Overview

overview

10

Static

static

10

Energetic ...nt.exe

windows7-x64

1

Energetic ...nt.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-09-2024 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Energetic Bear Implant.exe

  • Size

    1.9MB

  • MD5

    f901c645188f9c80afa8f49174f065ce

  • SHA1

    272bc9298b394760d68e14dcf479233800a098a9

  • SHA256

    9385d7e149bcda79e5a4291ad422c160be8297d029d04ee04c50240fe53aa900

  • SHA512

    8de72f93ab1a507a08a283da4e8948756364d45fa70e8332da424b27a9cb8d6c3ad93cb5062343a6cc8cf0009d7c7d3fef8e209f99fedbe02b7d2d5c010c291c

  • SSDEEP

    24576:7MWHiFDV07ECXo4tu619SbX7ZwwjeJJV+CBqAKngHu8LNZZ/LJCPlyPlVzOCr:WJ6qbroCn8u8jhL0PMtVSCr

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Energetic Bear Implant.exe
    "C:\Users\Admin\AppData\Local\Temp\Energetic Bear Implant.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cyber.avi
    Filesize

    492KB

    MD5

    979128b6017961ec9f5b961ede4d8fb3

    SHA1

    08163ba22e83273398a851b164c4a2cd364dc809

    SHA256

    989101a0ae548a578aba8612ee89696bea81e899c92f0b697ea31e6db53f10fc

    SHA512

    afc1a8c4f80c57b27cfb764ce6d8354c1700ae90baed4d7562796f235087f900dfeb486ecd7602bf3b50a2ff470e410925f5cdb7ff89fe7a576abaf18621a626

    Download Submit

  • memory/2080-6-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-7-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-13-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-3-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-14-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-8-0x000007FF00380000-0x000007FF0038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-9-0x000007FEF67B7000-0x000007FEF67D5000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2080-18-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-5-0x000007FEF67B7000-0x000007FEF67D5000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2080-4-0x000007FF00380000-0x000007FF0038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-2-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-22-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-23-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-27-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-52-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-53-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2080-54-0x0000000000140000-0x000000000014A000-memory.dmp

    Filesize

    40KB

    Download