Overview

overview

10

Static

static

7

c22b74bb5b...0b.exe

windows7-x64

10

c22b74bb5b...0b.exe

windows10-2004-x64

10

$PLUGINSDI...el.dll

windows7-x64

7

$PLUGINSDI...el.dll

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$_13_/PowerRun64.exe

windows7-x64

4

$_13_/PowerRun64.exe

windows10-2004-x64

3

$_13_/SetACL64.exe

windows7-x64

1

$_13_/SetACL64.exe

windows10-2004-x64

1

$_13_/bn.bat

windows7-x64

1

$_13_/bn.bat

windows10-2004-x64

1

$_13_/bn1.bat

windows7-x64

10

$_13_/bn1.bat

windows10-2004-x64

10

$_13_/bnn.bat

windows7-x64

1

$_13_/bnn.bat

windows10-2004-x64

1

$_13_/bnz.bat

windows7-x64

1

$_13_/bnz.bat

windows10-2004-x64

1

$_13_/dotN...up.exe

windows7-x64

7

$_13_/dotN...up.exe

windows10-2004-x64

7

$_13_/dotN...up.exe

windows7-x64

7

$_13_/dotN...up.exe

windows10-2004-x64

7

$_13_/mbby...iy.exe

windows7-x64

3

$_13_/mbby...iy.exe

windows10-2004-x64

3

$_13_/win_...rp.exe

windows7-x64

3

$_13_/win_...rp.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2024, 16:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $_13_/PowerRun64.exe

  • Size

    923KB

  • MD5

    efe5769e37ba37cf4607cb9918639932

  • SHA1

    f24ca204af2237a714e8b41d54043da7bbe5393b

  • SHA256

    5f9dfd9557cf3ca96a4c7f190fc598c10f8871b1313112c9aea45dc8443017a2

  • SHA512

    33794a567c3e16582da3c2ac8253b3e61df19c255985277c5a63a84a673ac64899e34e3b1ebb79e027f13d66a0b8800884cdd4d646c7a0abe7967b6316639cf1

  • SSDEEP

    24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$_13_\PowerRun64.exe
    "C:\Users\Admin\AppData\Local\Temp\$_13_\PowerRun64.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:4484
    • C:\Users\Admin\AppData\Local\Temp\$_13_\PowerRun64.exe
      "C:\Users\Admin\AppData\Local\Temp\$_13_\PowerRun64.exe" /P:393300
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4440
      • C:\Users\Admin\AppData\Local\Temp\$_13_\PowerRun64.exe
        "C:\Users\Admin\AppData\Local\Temp\$_13_\PowerRun64.exe" /P:393300
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2068
        • C:\Users\Admin\AppData\Local\Temp\$_13_\PowerRun64.exe
          "C:\Users\Admin\AppData\Local\Temp\$_13_\PowerRun64.exe" /TI/ /P:393300
          4⤵
          • Suspicious behavior: GetForegroundWindowSpam
          PID:3464

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\$_13_\PowerRun64.ini
          Filesize

          3KB

          MD5

          375f1a831d6771d25ecc9dd89459ed16

          SHA1

          353ab61897090cf2742be012be4c0390e2f7f3f0

          SHA256

          c097863ca93d776c0d4f42a61aa21e8137568a018b8730f7f293ad4cad1a070e

          SHA512

          9b1ab901df7fbd7553e9ff6c7de31847895f6be37ef74433b05442df23c88563d4616549b923cf1cdb51910045ec61de4773f7eab5031f0aca8da073ffc5cea5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\szgsarh
          Filesize

          81KB

          MD5

          940b1915cadee0e2b33d80799816f6c7

          SHA1

          2c10e4fec3e8c054055d1ed78757117575f273f2

          SHA256

          81e89e7266cfe5158e44f5578c8be61353e781daebdd47a33597e9ec503d379c

          SHA512

          cc3c574fd5392c1b54146b591e22b1c01c95e34a602c403ad96c49b7ee6ad31d1478a00cc1334286addc5cb94496372a172745e9ad20554023e1e22c7da1e1c5

          Download Submit

        • C:\Windows\Temp\autA3D1.tmp
          Filesize

          25KB

          MD5

          436c1bb98deeccecb73fad945f1dd3dc

          SHA1

          774313ba911945589971bbc73498d81f060dabe6

          SHA256

          05eae1691149cc66e458d5e5b4430bd3b938b278b8bdb2c887a13c9871004c51

          SHA512

          66ea41b9b4a42f7c40d1ce5b6e82a6f03e8489648b912d96a81efa13d340d4d651078df7c1302c595ca83408e7208d1d79f02165dc27383952a9abe7f851c3e2

          Download Submit