Analysis
-
max time kernel
16s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24/02/2024, 16:47
General
-
Target
BluetoothCLTools-1.2.0.56.exe
-
Size
3.2MB
-
MD5
6c3e357ce2da314dbd00e058f949003a
-
SHA1
6f065511080e471152298e4e29f65f745854be61
-
SHA256
a110c457e26a42debb5008038190a5f4a1c8ddeb828b8cd4676fb28eeddfc075
-
SHA512
f9061d8daf07f000ae81c75d009a63dc960998082e2a5d8652423fe1379be43e052dd661a8c0669792145dcec3993996b2820ed9cb83804256089573ebff3d50
-
SSDEEP
98304:mg/LSZyY3oEAyt/vgIThsv8QjAUDYKnOV:3OZh3oEAkQIiA0nU
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 6 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 18 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 23 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\is-0C6ID.tmp\BluetoothCLTools-1.2.0.56.tmp"C:\Users\Admin\AppData\Local\Temp\is-0C6ID.tmp\BluetoothCLTools-1.2.0.56.tmp" /SL5="$70120,2934297,140800,C:\Users\Admin\AppData\Local\Temp\BluetoothCLTools-1.2.0.56.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Bluetooth Command Line Tools\bin\btinfo.exe"C:\Program Files (x86)\Bluetooth Command Line Tools\bin\btinfo.exe" /reg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Bluetooth Command Line Tools\bin\btinfo.exe"C:\Program Files (x86)\Bluetooth Command Line Tools\bin\btinfo.exe" /reg3⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\BluetoothCLTools-1.2.0.56.exe"C:\Users\Admin\AppData\Local\Temp\BluetoothCLTools-1.2.0.56.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD55a25451d3154f66c95c7ba614390caf1
SHA1281824f94057efd1635de268c435fbb95521ccd6
SHA256573b7eb00e5e995b459c68c49d944c04381f9f37726e93b69e9f7b06250fb074
SHA51256909fadec730259109341be37c4f32ca67a072d4c21f32c6296cee560a8c49ac8ccd15d1b5a48135151073bb50369fd4791e6857a416ac89ad9c4a3f1addd56
-
Filesize
367KB
MD59430493caeeb6898708a68b3aba764d4
SHA122785ef7e3593de1e2f8e5d2eecc9d49aaf850b3
SHA256010cb7fe644a74fcde672a35125e92edbdb09de57538ba98f7490af0a52d6bab
SHA5120c9a79ade012fa736b22d20b107699ae8c87c03d4579f35e351efb8d2d8b55151a772435c5deabed1f59e8a06116f1c89b19512eec6709413d6b8575a827c956
-
Filesize
466KB
MD5a3173c7eef38ef0b5141b80250f51dd0
SHA1debc12cecbd3fbaaa1e5a17cc73bb5d9a1a92c0a
SHA25606d226efae04e41471b4bea24b51ec75b38e303479df0f8a81fba48108df864f
SHA512b8c40885616c0450150552fc234f4bcd3e4d7ad27eeba5f859b6448974e22a60e4e5526c7ebc222b6d9110b0ac8ddfea8c0f1be44ffeb148fdc980e27f844d6e
-
Filesize
421KB
MD58a3f186db100f757d258feca5c73cda5
SHA1890a9f2b61fa1fe0e33cc490967e9e560d33fd93
SHA2569c9217bebb161880ecb82319aaefa02e1878bc0b6abad972cb6a9541b9d2ed9e
SHA51255a5bc608b17cd6f0280b1cf6a7adc148d62f6ebc123b8158458c831cf96f9c53d8eab7f891cea46a84d3d1bd50494b6dc9532ea021baf1a613f807e7b4cbbb6
-
Filesize
1.1MB
MD57f1cdab54cea42548c6e8f457645b32a
SHA13d9521c8ee40642e4d6b17c09bdfcfe0cfc41a91
SHA256dc14fd3054ee69fe1cc12ba6ee7f16e57b023f4e5be27e945ce1a4fa61612959
SHA512a11fcbdf78e7672f8b59c3c24e84022a572cf8f38e5d1f5abe608ca070b4052a6e7a7b3e2f50fc8e91fea25dbb9f84ae09f880ec609e7c003effc51fb0abe558
-
Filesize
1.6MB
MD5b5b591aab96f87c9f8451d80ac61a84f
SHA176c174fb5075bcc50898da63eaed2dcc2708ebb4
SHA25620f260920dc086d48fde40bcb7f1c388ef91bcea25d4f4ee2fd2403777e1dc82
SHA51225730264fbe38d4cc6a1cd2b5cb973fa94233fb31b98e3383e3fbbc038f13b07c516eb35323b561f996e728d7649126887571e4b90184eefd7bba9b065cf2456
-
Filesize
531KB
MD5836f969b4c25b4f282f00dac351b6942
SHA1c2d0dbb1cc40404ce0699d67eb0308dfd53cf3c4
SHA25698ba4a05a2eba996bf47f19b3d9dc37df42a92418e7a720ef2ebbd711346de48
SHA512208c37bd63b2ec5d07e7f1ff7398e99d4a7dfe77f42132da7e20af18f0b41ce727fe4edd4a90a1f1b3c12cc9b8520d3721999f70e291f667d8cecc0126153b66
-
Filesize
1.1MB
MD53e84c3017cde2f711457a4f6c9fd3a54
SHA172d6536104fa906e7d81ab1e292b7e9c4b35533b
SHA25626f23bf97aa86a10c686be78ce5687caa852d7a7a95a0c2d8d006ece4b8f7f3c
SHA512f31a57140eef3a47894912b5b9299a3d5d11dabea31ac5f6305d616a64b400f2b3247c4c0c9d4477c3ed3ffd6fb5c13afe7949172b3bc3cdfc115d0c7e76f5f0
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
108KB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
1.0MB
-
Filesize
3.1MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
3.1MB
-
Filesize
1.0MB
-
Filesize
1.2MB
-
Filesize
3.1MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
4KB