d081be1b5d2a03669ebb3e6da0bbaec5719eff055f2fa0907f9c14babc52805d

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

boiii.exe
Size

2.6MB
MD5

97bfa7a540f19c30482674b2f21b67f9
SHA1

6894ecf6ad21f4d235c239d88ff707bf65cb1cfa
SHA256

d081be1b5d2a03669ebb3e6da0bbaec5719eff055f2fa0907f9c14babc52805d
SHA512

31a5d89d5a2c6b2b728831344c4e0ce57940f75eb0e18a6f7e6442f79c820471de1a0d779c29e10c8218e2ab3aefb4a2f16b1b9cb15c87c2910e348dbf7a5347
SSDEEP

49152:8fon7Bdlt0qstfATd66FaebBiUJWEkmrH:4o7HGd68ebLWEnj

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
5	raw.githubusercontent.com
9	raw.githubusercontent.com
4	raw.githubusercontent.com

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1936	boiii.exe

C:\Users\Admin\AppData\Local\Temp\boiii.exe
"C:\Users\Admin\AppData\Local\Temp\boiii.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-0-0x0000000001C00000-0x0000000001C01000-memory.dmp

Filesize
4KB

Download