Analysis
-
max time kernel
95s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09-03-2024 16:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bc3adfdcd9261b451793f290467792ca.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
bc3adfdcd9261b451793f290467792ca.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
bc3adfdcd9261b451793f290467792ca.exe
-
Size
9.1MB
-
MD5
bc3adfdcd9261b451793f290467792ca
-
SHA1
71aacf9a6498d5005ae6513118ad1d4a63881d2c
-
SHA256
0e2b2098b06a710ab4adf9bea3127ac89b6d8a91667a0e2e8e397d05e070ca10
-
SHA512
ea8f9125a30e6c41f654f3f6714aa7aba9f3733cb7899fc1e39ec26f136c54e57423fdf9de18bec0da6cd6e3334c7fd28dd695304d2dacaf96022ad09e104aa7
-
SSDEEP
49152:HvF1dg92xhKPgssSt2gTdJpBDyNkNEE3GvdbU4v/nWJiBxNTRiE5LyUcNjlRh5QR:HtTgyhv7StfWZpcHG1psyf4VHIqa
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1756 bc3adfdcd9261b451793f290467792ca.viv -
Loads dropped DLL 1 IoCs
pid Process 2220 bc3adfdcd9261b451793f290467792ca.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\7-Zip\7zG.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\javah.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jdb.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\7-Zip\Uninstall.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\java.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\7-Zip\7zG.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaws.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\idlj.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\apt.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\jar.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javap.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\7-Zip\7zFM.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jar.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\7-Zip\Uninstall.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\javac.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\java.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javac.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javah.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaw.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jconsole.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\apt.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\extcheck.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\7-Zip\7z.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.viv bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javadoc.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\7-Zip\7zFM.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Google\Chrome\Application\chrome.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.exe bc3adfdcd9261b451793f290467792ca.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.viv bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\javap.exe bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE bc3adfdcd9261b451793f290467792ca.exe File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe bc3adfdcd9261b451793f290467792ca.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2220 wrote to memory of 1756 2220 bc3adfdcd9261b451793f290467792ca.exe 28 PID 2220 wrote to memory of 1756 2220 bc3adfdcd9261b451793f290467792ca.exe 28 PID 2220 wrote to memory of 1756 2220 bc3adfdcd9261b451793f290467792ca.exe 28 PID 2220 wrote to memory of 1756 2220 bc3adfdcd9261b451793f290467792ca.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc3adfdcd9261b451793f290467792ca.exe"C:\Users\Admin\AppData\Local\Temp\bc3adfdcd9261b451793f290467792ca.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Users\Admin\AppData\Local\Temp\bc3adfdcd9261b451793f290467792ca.vivC:\Users\Admin\AppData\Local\Temp\bc3adfdcd9261b451793f290467792ca.viv2⤵
- Executes dropped EXE
PID:1756
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.7MB
MD50810b5ec61fb1949a9e9103f8f0c5521
SHA15bf654bddade112fde8238a8bfbb17b7cbf05b23
SHA2565d52d070f6eb74a70a724129d5ac90ebb3ccae79462a5ad897665ebdf10f75f5
SHA512d5786c4d0813ef12659e63dee0fd382cc346100b0399b989e3b8abce45ac0c6d477d8930696c8813703f6e3ec1c5ffa13de8d96dbba8b0f00f69e1d9194f545b
-
Filesize
7.6MB
MD5b6da48505c3fddcbddfec8f0cc1830cb
SHA1d55c89cecf7ce9d4c7fc416af6d5fc655710ec1e
SHA256be685ee95108ec5b21c7fbfa327adbe1e00ec1f32030a83bc1b1610539741064
SHA512da1eae53c2cc9dfdd889bbadd7f7492caaa39d79dabc49677bb320ed4005ed7362427cb75d53560d8db12e5a2204267e13ce81e62e4e0d1b2ec8e843755a6458