Overview

overview

3

Static

static

3

bye.exe

windows7-x64

bye.exe

windows10-2004-x64

Analysis

  • max time kernel
    6s
  • max time network
    7s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    08-07-2024 04:16

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    bye.exe

  • Size

    89KB

  • MD5

    4ced7d7d7b8e0a7d8bbba231640c7661

  • SHA1

    b4cc662573bb2cd80036e255e67c0007dd812373

  • SHA256

    b78ae42b266dd7af2dbcc13264271c88b8cdfb360fdf67b8572e8ec9cf90cea9

  • SHA512

    79071b60ed8354691510d10b5e1525051949c57b668ac750ef65c7b0afe6af11aab5b131d2fe106a96ddd0b3fb8c2240546f287e6299015647850546f8ae5760

  • SSDEEP

    1536:H7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf9wZOm:b7DhdC6kzWypvaQ0FxyNTBf9K

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bye.exe
    "C:\Users\Admin\AppData\Local\Temp\bye.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\D6A0.tmp\D6A1.tmp\D6A2.bat C:\Users\Admin\AppData\Local\Temp\bye.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Windows\system32\shutdown.exe
        shutdown /s /f /t 0
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3016
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2864
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2844

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\D6A0.tmp\D6A1.tmp\D6A2.bat
        Filesize

        41B

        MD5

        224fe57e38658dbcc7f90070f1273d2b

        SHA1

        0748b12fe004fec6b0d9f56bb496bf67284acf33

        SHA256

        5b1b8c548812d65af138e35b8da173f0faf435509f4257715527beee37a4873f

        SHA512

        5de3b5eb32f29b778cbf1e1e4d69c2e7306a5a4396453a717b1c9973f884d5134fc51ebbd6e8e6153a4add661e318332233a73d3761ee505119c95465ba44803

        Download Submit

      • memory/2844-3-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2864-2-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download