Overview

overview

7

Static

static

3

bbd96b1a14...c5.exe

windows7-x64

7

bbd96b1a14...c5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2024 12:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bbd96b1a1421f61d644ac48ccfe6edc5.exe

  • Size

    704KB

  • MD5

    bbd96b1a1421f61d644ac48ccfe6edc5

  • SHA1

    3842cc6ff6d64bfe16a2256fb651286d4e5430e7

  • SHA256

    dd955a271bbbfab55626c30f4a6e75205ed2018a342109bfaf7a744e135e2912

  • SHA512

    45c56da8714eebb8c8a5bdea13d862db0ec12ae1e28ae9dbcf9ab5904da8ac11bebf82bf182c5f373673572b0c5fbc8f463a429a4ed97495500512634fb103b1

  • SSDEEP

    12288:r88ZOYDB2enPyfmYXWXP+V/tv27bRVUMwA6+p2y8t+hO0cknVTNO2+Kn3P:l7DkckmBMu3EyCObOy

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bbd96b1a1421f61d644ac48ccfe6edc5.exe
    "C:\Users\Admin\AppData\Local\Temp\bbd96b1a1421f61d644ac48ccfe6edc5.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\UNINSTAL.BAT
      2⤵
      • Deletes itself
      PID:2704
  • C:\Windows\Hacker.com.cn.exe
    C:\Windows\Hacker.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:3068

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Hacker.com.cn.exe
      Filesize

      704KB

      MD5

      bbd96b1a1421f61d644ac48ccfe6edc5

      SHA1

      3842cc6ff6d64bfe16a2256fb651286d4e5430e7

      SHA256

      dd955a271bbbfab55626c30f4a6e75205ed2018a342109bfaf7a744e135e2912

      SHA512

      45c56da8714eebb8c8a5bdea13d862db0ec12ae1e28ae9dbcf9ab5904da8ac11bebf82bf182c5f373673572b0c5fbc8f463a429a4ed97495500512634fb103b1

      Download Submit

    • C:\Windows\UNINSTAL.BAT
      Filesize

      186B

      MD5

      b500fc0b48001ff4968cca8c728eea0a

      SHA1

      a83e7a5778351c3ba01bbd42eb3b5b2ee280b662

      SHA256

      38d5bafd337663f1b70c8f5c6491b274f0ba38590a711b720a18db27a8039cae

      SHA512

      2920617d15d7d4243e895cd60da752fe376b17e28813f701daf8058601780eb545241365baf0554aee0da96bc9e50ec18150f0f37876c005b8f768fce418c8e4

      Download Submit

    • memory/1272-5-0x00000000003D0000-0x00000000003D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1272-16-0x0000000000400000-0x00000000004C3200-memory.dmp

      Filesize

      780KB

      Download

    • memory/1272-18-0x00000000003D0000-0x00000000003D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2184-0-0x0000000000400000-0x00000000004C3200-memory.dmp

      Filesize

      780KB

      Download

    • memory/2184-1-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2184-14-0x0000000000400000-0x00000000004C3200-memory.dmp

      Filesize

      780KB

      Download