Overview

overview

10

Static

static

3

BUG32.exe

windows7-x64

BUG32.exe

windows10-2004-x64

Windows/Bonzify.exe

windows7-x64

8

Windows/Bonzify.exe

windows10-2004-x64

8

BossDaMajor.exe

windows7-x64

BossDaMajor.exe

windows10-2004-x64

FakeGoldenEye.exe

windows7-x64

6

FakeGoldenEye.exe

windows10-2004-x64

6

PCToaster.exe

windows7-x64

1

PCToaster.exe

windows10-2004-x64

7

Bolbi.vbs

windows7-x64

10

Bolbi.vbs

windows10-2004-x64

10

Resubmissions

16-03-2024 17:14

240316-vsg33ahc39 7

16-03-2024 17:12

240316-vqyb9shb94 10

16-03-2024 15:47

240316-s8g2wsea5y 10

Analysis

  • max time kernel
    153s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-03-2024 15:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PCToaster.exe

  • Size

    411KB

  • MD5

    04251a49a240dbf60975ac262fc6aeb7

  • SHA1

    e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0

  • SHA256

    85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3

  • SHA512

    3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2

  • SSDEEP

    3072:quJFS5Aqu+WwjxeI/0gVnfKl0FA+aPobO24yNz88iu8vDYHTlI5EJD5Hbibfd6PK:/JM0mCsWq1/qpz+nF5c

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PCToaster.exe
    "C:\Users\Admin\AppData\Local\Temp\PCToaster.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4336
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\PCToaster.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3672
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:3508
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4320

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3672-3-0x00000187CFFE0000-0x00000187D0FE0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3672-12-0x00000187CFFC0000-0x00000187CFFC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3672-19-0x00000187CFFC0000-0x00000187CFFC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3672-36-0x00000187CFFC0000-0x00000187CFFC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3672-40-0x00000187CFFC0000-0x00000187CFFC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3672-45-0x00000187CFFE0000-0x00000187D0FE0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3672-51-0x00000187CFFC0000-0x00000187CFFC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3672-52-0x00000187CFFC0000-0x00000187CFFC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4336-0-0x0000000000400000-0x000000000046E000-memory.dmp

      Filesize

      440KB

      Download