787b2ba609ccaf1fdbf3f16624899f968f1f7f85d1d9a66f1884b385f84f9ebd

Analysis

max time kernel
119s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

878b7cb6ac844f487fb27285a4fc2e00N.exe
Size

395KB
MD5

878b7cb6ac844f487fb27285a4fc2e00
SHA1

9223ea7fa664eef5c44860681014d3ba123af71c
SHA256

787b2ba609ccaf1fdbf3f16624899f968f1f7f85d1d9a66f1884b385f84f9ebd
SHA512

fb6466f1d58893bbbf07e430f67a1014a0b87c7e627503873ab079c240e5c9a1bf78954a9786b4e03eb6a0e0192c2b74123b99e5c10da3c85729ed41a2f9a256
SSDEEP

12288:4jauDReWczWyAzsVI1Iqt34sVgbg/ikat47ZosNoz8ZmGT+h6SimZGBbtM:4DDKWy3CZ0

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1096	boacck.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\boacck.exe"	boacck.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	878b7cb6ac844f487fb27285a4fc2e00N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	boacck.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 1096	2832	878b7cb6ac844f487fb27285a4fc2e00N.exe	84
PID 2832 wrote to memory of 1096	2832	878b7cb6ac844f487fb27285a4fc2e00N.exe	84
PID 2832 wrote to memory of 1096	2832	878b7cb6ac844f487fb27285a4fc2e00N.exe	84

C:\Users\Admin\AppData\Local\Temp\878b7cb6ac844f487fb27285a4fc2e00N.exe
"C:\Users\Admin\AppData\Local\Temp\878b7cb6ac844f487fb27285a4fc2e00N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2832
- C:\ProgramData\boacck.exe
  "C:\ProgramData\boacck.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:1096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
395KB

MD5
7aa6ce7270ba242711e40246942b07bb

SHA1
577ade070b4110f87132a78bb3bf5d11a2c81c76

SHA256
388b018559ce75268fa88b13951fdac0798dd706d43f8ada6ff705e81b7093ab

SHA512
31f320f3855f0da538dc878dc527f25f9fd410125517b1056616216eba39dbd1ea295d3d4bb0405eefb9a91719597e7e70180bb31fe4d23d97283dcbaee77c50

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
136KB

MD5
cb4c442a26bb46671c638c794bf535af

SHA1
8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

SHA256
f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

SHA512
074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

Download Submit
C:\ProgramData\boacck.exe

Filesize
258KB

MD5
575441ff9067406b3edb87ec48641886

SHA1
4d119233fb4250b0353cc30e4c3865e6e5bfaee5

SHA256
0d2fba65996f86125940469988a668f9f5ee61bf33ab6e0e24982111c5efee35

SHA512
27e17c4e2b6282781e52239a743c993a7fbb2f52baf28f78cffbc5a42b76436b9ec3ed8eb8a66944fd76afa089dbe544ff24b2c6519ab475fb10bb2e38817e48

Download Submit
memory/1096-130-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/2832-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2832-1-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2832-9-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads