Overview

overview

7

Static

static

3

a0f1ad98cd...b1.exe

windows7-x64

6

a0f1ad98cd...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 04:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0f1ad98cdf72dd5fc94d08b032e57b1.exe

  • Size

    211KB

  • MD5

    a0f1ad98cdf72dd5fc94d08b032e57b1

  • SHA1

    7e61795691e555fe9cf53bc6f045c939f9053589

  • SHA256

    76859c4aa070f788aaf1d9a363c29e5187e2d60130a7efa6e65bc3f722f03825

  • SHA512

    4bbe2648c7f6ad885be5a7e867c63da66410575919fb13c6da1669ae7bf33b59512cc3a85689533967249116b765267ea8ac2c1933599f4839b10fa3467fcd19

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8A7pjBFy11AC:o68i3odBiTl2+TCU/ixhuhuIb

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0f1ad98cdf72dd5fc94d08b032e57b1.exe
    "C:\Users\Admin\AppData\Local\Temp\a0f1ad98cdf72dd5fc94d08b032e57b1.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
      • Checks computer location settings
      PID:3220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\bugMAKER.bat
    Filesize

    76B

    MD5

    eba30ccf4eb45c87b0e0ff51fe7c599e

    SHA1

    d1e861ae77959032e292a57aa659f98651ed6e5e

    SHA256

    db50060ce7b3a04cf68c87469f79d7e2f1658d4d6323717da2f1de3f6e6f3e87

    SHA512

    464eaa3852d5820c02cee39915b2aa513aedb43ab012b665986c333ccb6d84af73ebdf00d2fe32e7a535b3436c11277fc7109594d10c2d678e5c6b352c08db22

    Download Submit

  • memory/4052-24-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download