Overview

overview

7

Static

static

3

c58d5aecd2...53.exe

windows7-x64

7

c58d5aecd2...53.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 09:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c58d5aecd223ac95ae5fab6dcd69e953.exe

  • Size

    44KB

  • MD5

    c58d5aecd223ac95ae5fab6dcd69e953

  • SHA1

    5e51e9c238d652a36666d384e8d7fab2612b3b0e

  • SHA256

    5f3c96978d19ec242079f84e9b13498eb9b988262c82a6cdc15ed67276945e5a

  • SHA512

    12d4f400da9ffd94cc5cf32d97c443c8839eab936666b1a7832d9507af92d12e4bda5a6d31a13d89ba9bf27642808ab009b9ae52502252c0689b647dc7a386b3

  • SSDEEP

    384:VuQiLWpVI/i952Hg2Lx3WCitQO1Px17NYDl75tCfF/8y56WN/79+3sBCoUgFb:kzqE/iyAkx3lGPhsl5sGsN/JCsBCobF

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c58d5aecd223ac95ae5fab6dcd69e953.exe
    "C:\Users\Admin\AppData\Local\Temp\c58d5aecd223ac95ae5fab6dcd69e953.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4772
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\KKLJN.bat
      2⤵
        PID:3700
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\BHMKP.bat
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:5008
        • C:\LOL\jah.exe
          "C:\LOL\jah.exe"
          3⤵
          • Executes dropped EXE
          • Adds Run key to start application
          PID:4984

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\BHMKP.bat
      Filesize

      16B

      MD5

      65e1b02a23cab785ab4b9d74d45d432e

      SHA1

      0ea815d5c7042cc36f188645a0cb4614c0bbafa7

      SHA256

      b79ab35ba85e813bb8a9d36534b53fdbf66150d912d0b514d42343825ceff39e

      SHA512

      0d1c12bde6d7257876ea25957b930360c8b6c62dd4d449916e663166b74c7364efedea741afdf9dba613150338449895b11448724c700266e60ef9266dd39c83

      Download Submit

    • C:\KKLJN.bat
      Filesize

      94B

      MD5

      42a4b81afccb672a4449bf7150831bc2

      SHA1

      409c6d8dbe76ab1eaff02f0f59a21713350ccb79

      SHA256

      d4dc632a5fa8e2a4c524173ae06a3c297cfd88421f768629ced4bc1c9aedaa23

      SHA512

      a9b16daa9c383cbb8cb94d64a7aad84ce72d7f4ffaf56d85754a76731b49fde37d4ae374364c636ca85599a2731827104e1c0cf4230d447f870f011803faeb1e

      Download Submit

    • C:\LOL\jah.exe
      Filesize

      44KB

      MD5

      c58d5aecd223ac95ae5fab6dcd69e953

      SHA1

      5e51e9c238d652a36666d384e8d7fab2612b3b0e

      SHA256

      5f3c96978d19ec242079f84e9b13498eb9b988262c82a6cdc15ed67276945e5a

      SHA512

      12d4f400da9ffd94cc5cf32d97c443c8839eab936666b1a7832d9507af92d12e4bda5a6d31a13d89ba9bf27642808ab009b9ae52502252c0689b647dc7a386b3

      Download Submit