Overview

overview

7

Static

static

3

beaf598a68...d4.exe

windows7-x64

7

beaf598a68...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 13:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    beaf598a685a1f7952711604a2b623d4.exe

  • Size

    362KB

  • MD5

    beaf598a685a1f7952711604a2b623d4

  • SHA1

    9dace68efd68131518a2e333886413fbd4b9872c

  • SHA256

    fe599de074ab1e5e9f89ad14923496845a871a6562942d46fe54ecfe934ab20e

  • SHA512

    5b3cb9973fce8ef3b54012d395e0a94823c62b0e0cb5a694d5a2abff11378e3dd1c9466658503fc7f5541a29ddbd570f98a127c9227a4c1ea867ef94107121c4

  • SSDEEP

    6144:N+I8EXLiClyXPH6kZ7pYEepYzd7ze0zaLmPZXNPLcY4g9zaRC7wRhmK:N+yJG/pY2d7sqvcYjzacqhm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3444
      • C:\Users\Admin\AppData\Local\Temp\beaf598a685a1f7952711604a2b623d4.exe
        "C:\Users\Admin\AppData\Local\Temp\beaf598a685a1f7952711604a2b623d4.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1264
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
          3⤵
            PID:2688
      • C:\Windows\setuplog.bat
        C:\Windows\setuplog.bat
        1⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4432

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\setuplog.bat
              Filesize

              362KB

              MD5

              beaf598a685a1f7952711604a2b623d4

              SHA1

              9dace68efd68131518a2e333886413fbd4b9872c

              SHA256

              fe599de074ab1e5e9f89ad14923496845a871a6562942d46fe54ecfe934ab20e

              SHA512

              5b3cb9973fce8ef3b54012d395e0a94823c62b0e0cb5a694d5a2abff11378e3dd1c9466658503fc7f5541a29ddbd570f98a127c9227a4c1ea867ef94107121c4

              Download Submit

            • C:\Windows\uninstal.bat
              Filesize

              190B

              MD5

              dbd69fcfa2ffd31d9a6d5a5332691226

              SHA1

              3f864f752fa14abaa431ee2e5abd9ef3534ab0ba

              SHA256

              6c1abd549eab8c5d4fab36736a8d1ff6f79bd8b239eb1eb2aa590b2d9dad4d15

              SHA512

              c676a01746d9287bb9e2d5a100f5aa7feca6d46239504f76e2ec32471df3749b8d2fb600f08dccd9fb487b39f1edc0ff8acb06e0aac2bd6727e4b8a8ea0b00d4

              Download Submit

            • memory/1264-0-0x0000000013140000-0x0000000013262000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/1264-9-0x0000000013140000-0x0000000013262000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/4432-11-0x0000000013140000-0x0000000013262000-memory.dmp

              Filesize

              1.1MB

              Download