Overview

overview

10

Static

static

3

b00aa26d9d...f8.exe

windows7-x64

10

b00aa26d9d...f8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2024 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b00aa26d9d7889613c7552ce6e17b0264788e24c6166edcf68c47f209ca767f8.exe

  • Size

    98KB

  • MD5

    0a547347b0b9af0290b263dfa8d71ebe

  • SHA1

    5ff176bfe5e0255a68c8e3d132afbff795a1fc1d

  • SHA256

    b00aa26d9d7889613c7552ce6e17b0264788e24c6166edcf68c47f209ca767f8

  • SHA512

    8e3795bc46783f970c63c56d340e1eb47346bd3e7a9050ed7d1fac77cdcf96e9ec2a955d56b60ca68556a160ab4c0116b2a51d0bbee91c5ded72a3b2b81d5fb0

  • SSDEEP

    1536:79H3LJvFmav82tiLZoS/0XOD7fiq4kzNEAAkHK:hHbCOqb/+i7fRekHK

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 12 IoCs
    evasiontrojan
  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 8 IoCs
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b00aa26d9d7889613c7552ce6e17b0264788e24c6166edcf68c47f209ca767f8.exe
    "C:\Users\Admin\AppData\Local\Temp\b00aa26d9d7889613c7552ce6e17b0264788e24c6166edcf68c47f209ca767f8.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Windows\sysbrapsvc.exe
      C:\Windows\sysbrapsvc.exe
      2⤵
      • Modifies security service
      • Windows security bypass
      • Executes dropped EXE
      • Loads dropped DLL
      • Windows security modification
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Users\Admin\AppData\Local\Temp\2569932620.exe
        C:\Users\Admin\AppData\Local\Temp\2569932620.exe
        3⤵
        • Executes dropped EXE
        PID:2400
      • C:\Users\Admin\AppData\Local\Temp\2610124612.exe
        C:\Users\Admin\AppData\Local\Temp\2610124612.exe
        3⤵
        • Windows security bypass
        • Executes dropped EXE
        • Loads dropped DLL
        • Windows security modification
        • Adds Run key to start application
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1940
        • C:\Users\Admin\AppData\Local\Temp\2653233754.exe
          C:\Users\Admin\AppData\Local\Temp\2653233754.exe
          4⤵
          • Executes dropped EXE
          PID:548
        • C:\Users\Admin\AppData\Local\Temp\2419424978.exe
          C:\Users\Admin\AppData\Local\Temp\2419424978.exe
          4⤵
          • Executes dropped EXE
          PID:2284
        • C:\Users\Admin\AppData\Local\Temp\2999016255.exe
          C:\Users\Admin\AppData\Local\Temp\2999016255.exe
          4⤵
          • Executes dropped EXE
          PID:2004
      • C:\Users\Admin\AppData\Local\Temp\1647629169.exe
        C:\Users\Admin\AppData\Local\Temp\1647629169.exe
        3⤵
        • Executes dropped EXE
        PID:1124
      • C:\Users\Admin\AppData\Local\Temp\1675220344.exe
        C:\Users\Admin\AppData\Local\Temp\1675220344.exe
        3⤵
        • Executes dropped EXE
        PID:968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\_3[1]
    Filesize

    9KB

    MD5

    4c12165bc335a32cb559c828484a86a6

    SHA1

    c2e78c57f15a1a3a190be415aac3d1e3209ce785

    SHA256

    4831bd83c39ec9d898ccc1023858c81a03326b7c1c5dd8e24fdf9b2171707d1a

    SHA512

    f44df78b6f16255496b2fa35e28c185011c2bebf47730a68fd1369abf87f390684a8786a167319319d14a12da3768c1edef8e36037cde339a1ffe8c62c3ea87b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1314926483.exe
    Filesize

