4c97c78181b2a6c3ba076379acec6f4cc04b496e5222a9536c7d1b6f2320ddab

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-02-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad912a9e686af0321a00f01711bb061e.exe
Size

53KB
MD5

ad912a9e686af0321a00f01711bb061e
SHA1

e53ec53447f2b06982f319c449c7461f3077fe51
SHA256

4c97c78181b2a6c3ba076379acec6f4cc04b496e5222a9536c7d1b6f2320ddab
SHA512

ae35b9e887d891f6446b19f8e8256f6d8b37ba00e407b0b85ddf37ada4a39ccd45b531a1aa86177cbf292a17d97c977e5484829047a44cae237d5ec25e408e60
SSDEEP

1536:e5tXOofGfCi/6/RSyZU1LzYsmpcNVp8QyljO:StXBfVCUkEVpcH8QypO

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\braviax = "C:\\Windows\\system32\\braviax.exe"	ad912a9e686af0321a00f01711bb061e.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\braviax = "C:\\Windows\\system32\\braviax.exe"	ad912a9e686af0321a00f01711bb061e.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\braviax.exe	ad912a9e686af0321a00f01711bb061e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2128	1916	ad912a9e686af0321a00f01711bb061e.exe	28
PID 1916 wrote to memory of 2128	1916	ad912a9e686af0321a00f01711bb061e.exe	28
PID 1916 wrote to memory of 2128	1916	ad912a9e686af0321a00f01711bb061e.exe	28
PID 1916 wrote to memory of 2128	1916	ad912a9e686af0321a00f01711bb061e.exe	28

C:\Users\Admin\AppData\Local\Temp\ad912a9e686af0321a00f01711bb061e.exe
"C:\Users\Admin\AppData\Local\Temp\ad912a9e686af0321a00f01711bb061e.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat" "
  2⤵
  PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\delself.bat

Filesize
202B

MD5
e84fe2e60254fcb5606e210f97ac1bd8

SHA1
0c1cd8a5253e70e7366ffaebdef4fc2a6f68a68b

SHA256
e3a763e127f5b777c332a3f3ec43305ea00c173147facf33a09eaf9347ea1c76

SHA512
839e3341f5253ae98323acc80b46fb4059abe1f0444313ee2c0c7e2b669dab48522b14af9f7c4e2c1329e48715658b988b071df6a26abf8f3b1428d9bd645a1a

Download Submit
memory/1916-0-0x0000000000220000-0x000000000022D000-memory.dmp

Filesize
52KB

Download
memory/1916-11-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads