Overview

overview

7

Static

static

3

603ef02626...ba.exe

windows7-x64

7

603ef02626...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/09/2024, 01:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    603ef026260d8b171d64852d3167f51245db79514f045c59005cb13094e19bba.exe

  • Size

    2.1MB

  • MD5

    a26e3c5047080c42ff5ef9279c17d41e

  • SHA1

    d76c12740cc49b3421fcbeea91ecec5f01253b26

  • SHA256

    603ef026260d8b171d64852d3167f51245db79514f045c59005cb13094e19bba

  • SHA512

    96153b76378ee2a32fae1fdb1268c8d66ddb5b267b5f1d41202ce5bc186a0f76a557df15a2221d1d17b08635b505863d46ea48f5d470ac25b381458de58eb22a

  • SSDEEP

    49152:1yy2ZIezkaKQ8Vp/9dEhupMK+FvaX9sq8MgAd0Ixg:RdT3vld+EL+8qq8M9d0I

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\603ef026260d8b171d64852d3167f51245db79514f045c59005cb13094e19bba.exe
    "C:\Users\Admin\AppData\Local\Temp\603ef026260d8b171d64852d3167f51245db79514f045c59005cb13094e19bba.exe"
    1⤵
    • Checks BIOS information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C sc start vgc
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Windows\system32\sc.exe
        sc start vgc
        3⤵
        • Launches sc.exe
        PID:1784

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1972-1-0x00000000774E0000-0x00000000774E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1972-0-0x000000013FDC0000-0x000000014039F000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/1972-2-0x000000013FDC0000-0x000000014039F000-memory.dmp

          Filesize

          5.9MB

          Download