Overview

overview

5

Static

static

3

bac6ed4a64...58.exe

windows7-x64

5

bac6ed4a64...58.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bac6ed4a640dd9fa0e9a38eedb88af58.exe

  • Size

    112KB

  • MD5

    bac6ed4a640dd9fa0e9a38eedb88af58

  • SHA1

    d347b23a7ba171935778fb3e0aca8ee8063188d8

  • SHA256

    03696e5b5aa92d072673a4cb498b3c7822e12dc3f51fcf51ab88b70987acb83d

  • SHA512

    4ce7fa762d866467d6b18a1cfe4a633f02306c5bd073d82831ce7813059bcf13235dc794abb4f6e84294792bf1276075686898c9de822f3304dd524955564246

  • SSDEEP

    1536:Q9pkyHaNR+L8I6+cQBVp0tUzTyBCDMyAgihx:Q9GqoA62Pp0tUvyIiD

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 10 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious behavior: RenamesItself 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\bac6ed4a640dd9fa0e9a38eedb88af58.exe
    "C:\Users\Admin\AppData\Local\Temp\bac6ed4a640dd9fa0e9a38eedb88af58.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\delete_me.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Windows\SysWOW64\attrib.exe
        attrib -h -s -r -a C:\Windows\system32\delete_me.bat
        3⤵
        • Drops file in System32 directory
        • Views/modifies file attributes
        PID:2540
  • C:\Windows\SysWOW64\Honey\HoneyMain.exe
    C:\Windows\SysWOW64\Honey\HoneyMain.exe
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:2244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\delete_me.bat
    Filesize

    130B

    MD5

    0bccaf7d76064ea39eb952bed77b38bb

    SHA1

    fac7a76fec8767f1d32ca87a6c7be577e9e03356

    SHA256

    771125d1852e75c34e6a5870f65f3244871f01f6e8ad9bd47fdcf2fb58784d6e

    SHA512

    a023734c21178847a1dc61798b99a210328bc30a900e5edf69577324604b358d7883b5942401279fc861b17e9a7f279e9ed0ab7bb3392a0ab1ec2508f6424d1c

    Download Submit