7bf782da37a9be84143e98708ce454bc9a4e5fba419ea37bb389148fb65ab439

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd1aba56509d9794f1890bc856bfb108.exe
Size

117KB
MD5

bd1aba56509d9794f1890bc856bfb108
SHA1

425eb2d5a2d0911c8593cf4fd567f5ab6678f9c6
SHA256

7bf782da37a9be84143e98708ce454bc9a4e5fba419ea37bb389148fb65ab439
SHA512

e2ca43819a0051ef2b101363025d39cdcea1ce8c5179e6ce7cfa5569f4d23e8f72a642da64849670152d81cc3303af7ab5937f2d9bfbc09b264c3ab825c3e830
SSDEEP

3072:nitZk16XnyVhtVpjS1CEfeBpJiPFiFi7pC:niBXny7ZTB4iFP

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2876	bd1aba56509d9794f1890bc856bfb108.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Debug\29124D4AA81F.dll	bd1aba56509d9794f1890bc856bfb108.exe
File opened for modification	C:\Windows\Debug\29124D4AA81F.dll	bd1aba56509d9794f1890bc856bfb108.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083A5F21-BCB9-4B21-A121-2584BEEFBFEF}\InProcServer32\ = "C:\\Windows\\Debug\\29124D4AA81F.dll"	bd1aba56509d9794f1890bc856bfb108.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083A5F21-BCB9-4B21-A121-2584BEEFBFEF}\InProcServer32\ThrEaDiNgModEL = "aPaRTmEnT"	bd1aba56509d9794f1890bc856bfb108.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083A5F21-BCB9-4B21-A121-2584BEEFBFEF}	bd1aba56509d9794f1890bc856bfb108.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083A5F21-BCB9-4B21-A121-2584BEEFBFEF}\ = "ursfd"	bd1aba56509d9794f1890bc856bfb108.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083A5F21-BCB9-4B21-A121-2584BEEFBFEF}\InProcServer32	bd1aba56509d9794f1890bc856bfb108.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2876	bd1aba56509d9794f1890bc856bfb108.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 1884	2876	bd1aba56509d9794f1890bc856bfb108.exe	28
PID 2876 wrote to memory of 1884	2876	bd1aba56509d9794f1890bc856bfb108.exe	28
PID 2876 wrote to memory of 1884	2876	bd1aba56509d9794f1890bc856bfb108.exe	28
PID 2876 wrote to memory of 1884	2876	bd1aba56509d9794f1890bc856bfb108.exe	28
PID 2876 wrote to memory of 2104	2876	bd1aba56509d9794f1890bc856bfb108.exe	30
PID 2876 wrote to memory of 2104	2876	bd1aba56509d9794f1890bc856bfb108.exe	30
PID 2876 wrote to memory of 2104	2876	bd1aba56509d9794f1890bc856bfb108.exe	30
PID 2876 wrote to memory of 2104	2876	bd1aba56509d9794f1890bc856bfb108.exe	30

C:\Users\Admin\AppData\Local\Temp\bd1aba56509d9794f1890bc856bfb108.exe
"C:\Users\Admin\AppData\Local\Temp\bd1aba56509d9794f1890bc856bfb108.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\cmd.exe
  cmd /c 2.bat
  2⤵
  PID:1884
- C:\Windows\SysWOW64\cmd.exe
  cmd /c 2.bat
  2⤵
  PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
47B

MD5
5c1536be124bd0576c2edc0cb4672181

SHA1
7c753e2e06d10b9c601aaa67f4f8e9318b5d013e

SHA256
3555745f02782dce72274c490aa782f1f64668ea6f0a799bae32649426b27d8c

SHA512
7a8fc70a2731f9ba37786dfeace61abaeb45021457dae0e874c2d8c2a7210b344f64799eb0668ad38cdb4af8a4589fd1edf959cdae3f53a85c0bab100dbbb28b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
89B

MD5
a68dac05ba13b3b2423646b782d9a3ca

SHA1
5bc5372b14ff5ec35a2ff7f6376fdfa83413ef50

SHA256
ece25cc10a1bd2f31eff3b1c001284a3788c3d422c681e8387d562fa17eef5b1

SHA512
d6d9f41c5a61903cf91f9b22af9947841aa7e50739fbb4cdf294d3bb1660b5b76caa5da8d7fa4a5fac56bea1626b34338f3acf2cbd5f6a086195ff2a20eb5c7d

Download Submit
\Windows\debug\29124D4AA81F.dll

Filesize
103KB

MD5
3e9bfcf6513a3569616b02314bc84c82

SHA1
2eb517320d7fb253b3b9471e72aa5816f8c1a799

SHA256
3b3e32fad3592320860e2f6da9d3a1abfb4aec709fad5ecb8df6ecc10ba5f695

SHA512
cc45678b9b6753f5c21c8dc3f4384bacdbf1db8856b2a23ac5bb78ed3799a8cfc866b7b17c1d9642782e30241a231f932e08462764c03419733a12b15aa3fe5a

Download Submit
memory/2876-8-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2876-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2876-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2876-24-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2876-25-0x0000000000270000-0x00000000002B8000-memory.dmp

Filesize
288KB

Download