Overview

overview

10

Static

static

3

MalwareBazaar.exe

windows7-x64

10

MalwareBazaar.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-07-2024 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MalwareBazaar.exe

  • Size

    549KB

  • MD5

    a2a727c5efacf8ab6028c4524e21bef9

  • SHA1

    d3ea7079959667ad786a7142371f536feb537802

  • SHA256

    c293bf33914dcab819681869283b39b23b45fb608d42fa3a26562d301eab3746

  • SHA512

    822accf498440732a5df498558d33e9191a62b5b6386dbaec0784abb27c93865cb0dae15a43c99515f1c5cbb217151a80659b915a5b3c07a550a6d2b02bc8c20

  • SSDEEP

    12288:tLfCKKKKKI1KFeGkSrsUQ1nILHMEDm73l8a5+JS2rLaOvjKFDSLJPo7yF1mAm:tBEkQ1nILzClFiS2iYeNSZo26Am

Score
8/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell and hide display window.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
    "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -windowstyle hidden "$Nervures=Get-Content 'C:\Users\Admin\AppData\Local\Bagtes\zygomata.Coo';$Omfangsbedmmelses64=$Nervures.SubString(24976,3);.$Omfangsbedmmelses64($Nervures)"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:452
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 2268
        3⤵
        • Program crash
        PID:2668
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 452 -ip 452
    1⤵
      PID:4796

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Bagtes\zygomata.Coo
      Filesize

      68KB

      MD5

      e3a338313194482f28d8e74771889d09

      SHA1

      97ee237e38a3ef18a938334dec3a5aff1bffbcab

      SHA256

      e910d5f3afd1733a1824afc9a9dbb1c78529a2a5c63e24601038aa81241e9b7a

      SHA512

      301b208278db99007e10e9827d304fce475844239213e09f98054dd43e72891b84b6816b6bc58c1439df8ef7d74f9f8ef8ee1925736637c064e4481dc6baea6c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_emqjfqpv.lxl.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/452-12-0x00000000736D0000-0x0000000073E80000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/452-27-0x0000000005C60000-0x0000000005CAC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/452-8-0x00000000736DE000-0x00000000736DF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/452-13-0x0000000005390000-0x00000000053B2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/452-20-0x00000000055A0000-0x0000000005606000-memory.dmp

      Filesize

      408KB

      Download

    • memory/452-19-0x0000000005530000-0x0000000005596000-memory.dmp

      Filesize

      408KB

      Download

    • memory/452-11-0x00000000736D0000-0x0000000073E80000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/452-25-0x0000000005710000-0x0000000005A64000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/452-26-0x0000000005C20000-0x0000000005C3E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/452-10-0x0000000004D20000-0x0000000005348000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/452-28-0x0000000006C80000-0x0000000006D16000-memory.dmp

      Filesize

      600KB

      Download

    • memory/452-29-0x0000000006150000-0x000000000616A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/452-30-0x00000000061D0000-0x00000000061F2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/452-31-0x00000000072D0000-0x0000000007874000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/452-9-0x0000000002650000-0x0000000002686000-memory.dmp

      Filesize

      216KB

      Download

    • memory/452-33-0x0000000007F00000-0x000000000857A000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/452-35-0x00000000736D0000-0x0000000073E80000-memory.dmp

      Filesize

      7.7MB

      Download