Overview

overview

6

Static

static

3

bed77d2d0f...b2.exe

windows7-x64

6

bed77d2d0f...b2.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 14:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bed77d2d0f491679dbab2b2d40661fb2.exe

  • Size

    161KB

  • MD5

    bed77d2d0f491679dbab2b2d40661fb2

  • SHA1

    21abfdd00227c89342b60e7e77bdc6af9b0d7b28

  • SHA256

    d1b65269d3dda2705c4d070065e20ef0dbddee818fca5c85b83aaf809313800b

  • SHA512

    b803cc484b0d53663c5c0f61e0910b2eaffc418f7320e32e4ee6d70d1d35a971c327fa326bad6c6a89319878833c00c8e59270b4326b9318d1ca849f855261ca

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8A:o68i3odBiTl2+TCU/7

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bed77d2d0f491679dbab2b2d40661fb2.exe
    "C:\Users\Admin\AppData\Local\Temp\bed77d2d0f491679dbab2b2d40661fb2.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2904

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            be3b3fd297d250e9182f3b558ff024f2

            SHA1

            c9f014e3f51aba97c1eaf619d83e13256af772d6

            SHA256

            a3d50a62fa293c629cd80f9b5b025aa662a30a0a1e6c62aa2bf2f22ebd4aec1e

            SHA512

            755b6019a33e384dafd3faa009646aa856c57e3e7f55e8f7d617884b676866b10580db0ae9c54d13d8ae93d3864206c6aadabb32d186f3d73872989c67673c36

            Download Submit

          • memory/2356-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/2904-62-0x00000000004E0000-0x00000000004E1000-memory.dmp

            Filesize

            4KB

            Download