bruteratel | 16ed373a67ed1473782609e239f38dfa0091e26b7e0ab8955f48e297292045ba

Analysis

max time kernel
143s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/02/2024, 23:25

Target

SecuriteInfo.com.BackDoor.Infector.133.5393.dll
Size

3.3MB
MD5

8c071ef15f7a8cc32ec523046cfbb9ab
SHA1

89b3691a5eed06c359ff50b82f29dcdb0477098f
SHA256

16ed373a67ed1473782609e239f38dfa0091e26b7e0ab8955f48e297292045ba
SHA512

0afc7964790990ae6fbfd9edc8a588e95c509f8b24bc87bea0c4885621e84b947c9283386c385af5296fbb6d46babeadd5d70ad32208d65bec9721009fab3d7f
SSDEEP

24576:Wv7+lYPuTWvuQ2hulNdEabYHQLNWiqHyt6Gy1/6+b:vQQnneuwRegypJb

Score

10^/10

Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
backdoor bruteratel

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2020	1772	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1772	2068	rundll32.exe	28
PID 2068 wrote to memory of 1772	2068	rundll32.exe	28
PID 2068 wrote to memory of 1772	2068	rundll32.exe	28
PID 2068 wrote to memory of 1772	2068	rundll32.exe	28
PID 2068 wrote to memory of 1772	2068	rundll32.exe	28
PID 2068 wrote to memory of 1772	2068	rundll32.exe	28
PID 2068 wrote to memory of 1772	2068	rundll32.exe	28
PID 1772 wrote to memory of 2020	1772	rundll32.exe	29
PID 1772 wrote to memory of 2020	1772	rundll32.exe	29
PID 1772 wrote to memory of 2020	1772	rundll32.exe	29
PID 1772 wrote to memory of 2020	1772	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Infector.133.5393.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Infector.133.5393.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 272
    3⤵
    - Program crash
    PID:2020

memory/1772-0-0x0000000000B20000-0x0000000000E31000-memory.dmp

Filesize
3.1MB

Download
memory/1772-1-0x0000000000B20000-0x0000000000E31000-memory.dmp

Filesize
3.1MB

Download