Overview

overview

7

Static

static

3

d5640ae6c0...86.exe

windows7-x64

7

d5640ae6c0...86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 06:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d5640ae6c04429a1be9e10750faa6b86.exe

  • Size

    284KB

  • MD5

    d5640ae6c04429a1be9e10750faa6b86

  • SHA1

    4ee8d53086cf4fc5348b4384619809b6f76a2ceb

  • SHA256

    fb38f3b96d9f62383d8c23e99466d2dc34caf38c08dcddd018316da71d81e54a

  • SHA512

    050721497cc941e907fe7f6f8eb6c59e32004c8b3be8187e8a83288316a38b82223adb408ddb10df7a4b1c66134cb07032d92fd694b34353d06fe85e29722a8e

  • SSDEEP

    6144:5w9Sbu9bL2Y9T/NkKUIzJgOBRAirVPV22EakrrmKD2Iv8YrY:4Vf9hdgOfAi92Ha2mKaA2

Score
7/10
bootkitpersistencespywarestealer

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5640ae6c04429a1be9e10750faa6b86.exe
    "C:\Users\Admin\AppData\Local\Temp\d5640ae6c04429a1be9e10750faa6b86.exe"
    1⤵
    • Checks BIOS information in registry
    • Writes to the Master Boot Record (MBR)
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Users\Admin\AppData\Local\Temp\uninstall.exe
      C:\Users\Admin\AppData\Local\Temp\uninstall.exe
      2⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:4604

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\uninstall.exe
          Filesize

          284KB

          MD5

          d5640ae6c04429a1be9e10750faa6b86

          SHA1

          4ee8d53086cf4fc5348b4384619809b6f76a2ceb

          SHA256

          fb38f3b96d9f62383d8c23e99466d2dc34caf38c08dcddd018316da71d81e54a

          SHA512

          050721497cc941e907fe7f6f8eb6c59e32004c8b3be8187e8a83288316a38b82223adb408ddb10df7a4b1c66134cb07032d92fd694b34353d06fe85e29722a8e

          Download Submit