4

            SHA512

            72df3a469b8b0a6c52df8cf657fa20f3071e67711b84c7ae853a5350c63636158d5de4a835ddabbf1479c2ff7c29f330975a2c6143e81c41b889a8e7578a8fdb

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-I6FVJ.tmp\BluetoothCLTools-1.2.0.56.tmp
            Filesize

            1.1MB

            MD5

            7f1cdab54cea42548c6e8f457645b32a

            SHA1

            3d9521c8ee40642e4d6b17c09bdfcfe0cfc41a91

            SHA256

            dc14fd3054ee69fe1cc12ba6ee7f16e57b023f4e5be27e945ce1a4fa61612959

            SHA512

            a11fcbdf78e7672f8b59c3c24e84022a572cf8f38e5d1f5abe608ca070b4052a6e7a7b3e2f50fc8e91fea25dbb9f84ae09f880ec609e7c003effc51fb0abe558

            Download Submit

          • memory/2360-92-0x0000000000400000-0x0000000000538000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2360-6-0x00000000005A0000-0x00000000005A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2360-12-0x0000000000400000-0x0000000000538000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2360-14-0x0000000000400000-0x0000000000538000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2360-58-0x00000000005A0000-0x00000000005A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2668-74-0x00000000023A0000-0x00000000024A6000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2668-77-0x0000000000400000-0x0000000000721000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/2668-63-0x00000000023A0000-0x00000000024A6000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2668-69-0x00000000023A0000-0x00000000024A6000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2668-71-0x00000000023A0000-0x00000000024A6000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2668-72-0x00000000023A0000-0x00000000024A6000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2668-85-0x0000000000400000-0x0000000000721000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/2668-75-0x0000000000400000-0x0000000000721000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/2668-76-0x0000000000400000-0x0000000000721000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/2668-62-0x0000000000400000-0x0000000000721000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/2668-78-0x0000000003290000-0x00000000032AB000-memory.dmp

            Filesize

            108KB

            Download

          • memory/2668-79-0x0000000000400000-0x0000000000721000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/2668-81-0x0000000000400000-0x0000000000721000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/2668-82-0x00000000023A0000-0x00000000024A6000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2668-83-0x00000000023A0000-0x00000000024A6000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3648-84-0x0000000000400000-0x0000000000721000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/3648-59-0x0000000000400000-0x0000000000721000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/3884-0-0x0000000000400000-0x000000000042F000-memory.dmp

            Filesize

            188KB

            Download

          • memory/3884-93-0x0000000000400000-0x000000000042F000-memory.dmp

            Filesize

            188KB

            Download

          • memory/3884-11-0x0000000000400000-0x000000000042F000-memory.dmp

            Filesize

            188KB

            Download