Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 23:30
Static task
static1
Behavioral task
behavioral1
Sample
8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe
Resource
win10v2004-20240426-en
General
-
Target
8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe
-
Size
448KB
-
MD5
832a45c68255355a4afda0c7634295ed
-
SHA1
3c91743c3f36a1d4295a6a4ca0ffa59181a937c5
-
SHA256
8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c
-
SHA512
14a3d7d6813c26b72e147134d8a1a130d352dcd4847d05d19660e6dfbf609af8cdf61bf025436c9d85fdf6380dee26dd864cfb07786ea689653ea538b6ee01f3
-
SSDEEP
6144:Cc1I07FfYYRv0tjdA5qBdpWiFokEjWbjcSbcY+CaQdaFOY4iGFYtR:F6sZYYRv0tjdTdzFokFbz+xt4vF
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2700 BLKEF.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\windows\BLKEF.exe 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe File opened for modification C:\windows\BLKEF.exe 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe File created C:\windows\BLKEF.exe.bat 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2252 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe 2700 BLKEF.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2252 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe 2252 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe 2700 BLKEF.exe 2700 BLKEF.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2252 wrote to memory of 2668 2252 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe 28 PID 2252 wrote to memory of 2668 2252 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe 28 PID 2252 wrote to memory of 2668 2252 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe 28 PID 2252 wrote to memory of 2668 2252 8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe 28 PID 2668 wrote to memory of 2700 2668 cmd.exe 30 PID 2668 wrote to memory of 2700 2668 cmd.exe 30 PID 2668 wrote to memory of 2700 2668 cmd.exe 30 PID 2668 wrote to memory of 2700 2668 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe"C:\Users\Admin\AppData\Local\Temp\8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Windows\SysWOW64\cmd.execmd /c ""C:\windows\BLKEF.exe.bat" "2⤵
- Suspicious use of WriteProcessMemory
PID:2668 -
C:\windows\BLKEF.exeC:\windows\BLKEF.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2700
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56B
MD5b33e7d5a06e9f64af17b4c6c44932f9f
SHA14602a1253fa60612a27968255bdd41104d01d52a
SHA256c2a6b8ab57bdb5d0fd0f0a750573ad75e9df16b28a0f8eba4226ee09eeddeb2d
SHA5128015a5a1f832885a5e024ffed5ea3ce651e8726a47ffd406b566a7f64a793d05c4aed06964b01834b4bfd8bc5e2ca583704191ed1f1f45ec630cde88a544e4b1
-
Filesize
448KB
MD50f3ec0d6daa7b16eab783fd7a8651bc5
SHA101830dfdf4fdb71577a5bc85fdaaa97ce74e3b6f
SHA2561b95ef467cb168096231023606e219a32fd74de22a3154518a33b67e3a495239
SHA51211e3c8c043b87dbed5a32436d847f93dc952b7f40201773ad5c6c07fcde107d9727c3ad91b4d5581cf872ba5d3ac3b47d7db0b9199fce81088087ff6941ed1b3