Overview

overview

7

Static

static

3

bcf6508c93...d6.exe

windows7-x64

7

bcf6508c93...d6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 22:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bcf6508c93525f64982e3b4437d8bed6.exe

  • Size

    905KB

  • MD5

    bcf6508c93525f64982e3b4437d8bed6

  • SHA1

    96911ba19e384017c768cdf0c586766db9bdd499

  • SHA256

    0d58093371dc0f15289d6151a8b81d091c3e77a9b1083bf90a5c37b98fa785b3

  • SHA512

    ff8c295027119fe101fb00b7bcb149bc725db627af480960f4e2cce5c2b3cda032f7b7858fe854a778c1923fb457b51f28fbcf9cbabdc4e43407cd68339eab0f

  • SSDEEP

    12288:+Plb6kw59HI6FALCEvvBzPUum23oCSIv8SVc0uElXAZC/GS6:+9Gb9HI9LPBs+3oCSIv+ElQYuS6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bcf6508c93525f64982e3b4437d8bed6.exe
    "C:\Users\Admin\AppData\Local\Temp\bcf6508c93525f64982e3b4437d8bed6.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4852
    • C:\Windows\SysWOW64\RAVMOND.EXE
      C:\Windows\system32\RAVMOND.EXE -Service
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:224

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\RAVMOND.EXE
          Filesize

          905KB

          MD5

          bcf6508c93525f64982e3b4437d8bed6

          SHA1

          96911ba19e384017c768cdf0c586766db9bdd499

          SHA256

          0d58093371dc0f15289d6151a8b81d091c3e77a9b1083bf90a5c37b98fa785b3

          SHA512

          ff8c295027119fe101fb00b7bcb149bc725db627af480960f4e2cce5c2b3cda032f7b7858fe854a778c1923fb457b51f28fbcf9cbabdc4e43407cd68339eab0f

          Download Submit

        • memory/224-6-0x0000000000B50000-0x0000000000B51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/224-7-0x0000000000400000-0x00000000004EA000-memory.dmp

          Filesize

          936KB

          Download

        • memory/4852-0-0x00000000009C0000-0x00000000009C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4852-8-0x0000000000400000-0x00000000004EA000-memory.dmp

          Filesize

          936KB

          Download