7bd000df2bf9b233836e7b718c967a6477adfb27bf2edb95313b6a30df191971

Analysis

max time kernel
118s
max time network
145s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Black Project free/Black Project free.exe
Size

134KB
MD5

90485b80afeb10e4b7c0cdaa9debe03e
SHA1

d973b65b1634b5f964792bfc0d61cbcdcbd46f5c
SHA256

f3f455267b6436ecab5c82d4b7ad2fe09c7600cd447eb17bd3f2fafba7a755ae
SHA512

90c2b6134a0c5ef202f0ad2d3409975d0a75d0144752e4a0ca11baafc714b7b77f120bfacef901535940281ae282634564947ccd05df446343e68bf618e92597
SSDEEP

3072:g8B9qTvDWIGoJriZqVvum5R5m2AQ0m6mFijaVN:g5TrWIrZiium5R1A9Zm

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe	Black Project free.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe	Black Project free.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	pastebin.com
5	pastebin.com

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2664	1632	Black Project free.exe	28
PID 1632 wrote to memory of 2664	1632	Black Project free.exe	28
PID 1632 wrote to memory of 2664	1632	Black Project free.exe	28
PID 1632 wrote to memory of 2664	1632	Black Project free.exe	28

C:\Users\Admin\AppData\Local\Temp\Black Project free\Black Project free.exe
"C:\Users\Admin\AppData\Local\Temp\Black Project free\Black Project free.exe"
1⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 1400
  2⤵
  PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1632-0-0x0000000074AC1000-0x0000000074AC2000-memory.dmp

Filesize
4KB

Download
memory/1632-1-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download
memory/1632-2-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download
memory/1632-3-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download
memory/2664-19-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2664-20-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download