Overview

overview

7

Static

static

3

bd6908dc63...ba.exe

windows7-x64

6

bd6908dc63...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 02:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bd6908dc636e7d048eabaaf21ef57dba.exe

  • Size

    187KB

  • MD5

    bd6908dc636e7d048eabaaf21ef57dba

  • SHA1

    ef8ee85944ff54a63b8dd71df9c3c2accf3a75ac

  • SHA256

    1cf2095c7aac00a8c12d1aefa5f078ee2c3b443cf212104c382b5d237da38cfd

  • SHA512

    4f90b053c0173e490c05495cb26d5b786ac247ae125cc8241d4cb3cc3ffc6658b3ddbc0a5beb43da47925d93d126026baf503b2e2c46dbcbfa10e3b4a5ed6d50

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8dh1C:o68i3odBiTl2+TCU/s1C

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd6908dc636e7d048eabaaf21ef57dba.exe
    "C:\Users\Admin\AppData\Local\Temp\bd6908dc636e7d048eabaaf21ef57dba.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2724

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            c1520cc5011862638f8c7dabfb51e0b6

            SHA1

            02a7b6fcbdc69b2ececa5d7bb0ba42a399da6a29

            SHA256

            7aa1b37bcc3a50534b01708dc29a20fd52e3a040f22aa00b0f2dead2b83056e6

            SHA512

            e30fa4b194e1f19378a0258958757802cb2d48bfbb707220bd57d456c8d2682098bd7d4654c71f2eb2968d8c11a2ac002e4f62f16ccf2ca8476765ebe420b50a

            Download Submit

          • memory/2056-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/2724-62-0x0000000002460000-0x0000000002461000-memory.dmp

            Filesize

            4KB

            Download