Overview

overview

10

Static

static

3

c4aee7e655...33.exe

windows7-x64

10

c4aee7e655...33.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 01:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c4aee7e655dea08a1bf1203d9fc2277230a533e33a3dc2a65c98b1e59c7f4633.exe

  • Size

    264KB

  • MD5

    c6b8a8a6133444f06d76906c264bba76

  • SHA1

    dd0a8180710bdeead8575b5c6bb63a650f6ad31f

  • SHA256

    c4aee7e655dea08a1bf1203d9fc2277230a533e33a3dc2a65c98b1e59c7f4633

  • SHA512

    7a201e775f65816ad80ae5cb0ab0c44c19761a65c783ebffa4471ee4af69f9b5a0f03f6a58b0fc3a63d6488ff37dbbfa91b49cf975d3e52105d6e98d43ff18c9

  • SSDEEP

    6144:YnPHa4tpui6yYPaIGck4GJal+O4o0pui6yYPaIGckv:E/pV6yYP4/O4hpV6yYPo

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 6 IoCs
    persistence
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 10 IoCs
  • Drops file in System32 directory 9 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4aee7e655dea08a1bf1203d9fc2277230a533e33a3dc2a65c98b1e59c7f4633.exe
    "C:\Users\Admin\AppData\Local\Temp\c4aee7e655dea08a1bf1203d9fc2277230a533e33a3dc2a65c98b1e59c7f4633.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\SysWOW64\Bmclhi32.exe
      C:\Windows\system32\Bmclhi32.exe
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Windows\SysWOW64\Ckiigmcd.exe
        C:\Windows\system32\Ckiigmcd.exe
        3⤵
        • Adds autorun key to be loaded by Explorer.exe on startup
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2612
        • C:\Windows\SysWOW64\Ceegmj32.exe
          C:\Windows\system32\Ceegmj32.exe
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:2640
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 140
            5⤵
            • Loads dropped DLL
            • Program crash
            PID:2568

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\Bmclhi32.exe
          Filesize

          264KB

          MD5

          49f4f4ef4e1b11ca8eed5277aacbaa46

          SHA1

          75ce285ca36ca8bbdcdc5420e095f92a931deb08

          SHA256

          2651ce18656d948dbd93cee2b1f284e4138521ef02e3ac2451415ae1eb1ba9b3

          SHA512

          f606d1b54e6edb27ffb1c76ef8f1c51fdd664637f78c174e57a2ee28cb82012ae5054911ff2deffe7c50ab4cfecec79a1a1efc6f618ee11d83ee25007400a44e

          Download Submit

        • \Windows\SysWOW64\Ceegmj32.exe
          Filesize

          264KB

          MD5

          d34a04290f5f5467ba36251049320ba3

          SHA1

          deae0890eddd715b88de6c586ab0b4cf6ddf8b12

          SHA256

          dc629624b5479ac4588841938803086d1026cba07448b82abb5e21ce1eb5b87f

          SHA512

          a0d7cc3d70b790c200d63a1fe6d8f3f99aca927cec209a5c26e5f39a92fd72d46b4b7891aebb579f3c95236ac36a80a6c5353f9923810a0a10fdded1edc377b1

          Download Submit

        • \Windows\SysWOW64\Ckiigmcd.exe
          Filesize

          264KB

          MD5

          f4dcf319e05b0d45c969d5189f0eb726

          SHA1

          0937b79834496673c5db3295409940be3d2bde82

          SHA256

          5ff67b5d7ab500579785f0a11da993ef4c423e7070724002db20d44660fb5656

          SHA512

          ddd20c2628d8bffd349b53435c6544d0bdfc26463433b635b9794d27514ea6eedd6a87b0c78fe2835c8fe6cc8e300d4a220a542e1480388521b7c708eaf1f120

          Download Submit

        • memory/2612-37-0x00000000002D0000-0x0000000000303000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2612-39-0x00000000002D0000-0x0000000000303000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2612-47-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2640-40-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2908-0-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2908-6-0x00000000001B0000-0x00000000001E3000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2908-45-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2980-19-0x0000000000220000-0x0000000000253000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2980-46-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

          Download