Overview

overview

7

Static

static

3

aa34574d2b...75.exe

windows7-x64

6

aa34574d2b...75.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-02-2024 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa34574d2b2f3e48aa0fde2a8357c575.exe

  • Size

    162KB

  • MD5

    aa34574d2b2f3e48aa0fde2a8357c575

  • SHA1

    e0c3feeb12ccc3428b2b0377941cef89261677d9

  • SHA256

    4ad95b71495954022a78f7afb993d08cc920b203b91c3769b9e3e00cca31bac8

  • SHA512

    71b6834e36759bd19cf269197c826e70c7bee383d110a840189f5a9db4d8b3a5203e30797829150ed07547e43d2b499f132a3362414cd0c5a769cbed7793e935

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8e:o68i3odBiTl2+TCU/R

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa34574d2b2f3e48aa0fde2a8357c575.exe
    "C:\Users\Admin\AppData\Local\Temp\aa34574d2b2f3e48aa0fde2a8357c575.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3076
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      PID:4728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\bugMAKER.bat
    Filesize

    76B

    MD5

    7a43061872866a782b04900c3387d906

    SHA1

    9c898288f4b8b63b8ccb9636283d09cf116d738f

    SHA256

    78caf7b3bf065f9c27542d22fc57409becc3788f06522a38761c9a6380658c7c

    SHA512

    f349932aca5e5dfd1556cc62e50e2898b57d9749d74910cbfe916798d7a4b237dcca6fc232a11041d0189732f707804634e565ca7a9b08ff863c10f6ca1a044c

    Download Submit

  • memory/3076-24-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download