4bbb6021ab01478496202bc0cfb7527b068a621093a823c8d02e696da8b6decb

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PROGRAM_FILES_COMMON/Borland Shared/BDE/bdeadmin.exe
Size

966KB
MD5

b6f1e5456e5abb59dd9c37bab5f19139
SHA1

83a7d9bd80092fa489ff1a2745c24876af6ed70f
SHA256

7e0d3ed23e5340dc165bd4cb34712a270c2fef23acc80008f04aa6f38a3b9ee2
SHA512

7dca7375ab911a281c5773e2492ffd33541def091aedf8ce5beff9591f46533a81972d5df2e582b7be1037abc19067c234efb9833c00ddb3a8d519b0564c03c0
SSDEEP

24576:IEpzrmUHJ56zIgKDuENxM/jTRBpw7d3DR6vWl:NzCUYfa7dTf

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	bdeadmin.exe
File opened (read-only)	\??\A:	bdeadmin.exe

C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES_COMMON\Borland Shared\BDE\bdeadmin.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES_COMMON\Borland Shared\BDE\bdeadmin.exe"
1⤵
- Enumerates connected drives
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2348-0-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2348-1-0x000000004BDE0000-0x000000004BE7A000-memory.dmp

Filesize
616KB

Download
memory/2348-2-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/2348-3-0x000000004BDE0000-0x000000004BE7A000-memory.dmp

Filesize
616KB

Download
memory/2348-4-0x000000004C9E0000-0x000000004CA04000-memory.dmp

Filesize
144KB

Download
memory/2348-5-0x000000004E8E0000-0x000000004E900000-memory.dmp

Filesize
128KB

Download
memory/2348-10-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download