Overview

overview

10

Static

static

3

RuntimeBrokerVers.exe

windows7-x64

7

RuntimeBrokerVers.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    13-11-2024 06:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RuntimeBrokerVers.exe

  • Size

    13.1MB

  • MD5

    ae312065fea9d2bb96daf340a2684e80

  • SHA1

    2a4db6fca345b56225ca3be9e95c33b97cabc212

  • SHA256

    7ba7384b9e549f4acd31b23cf4cd91db380899f8a517477e50d3087139322340

  • SHA512

    b0bc9fab62e36fcfa78148ddeb39762e5097cb5a922f1c07f45bcd523346be4c5646653d4ea3eaee9fabda104ebe17f4066cdf0f29fc72c1ce6cc23302d019c3

  • SSDEEP

    196608:s//oYEafIlN5XRmU8bKQqrB9fuFGb0nmxS/qbmI0B8w0nwBUHVLe3Sfxbwk3VKMh:YAF+OIU8bYfvS/NBp5+xbB3VKM4r2MZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RuntimeBrokerVers.exe
    "C:\Users\Admin\AppData\Local\Temp\RuntimeBrokerVers.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Users\Admin\AppData\Local\Temp\onefile_2776_133759536284790000\RuntimeBrokerVers.exe
      "C:\Users\Admin\AppData\Local\Temp\RuntimeBrokerVers.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2776_133759536284790000\python311.dll
    Filesize

    5.5MB

    MD5

    5a5dd7cad8028097842b0afef45bfbcf

    SHA1

    e247a2e460687c607253949c52ae2801ff35dc4a

    SHA256

    a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

    SHA512

    e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_2776_133759536284790000\RuntimeBrokerVers.exe
    Filesize

    23.2MB

    MD5

    9da475283bf43a72fff5b3988c6e6d97

    SHA1

    157496af6e84f30b7d1d5eb5e1fd37c135c45526

    SHA256

    15aeead1e505b265f034e33fd0e3349baa7dcda707679cc9d63c80f50750196b

    SHA512

    4da03e98987f1344c91172fcf30059cedbe05b5da95fd52f21b5ce3e19dc9f5ff340259b28a0e13f933ee133e3621396d65c578a37acfce90e40eb6cb3e408ad

    Download Submit