    80KB

    MD5

    2ff2bb06682812eeb76628bfbe817fbb

    SHA1

    18e86614d0f4904e1fe97198ccda34b25aab7dae

    SHA256

    985da56fb594bf65d8bb993e8e37cd6e78535da6c834945068040faf67e91e7d

    SHA512

    5cd3b5a1e16202893b08c0ae70d3bcd9e7a49197ebf1ded08e01395202022b3b6c2d8837196ef0415fea6497d928b44e03544b934f8e062ddbb6c6f79fb6f440

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1647629169.exe
    Filesize

    8KB

    MD5

    11d2f27fb4f0c424ab696573e79db18c

    SHA1

    d08ece21a657bfa6ea4d2db9b21fbb960d7f4331

    SHA256

    dee9dca027009b7d2885ace7b968d2e9505a41b34756b08343338f8ef259e9be

    SHA512

    a60de41caa6113430ab4ab944b800579f574f9b964c362f9c62bbfc1bd85dccd01b628809367e15cfe6baaba32c1255f8db07e434ff7bcf5e90d9b3d1f6a4cd4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1675220344.exe
    Filesize

    11KB

    MD5

    cafd277c4132f5d0f202e7ea07a27d5c

    SHA1

    72c8c16a94cce56a3e01d91bc1276dafc65b351d

    SHA256

    e5162fa594811f0f01fc76f4acbd9fe99b2265df9cfcbc346023f28775c19f1e

    SHA512

    7c87d1dec61b78e0f223e8f9fec019d96509813fa6d96129289aab00b2d6f05bf91fe1fafd680b7d9e746f4c2c8cbe48a3028bcaad479048d00d79a19f71b196

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2610124612.exe
    Filesize

    14KB

    MD5

    d085f41fe497a63dc2a4882b485a2caf

    SHA1

    9dc111412129833495f19d7b8a5500cf7284ad68

    SHA256

    fb11b4e2d26812e26ea7428f3b0b9bb8a16814188250fa60697c7aec40a49bd0

    SHA512

    ed4d8e297094248fb536154ed0427f4cc1832f339ce29d0f782971ede42fa2b9e5f953f73e71d0cfc026e5fd2ec0f7062410af359fd940a14f277adca37fc106

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2653233754.exe
    Filesize

    8KB

    MD5

    9b8a3fb66b93c24c52e9c68633b00f37

    SHA1

    2a9290e32d1582217eac32b977961ada243ada9a

    SHA256

    8a169cf165f635ecb6c55cacecb2c202c5fc6ef5fa82ec9cdb7d4b0300f35293

    SHA512

    117da1ec9850212e4cafce6669c2cfffc8078627f5c3ccdfd6a1bf3bee2d351290071087a4c206578d23852fa5e69c2ebefd71905c85b1eaed4220932bb71a39

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\795916237.exe
    Filesize

    86KB

    MD5

    fe1e93f12cca3f7c0c897ef2084e1778

    SHA1

    fb588491ddad8b24ea555a6a2727e76cec1fade3

    SHA256

    2ebc4a92f4fdc27d4ab56e57058575a8b18adb076cbd30feea2ecdc8b7fcd41f

    SHA512

    36e0524c465187ae9ad207c724aee45bcd61cfd3fa66a79f9434d24fcbadc0a743834d5e808e6041f3bd88e75deb5afd34193574f005ed97e4b17c6b0388cb93

    Download Submit

  • C:\Windows\sysbrapsvc.exe
    Filesize

    98KB

    MD5

    0a547347b0b9af0290b263dfa8d71ebe

    SHA1

    5ff176bfe5e0255a68c8e3d132afbff795a1fc1d

    SHA256

    b00aa26d9d7889613c7552ce6e17b0264788e24c6166edcf68c47f209ca767f8

    SHA512

    8e3795bc46783f970c63c56d340e1eb47346bd3e7a9050ed7d1fac77cdcf96e9ec2a955d56b60ca68556a160ab4c0116b2a51d0bbee91c5ded72a3b2b81d5fb0

    Download Submit