Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15-11-2024 09:45
Static task
static1
Behavioral task
behavioral1
Sample
RuntimeBrokerVers.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RuntimeBrokerVers.exe
Resource
win10v2004-20241007-en
General
-
Target
RuntimeBrokerVers.exe
-
Size
13.1MB
-
MD5
4fd34971f2551e33806360ba5ee86e5e
-
SHA1
a3f2fe7d770d45c0b98bdbdf3322614582e41d59
-
SHA256
e82fe9ce4fec710c6f02dc3ed738e5a88955d4d938957ec2b49119d5018ecb81
-
SHA512
1c01226cb0a061675a8af6db24dea570881bbd7a2d6c8e21aaf51884bf4b64a2011dcc881507fb0b0a0191f8dc180831833eb175f07d6fdee72ed11748183281
-
SSDEEP
393216:85CCDJlS/FyOUUGafnbRngsndGKLYHSJj:8oCytjGafSsdx4k
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2292 RuntimeBrokerVers.exe -
Loads dropped DLL 2 IoCs
pid Process 2900 RuntimeBrokerVers.exe 2292 RuntimeBrokerVers.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2900 wrote to memory of 2292 2900 RuntimeBrokerVers.exe 29 PID 2900 wrote to memory of 2292 2900 RuntimeBrokerVers.exe 29 PID 2900 wrote to memory of 2292 2900 RuntimeBrokerVers.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\RuntimeBrokerVers.exe"C:\Users\Admin\AppData\Local\Temp\RuntimeBrokerVers.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Users\Admin\AppData\Local\Temp\onefile_2900_133761375135432000\RuntimeBrokerVers.exe"C:\Users\Admin\AppData\Local\Temp\RuntimeBrokerVers.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2292
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.5MB
MD55a5dd7cad8028097842b0afef45bfbcf
SHA1e247a2e460687c607253949c52ae2801ff35dc4a
SHA256a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce
SHA512e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858
-
Filesize
23.1MB
MD5d71750b08d81d33e6bead1ceb707bc4f
SHA1ceb0fe13317e7ef87377d385e9cf869343958971
SHA2566d350fd6d807f267f5b615cf5937dabb99e5f30ed3b3310e1bf2aa2a34f93f8e
SHA5129cdc43bce53cc6b9a388b9fb50bf81db413432beb0b607d14942db6ceddceeb38cbeb9896916bf73a72e06731d16755f20a475523be63177996a3d9bcdd6fa0b