Overview

overview

7

Static

static

3

d4767e23ae...2e.exe

windows7-x64

6

d4767e23ae...2e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/03/2024, 20:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d4767e23aed6e0432fb1aa0cb3cb062e.exe

  • Size

    199KB

  • MD5

    d4767e23aed6e0432fb1aa0cb3cb062e

  • SHA1

    59d3a57d399d2191c066989b389f1d0b72fa7570

  • SHA256

    261987dd8bbd49f3437686248c5156dd113dd22d5226f9dc31588bbfb3629fd8

  • SHA512

    f59b4bd85f47337ddac9b7ebfe90bfc7be9285ae098fab2de4da69a3a3bd401e331f4e7701caff74ba817c4405f981b7eac9c7d0fb53d93d8984b402a60835ac

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8ekgn2:o68i3odBiTl2+TCU/jk82

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4767e23aed6e0432fb1aa0cb3cb062e.exe
    "C:\Users\Admin\AppData\Local\Temp\d4767e23aed6e0432fb1aa0cb3cb062e.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:300
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2668

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            5f5a78427c85a6efe0a3515fc187d150

            SHA1

            e4536ea28aea7ab4cb337ed57134de5987cc272b

            SHA256

            817683592602322f372976517f71e848ac1f6df60183fda4402fa2e801e9eb0f

            SHA512

            a22b739e377eb9753b0f0ec4b88e2c537c138eae0f5cfffa7036fdb209e946b8ec4e3d5d03733ca58a699c0cd0f357ced41964bf3079adb2da5baed3266681e8

            Download Submit

          • memory/300-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/2668-62-0x0000000002240000-0x0000000002241000-memory.dmp

            Filesize

            4KB

            Download