Overview

overview

5

Static

static

5

MalwareBazaar.exe

windows7-x64

5

MalwareBazaar.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    92s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MalwareBazaar.exe

  • Size

    1.3MB

  • MD5

    abfddc4a2efc5df57ea9d3915a6f3dba

  • SHA1

    f674f09ae8c7032e567b0aaad73f14012b37948f

  • SHA256

    c90b07c5a8fc34bd981b78834dcf6822f48c81db37d3c4e078dbd77e64d6d03b

  • SHA512

    792a6698d70d3362ce44642e7f55383c20a87a2f47714983967f48332c9e48c8a141d119d4ec86d1061707528d41e255ef1016375e10f0752ac6e89a4e9df968

  • SSDEEP

    24576:FqDEvCTbMWu7rQYlBQcBiT6rprG8a4URG7vfBiQzN01jvslSIwZEV+klA:FTvC/MTQYxsWR7a4URG7vfBiQziOS+h

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
    "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\autAD28.tmp
    Filesize

    359KB

    MD5

    c1e3b005755c1ee47d0cd787bbbcb2d9

    SHA1

    9ddf47c1af3ff238928f31e10cd374630f0a1874

    SHA256

    cd29d30382d41c08b3d3dbceb15c7caea566595b3a6eb0ce43e570f569e42308

    SHA512

    8bc3770cf237e034044832811d7e451b48adb4339cfc971c1fd4b8b44fed653b9d700f199008c20e9a2d73cc5bc5b5d29b5f60f446e99fe794accd61ddbe8aad

    Download Submit

  • memory/1872-14-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1872-16-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1872-17-0x0000000003000000-0x000000000334A000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1872-18-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1872-19-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/4628-13-0x0000000002A90000-0x0000000002A94000-memory.dmp

    Filesize

    16KB

    Download