Overview

overview

7

Static

static

3

Braincrush...NG.zip

windows7-x64

1

Braincrush...NG.zip

windows10-2004-x64

7

Analysis

  • max time kernel
    361s
  • max time network
    334s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 01:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Braincrush Auth Server TESTING.zip

  • Size

    8KB

  • MD5

    e4a86feb3b29f575f082e4d232366e40

  • SHA1

    ebbfb801d5930cf6e3bdb231d0c9c64d28a94b2f

  • SHA256

    3b210c7bdf6c253b862580ccf098b261afe3ca7f154084df3611979a51949ccc

  • SHA512

    5ab58dabe88ad050b88c5b06deab1fe94a5cffa40477b3a7ebe3c783188ddd02868d10661867e94e3d6cc55c459f134443d8e159f2c10482028af5595d51a93f

  • SSDEEP

    192:/HIy0nfjJ+f5fpbg0D2PH0/J1GN6EqLJN2BmSxar562pg:wy0tUeFG5gn2W

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Braincrush Auth Server TESTING.zip"
    1⤵
      PID:3464
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2288
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Braincrush Auth Server TESTING\" -spe -an -ai#7zMap15919:118:7zEvent8810
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4960
      • C:\Users\Admin\Desktop\Braincrush Auth Server TESTING\BraincrushServerMonitor.exe
        "C:\Users\Admin\Desktop\Braincrush Auth Server TESTING\BraincrushServerMonitor.exe"
        1⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1824
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 1176
          2⤵
          • Program crash
          PID:3852
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1824 -ip 1824
        1⤵
          PID:2996

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Desktop\Braincrush Auth Server TESTING\BraincrushServerMonitor.exe
          Filesize

          9KB

          MD5

          d9d62f8e1690a6ee72ce3729cb5617af

          SHA1

          57cac2391e7bfb6fc90aa83c2a6d11fbec9ed26c

          SHA256

          0999fd28050e231fe5611c945dfed098c7ea351c1f4111958ccd78c2ef6e2a00

          SHA512

          61b3e0f21e58fda1b5692c8ac42f49ff00c5dfec6a1d1f4d4b5c3b1a6822521cda174fd7bf40a4a99527b79c9017eadc1c0f2c63d0f5ca753102739d4b243a5e

          Download Submit

        • C:\Users\Admin\Desktop\Braincrush Auth Server TESTING\BraincrushServerMonitor.exe.config
          Filesize

          189B

          MD5

          9dbad5517b46f41dbb0d8780b20ab87e

          SHA1

          ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

          SHA256

          47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

          SHA512

          43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

          Download Submit

        • C:\Users\Admin\Desktop\Braincrush Auth Server TESTING\BraincrushServerMonitor.pdb
          Filesize

          27KB

          MD5

          3e9b77be17f8447319c9c74a544c2ea4

          SHA1

          b659898a3f39e17f74a2c6e7583ffccf3329c7de

          SHA256

          111a540e39dd8e82e1e66a036c152dd2103c6826fc5e1e18b5f43d8636f47157

          SHA512

          9f00d677a7ed24379ff79c5406810788066157248a091692c503713c2cfdaf867bc793f5416a988e491a76fdc0b4a66b5b790749cbea821321cad77bbf88b614

          Download Submit

        • memory/1824-9-0x00000000006B0000-0x00000000006B8000-memory.dmp

          Filesize

          32KB

          Download