Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-es
  • resource tags

    arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    21/05/2024, 17:49

General

  • Target

    brigadier.exe

  • Size

    5.7MB

  • MD5

    401218268f48c9bed7e038222a2bca2a

  • SHA1

    f8c80430579b986b4b8e2ae08e48aba4b248942d

  • SHA256

    44c35d3c90744584a6cccfd62bbc3bb07bc921007b71dc0df936ebaa729309cd

  • SHA512

    b1543f5e73266dfb671862d02442ab73f547b81ebae9516a802f96e9c83970d772c3a59017a434f2238e2627f2f81401035b58d44b760d3075bbfdebcb572dc8

  • SSDEEP

    98304:0UfMrVJ9FevYYMeBFh5iFIRv2Vb8wDnjocyBQPnRNJe1B+XKrbF8BaHsSHhXntkI:0ceneMeR5U8wWGRNJpfKsKtOIAIkk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\brigadier.exe
    "C:\Users\Admin\AppData\Local\Temp\brigadier.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Users\Admin\AppData\Local\Temp\brigadier.exe
      "C:\Users\Admin\AppData\Local\Temp\brigadier.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2460
      • C:\Windows\System32\Wbem\wmic.exe
        wmic computersystem get model /format:RAWXML
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22562\MSVCR90.dll

    Filesize

    627KB

    MD5

    ecbbed2f44afb22ba1f9ef8603c261b5

    SHA1

    98c1c3e0960b3653b772e71a5ea0b63362ebdbd3

    SHA256

    75613e14c26c84a21763cd315bdb3129c997f1c28dfbc3932379970901a22820

    SHA512

    bf76cb53f81278f65e2e4e3a8ec6e7b2246fe2a53e43dad49e84b567f73b7090d0eb915ea9c183da38b4a0ad03ff40ce4cca63b8609f467e40c4a3cacc394cbb

  • C:\Users\Admin\AppData\Local\Temp\_MEI22562\brigadier.exe.manifest

    Filesize

    1017B

    MD5

    7e8594d05bc5a232d1a0f5c219a8a5ff

    SHA1

    e97c6d7b8541e21bc051d5e30f0f8932a74f390d

    SHA256

    dec3610aee6c172332b3f0aaad22f8ed641fdc80971369715d71492210910f5f

    SHA512

    e29c374980c76ace055d32d44e6476c4ebde67b363ce8f5f50fb628113311cd9c5c682e2b8494607d2cd63b8d7351678144800c68be14426f9ec694eaaa4c582

  • C:\Users\Admin\AppData\Local\Temp\_MEI22562\python27.dll

    Filesize

    3.3MB

    MD5

    367b77fb4be93bf0e965e0149ed96e7a

    SHA1

    9fbea126ff80d2bdebeb1032a27514aa933c656b

    SHA256

    8ef134c6fab5395aa0e3943dc4e758181583759f0f849bd9580ed87145eb5321

    SHA512

    8c4909f080292ca21e9a49165fa8d990162729c9d9a266b0d8561b02c26eabc060c6422a66f535d6e493f7e698542d1a1cadd0ac0e6340bf10680baebff3de71

  • C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_ctypes.pyd

    Filesize

    119KB

    MD5

    28e5d05ab42adb1e7ada35f1eef1b32b

    SHA1

    0792867716c8a933305455a2c7f39d30807dad65

    SHA256

    a93e3bfe62afa5062c6257a7f347d715af346ac3aec7999b8d86a9f2580ec176

    SHA512

    0cb08ec46068e20a2df3fc0e69bceba5b8a807aeb580002e846d9272fea7a6ee24b8f2c571571677b61dd8c58eb998c26a656193798de5075c6943f6d701c569

  • C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_hashlib.pyd

    Filesize

    1.6MB

    MD5

    6f784c403e2097d11331f8778f6d9d2c

    SHA1

    64ecd6ee875f89a88204e673acae9547992fd085

    SHA256

    cda9a6478417629cb40809aad57bd5a884f183333506d00008d16e47368fd633

    SHA512

    c1fbd548f03a46ee19cd003831bcb53df204cd1c71ab672955a2ff19267c523a17970f8fb9586e712665c09b54c19338037a38a425dacb857aae5b6162fa282c

