Overview

overview

10

Static

static

10

Botnets PA...t].exe

windows7-x64

8

Botnets PA...t].exe

windows10-2004-x64

8

Botnets PA...d9.dll

windows10-2004-x64

1

Botnets PA...ip.dll

windows7-x64

1

Botnets PA...ip.dll

windows10-2004-x64

1

Botnets PA...er.exe

windows7-x64

8

Botnets PA...er.exe

windows10-2004-x64

8

Botnets PA...vg.exe

windows7-x64

3

Botnets PA...vg.exe

windows10-2004-x64

3

Botnets PA...til.js

windows7-x64

3

Botnets PA...til.js

windows10-2004-x64

3

Botnets PA...ib.dll

windows7-x64

1

Botnets PA...ib.dll

windows10-2004-x64

1

Botnets PA...er.exe

windows7-x64

8

Botnets PA...er.exe

windows10-2004-x64

8

Botnets PA...ip.dll

windows7-x64

1

Botnets PA...ip.dll

windows10-2004-x64

1

Botnets PA...er.exe

windows7-x64

8

Botnets PA...er.exe

windows10-2004-x64

8

Botnets PA...mm.exe

windows7-x64

3

Botnets PA...mm.exe

windows10-2004-x64

3

Botnets PA...UI.exe

windows7-x64

8

Botnets PA...UI.exe

windows10-2004-x64

8

Botnets PA...ce.dll

windows10-2004-x64

1

Botnets PA...ip.dll

windows7-x64

1

Botnets PA...ip.dll

windows10-2004-x64

1

Botnets PA...er.exe

windows7-x64

8

Botnets PA...er.exe

windows10-2004-x64

8

Botnets PA...32.exe

windows7-x64

3

Botnets PA...32.exe

windows10-2004-x64

3

Botnets PA...er.exe

windows7-x64

8

Botnets PA...er.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-08-2024 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Botnets PACK/Botnets PACK/BetaBotBuilder Leaked by Bull/npnul32/secur32.exe

  • Size

    2.1MB

  • MD5

    5cd9a43e3c6cc8f399aa315b7599c370

  • SHA1

    f2a143f0f2cb5a8a6681b42b857597f53df177bf

  • SHA256

    56436ae6f5093a83f858b3d641041cff9d1bb8ee7f2ee539b880491875f71d4e

  • SHA512

    05e1c27d3201b12cd0b0be10ebf09fff059a58ae75856bbc23fb0577db54b4a925736385db98c4e86c475fb3c01ce9ca66a008cacec2c234915b7a2a1a4f584e

  • SSDEEP

    49152:nlYeWDDNj+6l2Zq6Wl7wBfDlr1wB6h/92I52stZeDyDNmggXGYJU1YG:2eEDdll6tvOBi/8I52st8DyDNZYK+G

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\Botnets PACK\Botnets PACK\BetaBotBuilder Leaked by Bull\npnul32\secur32.exe
    "C:\Users\Admin\AppData\Local\Temp\Botnets PACK\Botnets PACK\BetaBotBuilder Leaked by Bull\npnul32\secur32.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:212
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 212 -s 468
      2⤵
      • Program crash
      PID:7412
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 212 -ip 212
    1⤵
      PID:7388

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/212-0-0x0000000000400000-0x00000000006C7000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/212-1-0x0000000075F20000-0x0000000076135000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/212-3274-0x0000000000400000-0x00000000006C7000-memory.dmp

      Filesize

      2.8MB

      Download