Overview

overview

7

Static

static

3

64f9efb81c...d6.exe

windows7-x64

6

64f9efb81c...d6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64f9efb81c175257251e257bd3ce866b3ca225eae74ed7a64ff20a5460a607d6.exe

  • Size

    307KB

  • MD5

    e00d1e8d9ad18ee37fec68b54b801bc6

  • SHA1

    1a914ecf9e77e6f50b6900aca7d1f1a753fa70ef

  • SHA256

    64f9efb81c175257251e257bd3ce866b3ca225eae74ed7a64ff20a5460a607d6

  • SHA512

    22c76e88789d08d6b5a50d8a93c9f2dc0ea4120c413de40cdf9b6544cd78cd3bde953600cfb329e12dcfbb711c4531e679ce7a1de2b6c888b65466eecafce82f

  • SSDEEP

    6144:SCGaECnpAoDO1A8dg3iTPJLMfgQZX+tJs0dxB:DGHCnaomAEg3uPdkgOX+tZdxB

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64f9efb81c175257251e257bd3ce866b3ca225eae74ed7a64ff20a5460a607d6.exe
    "C:\Users\Admin\AppData\Local\Temp\64f9efb81c175257251e257bd3ce866b3ca225eae74ed7a64ff20a5460a607d6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\Login_V3.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Windows\SysWOW64\cmdkey.exe
        Cmdkey /generic:termsrv/10.52.1.4 /user:bht\admin.bht /pass:Dr1vebayhub
        3⤵
          PID:2644
        • C:\Windows\SysWOW64\mstsc.exe
          mstsc /v:10.52.1.4
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2732
          • C:\Windows\system32\mstsc.exe
            mstsc /v:10.52.1.4
            4⤵
            • Enumerates connected drives
            • Suspicious behavior: AddClipboardFormatListener
            • Suspicious use of SetWindowsHookEx
            PID:2636
        • C:\Windows\SysWOW64\timeout.exe
          Timeout 3
          3⤵
          • Delays execution with timeout.exe
          PID:2720
        • C:\Windows\SysWOW64\schtasks.exe
          schtasks /run /s 10.52.1.4 /u bht\admin.bht /p Dr1vebayhub /tn check_doc_owner_task
          3⤵
            PID:2576
          • C:\Windows\SysWOW64\cmdkey.exe
            Cmdkey /delete:termsrv/10.52.1.4
            3⤵
              PID:2496

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Login_V3.bat
          Filesize

          304B

          MD5

          95452e87e6e7a446c8ed21d11a925e81

          SHA1

          c31e9fca4af84127410252be452821fb17b3c46c

          SHA256

          2a366cc0b61130e2f1867cf1145088e77dda4ca09fe3cc81d0ad5e9cccaa12c8

          SHA512

          4898310664bad6a47b294b09d4c34c74b63c484853e95eaaeebb9f38192fcc759f8b0ba34d8e984fac0f0a4d1abf17836c413b44c56b75b2db0acc9a55ea7bd8

          Download Submit