  • C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_socket.pyd

    Filesize

    50KB

    MD5

    f28dc3a4451c29fea272d7ae063425c5

    SHA1

    ece376146a7115cd5b1ad141a59fff25b6da6a5d

    SHA256

    a75aa54781de3c97f5b4c2e0389d5ad39602cda6fcd5a3810667a4cf24f4286a

    SHA512

    746b1b608c457cdf8aa784683533e1220c60dd689f7f5266013f1194e9fd091123eb11d697119b9de65686019176062eb9aba04d2845930369829182a399b5e5

  • C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_ssl.pyd

    Filesize

    2.0MB

    MD5

    9c6d526768f8395aecff0af0d27f0063

    SHA1

    a580e2782c31ffb9365ea31dce8b337aae9eee07

    SHA256

    2c4cb4459c37a2152698e19f27350a7dbf56c51509689b1d7a65c60fb5a75751

    SHA512

    52bc14aa9f6bb6822740b7be98187fba1adf86f484e130ac6df3fad6e456b41288cbb9c8abf9d7af8730e9c0f7438ed362582ee7f39a5cab9cf471bb5b84b9eb

  • C:\Users\Admin\AppData\Local\Temp\_MEI22~1\bz2.pyd

    Filesize

    90KB

    MD5

    51fdb7790e680a394e9936498d3a73fa

    SHA1

    fab9f97feee68fbd9225de051349ac3258920fa2

    SHA256

    985902e0813564981059c2f57282614f5a907dc3df0273ba7bef2ad64123c921

    SHA512

    594153dd913a3369d310980b0e53bc6a10174e18b0b416dc1b86b2401b4bd94546bee9fbde7421e102490ccba4c8a8d7b91b3df5e3c0506cc98b51bc63e15c50

  • C:\Users\Admin\AppData\Local\Temp\_MEI22~1\certifi\cacert.pem

    Filesize

    259KB

    MD5

    ea4ee2af66c4c57b8a275867e9dc07cd

    SHA1

    d904976736e6db3c69c304e96172234078242331

    SHA256

    fa883829ebb8cd2a602f9b21c1f85de24cf47949d520bceb1828b4cd1cb6906c

    SHA512

    4114105f63e72b54e506d06168b102a9130263576200fb21532140c0e9936149259879ac30a8b78f15ae7cb0b59b043db5154091312da731ac16e67e6314c412

  • C:\Users\Admin\AppData\Local\Temp\_MEI22~1\pyexpat.pyd

    Filesize

    181KB

    MD5

    2a69dab6a61d6837f3f597ea44e5415b

    SHA1

    1a2c541c9d7bbacce9485bef0f557722782bdb23

    SHA256

    24b321a24c67b6afb095f9bdc38ff1ecf74e95b59928fa36e6011c2fc37e4b96

    SHA512

    dbd1df10cdd066e3b435455bbc62d5c5dea1aa1bcd2a63fc985c61fe187fd4a3ddfe97e63bb8202ef60a2e16866c8d150f24905e3dc0b1460c83c0deb1c8d121

  • C:\Users\Admin\AppData\Local\Temp\_MEI22~1\select.pyd

    Filesize

    11KB

    MD5

    c76ccf3e7883917832c3b2fa2b980aa1

    SHA1

    f35f0424522f3986f5917725b8c0b515bd80bf46

    SHA256

    417ecb5fe0caf271ae53fd9132f4a6d50cb5304d586548f964a546cd5858f347

    SHA512

    44e15c8b0d61c2b7f9dba92d0c43acb8d0a27b1c7fc58b9f1a89d39ae7ceabc5b7df5d8b2592949f014e34a04b0592189a5d1fe7551a0b59bd9499c0a7d16d8b

  • C:\Users\Admin\AppData\Local\Temp\_MEI22~1\unicodedata.pyd

    Filesize

    676KB

    MD5

    6c38211cc951d7800cb961f4bb16716c

    SHA1

    fe49ce52862fa87fc6c2ae8731a3c22b69dcd3ba

    SHA256

    45edce458a292465d784e07a3ffd46580aab0a4f925c40704bc45a60325e7537

    SHA512

    4eb5daabfdb599e466b17ef541809cae9fb83994be28ba2b3401a79e5b94e6d991aa1821c22f54c6ea90b866ce4f6f9c857053eb4f37b3751dcf25806ed4e674