Overview
overview
10Static
static
10SilverBulletPro.exe
windows7-x64
7SilverBulletPro.exe
windows10-2004-x64
8errorlog.exe
windows7-x64
1errorlog.exe
windows10-2004-x64
1host.exe
windows7-x64
7host.exe
windows10-2004-x64
8x64/expections.exe
windows7-x64
7x64/expections.exe
windows10-2004-x64
8x64/lepton....0.dll
windows7-x64
1x64/lepton....0.dll
windows10-2004-x64
1x64/runtime.exe
windows7-x64
7x64/runtime.exe
windows10-2004-x64
7x64/tesseract53.dll
windows7-x64
1x64/tesseract53.dll
windows10-2004-x64
1Analysis
-
max time kernel
41s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04-10-2024 11:52
Behavioral task
behavioral1
Sample
SilverBulletPro.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SilverBulletPro.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
errorlog.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
errorlog.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
host.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
host.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
x64/expections.exe
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
x64/expections.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
x64/leptonica-1.82.0.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
x64/leptonica-1.82.0.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
x64/runtime.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
x64/runtime.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
x64/tesseract53.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
x64/tesseract53.dll
Resource
win10v2004-20240802-en
General
-
Target
SilverBulletPro.exe
-
Size
582KB
-
MD5
7792204600db976484caa3992b121b30
-
SHA1
9b343f3c67b13d9632ed862ee010a2aff0c6810c
-
SHA256
a1a301d6a034b7a656b955d18191cd817f255a918d92994678728a5b1b0367e8
-
SHA512
bd711debe936b21130dfdd273a117cb0c5d31bfc972dbe89827546c4210d6b19aaf6ce287ff502112c9796be07300147079f29ef334fdd1691dfded0e9f98920
-
SSDEEP
12288:Qtzww69TdCahIRMJuAfki/U7vsBqpq/S1Q:owNTd16M0/i/U7vqqpU
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
pid Process 1920 host.exe 632 expections.exe 2276 runtime.exe -
resource yara_rule behavioral1/files/0x000400000001cc0a-159.dat upx behavioral1/memory/1920-183-0x000007FEF6110000-0x000007FEF66F8000-memory.dmp upx behavioral1/files/0x000400000001cd7a-200.dat upx behavioral1/memory/632-203-0x000007FEF5B20000-0x000007FEF6108000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 1288 wrote to memory of 2512 1288 SilverBulletPro.exe 30 PID 1288 wrote to memory of 2512 1288 SilverBulletPro.exe 30 PID 1288 wrote to memory of 2512 1288 SilverBulletPro.exe 30 PID 2512 wrote to memory of 1808 2512 cmd.exe 32 PID 2512 wrote to memory of 1808 2512 cmd.exe 32 PID 2512 wrote to memory of 1808 2512 cmd.exe 32 PID 2512 wrote to memory of 2188 2512 cmd.exe 33 PID 2512 wrote to memory of 2188 2512 cmd.exe 33 PID 2512 wrote to memory of 2188 2512 cmd.exe 33 PID 2512 wrote to memory of 2256 2512 cmd.exe 34 PID 2512 wrote to memory of 2256 2512 cmd.exe 34 PID 2512 wrote to memory of 2256 2512 cmd.exe 34 PID 2512 wrote to memory of 2848 2512 cmd.exe 35 PID 2512 wrote to memory of 2848 2512 cmd.exe 35 PID 2512 wrote to memory of 2848 2512 cmd.exe 35 PID 2256 wrote to memory of 1920 2256 host.exe 36 PID 2256 wrote to memory of 1920 2256 host.exe 36 PID 2256 wrote to memory of 1920 2256 host.exe 36 PID 1808 wrote to memory of 632 1808 expections.exe 37 PID 1808 wrote to memory of 632 1808 expections.exe 37 PID 1808 wrote to memory of 632 1808 expections.exe 37 PID 2188 wrote to memory of 2276 2188 runtime.exe 38 PID 2188 wrote to memory of 2276 2188 runtime.exe 38 PID 2188 wrote to memory of 2276 2188 runtime.exe 38
Processes
-
C:\Users\Admin\AppData\Local\Temp\SilverBulletPro.exe"C:\Users\Admin\AppData\Local\Temp\SilverBulletPro.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A66D.tmp\A66E.tmp\A66F.bat C:\Users\Admin\AppData\Local\Temp\SilverBulletPro.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\x64\expections.exe"x64\expections.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:1808 -
C:\Users\Admin\AppData\Local\Temp\x64\expections.exe"x64\expections.exe"4⤵
- Loads dropped DLL
PID:632
-
-
-
C:\Users\Admin\AppData\Local\Temp\x64\runtime.exe"x64\runtime.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Users\Admin\AppData\Local\Temp\x64\runtime.exe"x64\runtime.exe"4⤵
- Loads dropped DLL
PID:2276
-
-
-
C:\Users\Admin\AppData\Local\Temp\host.exe"host.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Users\Admin\AppData\Local\Temp\host.exe"host.exe"4⤵
- Loads dropped DLL
PID:1920
-
-
-
C:\Users\Admin\AppData\Local\Temp\errorlog.exe"errorlog.exe"3⤵PID:2848
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
127B
MD573d208fe0c41846b488752abfb2a34a0
SHA16018e19d0bd85b37c250a2bd6b50acfd2a69a016
SHA2565a7048e751708bc8fc539a72826395b1ed802ded7aa599f4718c915cfea46a2f
SHA512d404cf3ac8fd02dc2dd8c488981bf8f7750aeaf298978ede98db0e479f867ab037b408ca505972f4844c9f96364468be1be62fca38af7c1816e524edc0ce980f
-
Filesize
1.6MB
MD5527923fc1de5a440980010ea5a4aaba1
SHA1ab2b5659b82a014e0804ab1a69412a465ae37d49
SHA256d94637faaa6d0dbd87c7ad6193831af4553648f4c3024a8a8d8adf549f516c91
SHA51251a67b02e49a36d11828831f334f4242dfa1c0ac557ed50892b5a7f4d6ff153edab5458c312e57d80ed1b40434037c75c9e933ccbf4a187ec57685bdb42cdfb6
-
Filesize
6.7MB
MD5550288a078dffc3430c08da888e70810
SHA101b1d31f37fb3fd81d893cc5e4a258e976f5884f
SHA256789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d
SHA5127244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723
-
Filesize
1.6MB
MD5bb46b85029b543b70276ad8e4c238799
SHA1123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c
SHA25672c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0
SHA5125e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31