Overview

overview

5

Static

static

3

MalwareBazaar.exe

windows7-x64

3

MalwareBazaar.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MalwareBazaar.exe

  • Size

    1.3MB

  • MD5

    f50775e18e9da9d2f34006fad5fb7267

  • SHA1

    3ee47b2e6543dc06f2292440566a22377ba45bf6

  • SHA256

    d5033b91615c5b714b92362b7906982f577b7235b0bdc8433a03cbe0e8992730

  • SHA512

    15508603ba08a2b6fa86483462e47871179be55f499ec009bec68fbb0ec03092448afeddfaf73d4d6fded90c9d7e8a16c4e92d5677357e381713692de148df7a

  • SSDEEP

    24576:Lf+6UNxk0J91B3B/V2P0JqZ79szrLP9SPvYVVPa+41v6OuYdCie:LG6U80JHB3B/V2PdZ9Wv2vYVVPS0Pnj

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
    "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
      "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
      2⤵
        PID:648
      • C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
        "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
        2⤵
          PID:1736
        • C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
          "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
          2⤵
            PID:2028
          • C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
            "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
            2⤵
              PID:2360
            • C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
              "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
              2⤵
                PID:2780

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2544-0-0x00000000746BE000-0x00000000746BF000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2544-1-0x00000000003A0000-0x00000000004EC000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/2544-2-0x00000000746B0000-0x0000000074D9E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2544-3-0x0000000000500000-0x0000000000512000-memory.dmp

              Filesize

              72KB

              Download

            • memory/2544-4-0x0000000000640000-0x000000000064E000-memory.dmp

              Filesize

              56KB

              Download

            • memory/2544-5-0x0000000004FB0000-0x000000000505A000-memory.dmp

              Filesize

              680KB

              Download

            • memory/2544-6-0x00000000746B0000-0x0000000074D9E000-memory.dmp

              Filesize

              6.9MB

              Download