Overview

overview

7

Static

static

3

9bdc63610f...3e.exe

windows7-x64

7

9bdc63610f...3e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14-02-2024 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9bdc63610f3db082f4a4ef142922153e.exe

  • Size

    94KB

  • MD5

    9bdc63610f3db082f4a4ef142922153e

  • SHA1

    03e9260a13ebdf142e9eb0bbca6283a202c469a1

  • SHA256

    a4f33b2ddd3cab475934cbbb3ec93c202eb0410219b745f6245d0a8b65d53b1f

  • SHA512

    e57cb5c48929d5d17060de5a2be52c420927106497a6e1b179285ac89363985e93912031a3f567991a63f9a14b7d74ecd89cae11e1b07136a99e28a6ca026038

  • SSDEEP

    1536:pi3w2dCqIAGzLqr3hd9Dt6pNz0XP3XStNLnpfkn4VeaFIy:Yw2vjkLqD76pNz0/8NDasdFIy

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9bdc63610f3db082f4a4ef142922153e.exe
    "C:\Users\Admin\AppData\Local\Temp\9bdc63610f3db082f4a4ef142922153e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:928
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Vxb..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Vxb..bat
    Filesize

    210B

    MD5

    3af19fda4abfe9f1d5b85e1fea6b0938

    SHA1

    4ab3bac748d2186d6b90034dc0067022103fbfb1

    SHA256

    338d5cef462609a420aac8a4164fa57afee19136afe2562939c5baa18eb0764f

    SHA512

    32e7e0569ac3ba30eaa6ef96fff7c6c7a7c337fc14b0b13b361b127560d82ff0773ab18051d7e5824aa8176724283501c7ba14fa657d1f91909efb3ffdefbd4d

    Download Submit

  • memory/928-0-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/928-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/928-2-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/928-4-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download