7ba9bcd9e41688527773357652568e840f8569b1692a02182a701527ed431b74

Resubmissions

09/06/2024, 08:44 UTC

240609-knmgwagc4s 3

09/06/2024, 08:31 UTC

240609-kexw9agb5x 7

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 08:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vcredist_x64.exe
Size

6.9MB
MD5

96b61b8e069832e6b809f24ea74567ba
SHA1

8bf41ba9eef02d30635a10433817dbb6886da5a2
SHA256

e554425243e3e8ca1cd5fe550db41e6fa58a007c74fad400274b128452f38fb8
SHA512

3a55dce14bbd455808bd939a5008b67c9c7111cab61b1339528308022e587726954f8c55a597c6974dc543964bdb6532fe433556fbeeaf9f8cb4d95f2bbffc12
SSDEEP

196608:19OaQ54oYY7jLwXjZ41OON2uk3bQWgtyccMEL:Gz5x7jLXkmkU4cFe

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2228	vcredist_x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2228	1664	vcredist_x64.exe	28
PID 1664 wrote to memory of 2228	1664	vcredist_x64.exe	28
PID 1664 wrote to memory of 2228	1664	vcredist_x64.exe	28
PID 1664 wrote to memory of 2228	1664	vcredist_x64.exe	28
PID 1664 wrote to memory of 2228	1664	vcredist_x64.exe	28
PID 1664 wrote to memory of 2228	1664	vcredist_x64.exe	28
PID 1664 wrote to memory of 2228	1664	vcredist_x64.exe	28

C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe
"C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe
  "C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe" -burn.unelevated BurnPipe.{3F687067-2FDF-4745-BD5B-A9E0E354E2CB} {1E7498B2-B400-4822-85F7-E1C9A71074BD} 1664
  2⤵
  - Loads dropped DLL
  PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\Users\Admin\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit