Overview

overview

7

Static

static

3

8bb294a07b...d4.exe

windows7-x64

7

8bb294a07b...d4.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    146s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/05/2024, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8bb294a07b2a3e489d1fe5f318dbcce102a10f98cb5348f027f0ce93219432d4.exe

  • Size

    755KB

  • MD5

    5496582c7c3da3246ad732acf85e87a5

  • SHA1

    ba3c35a73f77992c2927492a79038373b710bded

  • SHA256

    8bb294a07b2a3e489d1fe5f318dbcce102a10f98cb5348f027f0ce93219432d4

  • SHA512

    6c7b7d3fdc27c319e36ca3889b4db169516c848a34597a0bd7e7454312e7a86220c5ae131deff24724ab82b70adf3f66507f1d98414d55f3468120b5ba82395b

  • SSDEEP

    6144:/wynAtMrOVRkidy9yIGWlUidywzYDteYIpREZP/xkNbyjUWAZyVVp+k:/wKfOVRo9yRY/ywzYDteYIpRE9eqVsk

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 37 IoCs
  • Drops file in Windows directory 64 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bb294a07b2a3e489d1fe5f318dbcce102a10f98cb5348f027f0ce93219432d4.exe
    "C:\Users\Admin\AppData\Local\Temp\8bb294a07b2a3e489d1fe5f318dbcce102a10f98cb5348f027f0ce93219432d4.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:5052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\Microsoft Shared\ink\RCX4905.tmp
    Filesize

    756KB

    MD5

    dee28ed9c6ef92d83aab7cb1108822e1

    SHA1

    728be21260c676618b462af8357e3020f8b41065

    SHA256

    5f6d76b41553f9b6ca1ef83bfd8dc9905a528678de9725e4f97c3e1f84a25b9b

    SHA512

    6035744fc0e6a56deb0b979ff7869793fb0d2fe93c48c55b078f60260f89474676e7632d629b7dea77542dee6a749f8b92283ddf1abb2a7ec2eb90e36b442215

    Download Submit

  • C:\Program Files (x86)\Windows Media Player\es-ES\SistemaMicrosoft.exe
    Filesize

    755KB

    MD5

    5496582c7c3da3246ad732acf85e87a5

    SHA1

    ba3c35a73f77992c2927492a79038373b710bded

    SHA256

    8bb294a07b2a3e489d1fe5f318dbcce102a10f98cb5348f027f0ce93219432d4

    SHA512

    6c7b7d3fdc27c319e36ca3889b4db169516c848a34597a0bd7e7454312e7a86220c5ae131deff24724ab82b70adf3f66507f1d98414d55f3468120b5ba82395b

    Download Submit

  • C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\v4.0_3.0.0.0_it_31bf3856ad364e35\RCX9BC3.tmp
    Filesize

    756KB

    MD5

    df1bdfd96feee171f10b3a6aa175ece7

    SHA1

    b64e643f2fe7310ccb05fdc93c0830173693b842

    SHA256

    01b4f11e143139ec2f2287ddd52e13b659d544ce04a1ef84a9fc4a29f27b4703

    SHA512

    906f6f91478885d0ccc6602815878e9d5b3e203c19c35de1806813c572f8dfffed3ca5049fd806d3b87c34289d1b4468cec27dcc2a10fa33eb3c032586b93d0c

    Download Submit