Overview

overview

6

Static

static

3

e1ad183236...33.exe

windows7-x64

6

e1ad183236...33.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 12:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e1ad183236d5ce8bcab38800d065d933.exe

  • Size

    222KB

  • MD5

    e1ad183236d5ce8bcab38800d065d933

  • SHA1

    a8a7f82c8e97e9eb62e7f0f01d886ad25cc59d3e

  • SHA256

    29fd3ea92d1134d58d34e099ef4657acde452a8f2255439d530366a15b071947

  • SHA512

    a58fc05e3b0f72bd741ef131793de2e1890c24eaedfd6926e3613c7570441b439c8f83882a3e4b3c6365ae8b45551e8daf7b28c4cf31c4339469aa1c53016368

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8KEpjBFy11AA:o68i3odBiTl2+TCU/0huQk8CtkqH

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1ad183236d5ce8bcab38800d065d933.exe
    "C:\Users\Admin\AppData\Local\Temp\e1ad183236d5ce8bcab38800d065d933.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2776

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\bugMAKER.bat
            Filesize

            76B

            MD5

            9a20193f303104d8ddc69d3cb11f2816

            SHA1

            2436f5e3c93dcfd12c01c58c5cf2d99619eaedaf

            SHA256

            bdc51e5d05096f621a8fe0d1b318a049f51d4f34e8afa6d491ebbd56d0c1777f

            SHA512

            2f9c4a719c934b6ecddabec5109c5bf5f368815e1f5ea3bc8180ddada347937c1e7c06f24fdcf817364115625d031bce5bd8a2c5ab0536e99bb96f571daab5b7

            Download Submit

          • memory/1640-67-0x0000000000400000-0x000000000042D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/2776-62-0x0000000002220000-0x0000000002221000-memory.dmp

            Filesize

            4KB

            Download