Overview

overview

7

Static

static

3

bd1930135c...1b.exe

windows7-x64

7

bd1930135c...1b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-03-2024 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd1930135c32b584766495dbe5a1921b.exe

  • Size

    907KB

  • MD5

    bd1930135c32b584766495dbe5a1921b

  • SHA1

    42f3bef4cf4b625935f743100620a5df688870f1

  • SHA256

    b19d65d1442611947f8ba924fc275f67a073ea2e5729a7b4509a2cdc791d4c85

  • SHA512

    da15b1b9169a703cbbe1306517846dd858a4c34022738edc70c3daf984b4570f7438c306c6651bccc1d6789f3f3b6673f25e66a8bb7573a37323f7e6048f9ca5

  • SSDEEP

    12288:X4o2KdclDjZrpFKaQ43keYi6n2dOXNityIAgK5GyjVDa/ZS1:oo2Q+vZrOaQykrinVLwa/ZS1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd1930135c32b584766495dbe5a1921b.exe
    "C:\Users\Admin\AppData\Local\Temp\bd1930135c32b584766495dbe5a1921b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\bd1930135c32b584766495dbe5a1921b.exe
      C:\Users\Admin\AppData\Local\Temp\bd1930135c32b584766495dbe5a1921b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4548
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3612

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\bd1930135c32b584766495dbe5a1921b.exe
      Filesize

      512KB

      MD5

      a347b401b40a019f936cb01d2d463223

      SHA1

      a316f0dc3be9364133488d16249172eafb801396

      SHA256

      601577536785dd6d697a7fbe371da0bb8ad1be3de56e4b4a246f3f641161dfd3

      SHA512

      d05aebaa1c2958dd5805221bb0c99a51d7f08ef07ec759b3dc713ca1e6d39e610765de982abadd6f8b6545238766210fb8f0bd179ef1bd00daa88bd70ff6385d

      Download Submit

    • memory/1712-0-0x0000000000400000-0x00000000004E8000-memory.dmp

      Filesize

      928KB

      Download

    • memory/1712-1-0x0000000001860000-0x0000000001948000-memory.dmp

      Filesize

      928KB

      Download

    • memory/1712-2-0x0000000000400000-0x00000000004BB000-memory.dmp

      Filesize

      748KB

      Download

    • memory/1712-11-0x0000000000400000-0x00000000004BB000-memory.dmp

      Filesize

      748KB

      Download

    • memory/4548-13-0x0000000000400000-0x00000000004E8000-memory.dmp

      Filesize

      928KB

      Download

    • memory/4548-15-0x00000000016A0000-0x0000000001788000-memory.dmp

      Filesize

      928KB

      Download

    • memory/4548-20-0x0000000001790000-0x000000000184B000-memory.dmp

      Filesize

      748KB

      Download

    • memory/4548-21-0x0000000000400000-0x0000000000498000-memory.dmp

      Filesize

      608KB

      Download

    • memory/4548-30-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/4548-32-0x000000000B800000-0x000000000B898000-memory.dmp

      Filesize

      608KB

      Download