Overview

overview

10

Static

static

7

info.zip

windows7-x64

1

info.zip

windows10-2004-x64

1

IMG001.scr

windows7-x64

8

IMG001.scr

windows10-2004-x64

8

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$R9/NsCpuC...32.exe

windows7-x64

7

$R9/NsCpuC...32.exe

windows10-2004-x64

7

$R9/NsCpuC...64.exe

windows7-x64

7

$R9/NsCpuC...64.exe

windows10-2004-x64

7

$R9/Plugin...os.dll

windows7-x64

3

$R9/Plugin...os.dll

windows10-2004-x64

3

$R9/Plugins/inetc.dll

windows7-x64

3

$R9/Plugins/inetc.dll

windows10-2004-x64

3

$R9/Plugins/tftp.exe

windows7-x64

8

$R9/Plugins/tftp.exe

windows10-2004-x64

10

$R9/Stubs/bzip2.exe

windows7-x64

3

$R9/Stubs/bzip2.exe

windows10-2004-x64

3

$R9/Stubs/...id.exe

windows7-x64

3

$R9/Stubs/...id.exe

windows10-2004-x64

3

$R9/Stubs/folder.ico

windows7-x64

3

$R9/Stubs/folder.ico

windows10-2004-x64

3

$R9/Stubs/icon.ico

windows7-x64

3

$R9/Stubs/icon.ico

windows10-2004-x64

3

$R9/Stubs/lzma.exe

windows7-x64

3

$R9/Stubs/lzma.exe

windows10-2004-x64

3

$R9/Stubs/rar.ico

windows7-x64

3

$R9/Stubs/rar.ico

windows10-2004-x64

3

$R9/Stubs/uninst

windows7-x64

1

$R9/Stubs/uninst

windows10-2004-x64

1

Analysis

  • max time kernel
    9s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-09-2024 05:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $R9/Stubs/bzip2.exe

  • Size

    34KB

  • MD5

    7ac2315d458a6c78f81f7167b164ef37

  • SHA1

    f501956f346fe7ac49454f5eae54907eeb247f1d

  • SHA256

    a32a41c520aa1d08d8e5cbc18c1994f92d47bede5cb8d3aca761579d242d249d

  • SHA512

    00802299e1161ac3a3849678a0515e2ed4548a9c1397635fb546683a525f2dbaab8b90875d81821bc66b76c6669a309922284e818f510fb0d81d0c317458919b

  • SSDEEP

    768:FqVnDX38+t1ehxQ7unyskUplx3tUeLTjWfgeOVGM4jjfS3XJvai:kjs+t1ehxQuntkULceeM4sXJz

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$R9\Stubs\bzip2.exe
    "C:\Users\Admin\AppData\Local\Temp\$R9\Stubs\bzip2.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 412
      2⤵
      • Program crash
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads