a88067e092dbd0f7ce36eabdb7ab97d37e125962d30eb1b9ef48caa17333fd7e | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Bonzify.exe

windows7-x64

Resubmissions

15-04-2024 23:34

240415-3kvcesdc8z 8

Sharing

General

Target

Bonzify.bin.zip
Size

5.6MB
Sample

240415-3kvcesdc8z
MD5

c74a814bf73916f260c9ead93cbc25d8
SHA1

c30c813e2d7a8b0b07737578e526c531c4618b88
SHA256

a88067e092dbd0f7ce36eabdb7ab97d37e125962d30eb1b9ef48caa17333fd7e
SHA512

7fd5a30bca5178953d538e38fd081c5c28920d89a7768084c4c815a036bbe6adb0d88543bce725355f2f6cbadec09c4caf45eb6c8361365503c82ea104327e82
SSDEEP

98304:IFECoItQwcAPOy+uPo7b0beVCYwCEkH4B+aCPEojqfCu5Sb5biEfV2N2smW9uB:AWzAUuPLCpnYUPEQu5Sb5+Ef22z3B

Score

8^/10

discovery exploit persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bonzify.exe

Resource

win7-20240221-en

discovery exploit persistence

windows7-x64

21 signatures

600 seconds

Malware Config

Targets

- Target
  
  Bonzify.bin
- Size
  
  6.4MB
- MD5
  
  9c352d2ce0c0bdc40c72f52ce3480577
- SHA1
  
  bd4c956186f33c92eb4469f7e5675510d0790e99
- SHA256
  
  d7e6580054525d3f21f86edfc9f30b7a75ffa829a1eb67ee3cab33f0040dba4e
- SHA512
  
  c1926d59272df0e049467f4497bcc3631bbc1aa5337e87f4af31bfdba60c9ef460e394380024ffa7e71fef8938761d48d75e9dc93dc7529d2b9c8c638dddae92
- SSDEEP
  
  196608:/dAMaWetTeAkLIdx751qFTkub//73lc6u7b5VJ2Yx5xIdk3:naWedh+Idx75QYub//73lc6u7bLMYxD
Score

8^/10

discovery exploit persistence
- Modifies AppInit DLL entries
  persistence
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexploitpersistence

© 2018-2024

Terms | Privacy