Overview

overview

7

Static

static

3

c79da0758d...1a.exe

windows7-x64

6

c79da0758d...1a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 03:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c79da0758d4f24bd5cce47c48d9b271a.exe

  • Size

    231KB

  • MD5

    c79da0758d4f24bd5cce47c48d9b271a

  • SHA1

    3f4a37595799c11d300708387e7e71d693ba7b88

  • SHA256

    802dbfdfed3a825876b1e5597938ea9be0af836db8c303d29e5b1b172c095c84

  • SHA512

    b109931aaf6bc8a05bf528a9edd2c2c352ee32697178ba6d01dd8c9b95c1028c7e312d6ebe865dcdbed535dfd356f2d30501b3af623cdadbed80066ed75f6a15

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8PpjBFy11AwL:o68i3odBiTl2+TCU/IhuhptkqxF

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c79da0758d4f24bd5cce47c48d9b271a.exe
    "C:\Users\Admin\AppData\Local\Temp\c79da0758d4f24bd5cce47c48d9b271a.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2688

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            c509b6062d5c8cdd2ef170a1ab3f090b

            SHA1

            5fbc9bbadfefbf0dc5254bd493b5e95527697838

            SHA256

            f02fe7494690904d4f252e87d70eedf6562d37b48496833a9e2d00ba69e1fd71

            SHA512

            1960bd5b73c18f04568ea9dca222ac15cc5346c1201cfd65baafc1ed058391ca58b5fe56c1408d9ca87cc92634fff251efd94e84e3b744a14ff4761de81f8dfa

            Download Submit

          • memory/1048-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/2688-62-0x0000000000440000-0x0000000000441000-memory.dmp

            Filesize

            4KB

            Download