Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 23:24

General

  • Target

    MicrosoftWindowsServicesEtc/RuntimeChecker.exe

  • Size

    58KB

  • MD5

    cd58990b1b7f6c68f56244c41ab91665

  • SHA1

    7ccca9958d6aebbe3883b55f115b041b827bd2e7

  • SHA256

    51f59e877a1c2a1c2760c677def7395ef2868c2ee3e56ffdc3ace570afa50428

  • SHA512

    011bdd417ec3bf72daa2b32d3816b696be8b87423740dc2a0182e23515651deeb870a94f3415a73480145f9f5e36c1a3a492410b77ca95d7fab8b9826e9198cc

  • SSDEEP

    768:HfiNar/0i5A9lquoNvU4n7oDBXhVa+3Y/v2pPLo6Gyfu7q3YKdX3jj60dhfp0nQB:8IxKWLvFn43bovQtu7qo43jjRDf4e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MicrosoftWindowsServicesEtc\RuntimeChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\MicrosoftWindowsServicesEtc\RuntimeChecker.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\system32\wscript.exe
      "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\83D0.tmp\83D1.vbs
      2⤵
        PID:2280

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\83D0.tmp\83D1.vbs

      Filesize

      440B

      MD5

      fe44b78a465853c0ac0744c6ab05ea40

      SHA1

      f32dacd91b9547fce9a8a2846a4e17c33295aab3

      SHA256

      989d947c51c878bcefecb53d867a3c182c2d67129a87a5f6773eb6ef2bbf9b2e

      SHA512

      6b945e16786833c2e2e9867315b8859c413687fc72d4c8576b9c0a1aed2dc65249468317dd49f2ecf777e27c9969b7a7abc72b4d9b7c182dc7999051377515db