Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2024 15:09

General

  • Target

    bb2.exe

  • Size

    2.0MB

  • MD5

    810677a2ddfd49bfa9937111e70541e4

  • SHA1

    434af3697614f68f4578f29d7a863bcd1956fa0f

  • SHA256

    c1aa1f4be7a6d041df6b2acd63c8fa4dca37bfeb05e5d2a0404a643513bbb244

  • SHA512

    eb8d809649063af662a2b78939186b944985e07e6a82ae7c1b7f479c39509eea5f524b1f1ac2df03f344547a32a0406a9d2a448fb4a2ae3dcd3721d4400e186f

  • SSDEEP

    49152:tIBSURBTLEFbXL2momSkmmtEQQQUmemmmmmmIzme4ks:CSUXnEFX2momSkmmtEQQQUmemmmmmmIu

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb2.exe
    "C:\Users\Admin\AppData\Local\Temp\bb2.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 556
      2⤵
      • Program crash
      PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2156-0-0x0000000074B8E000-0x0000000074B8F000-memory.dmp

    Filesize

    4KB

  • memory/2156-1-0x0000000000C10000-0x0000000000E26000-memory.dmp

    Filesize

    2.1MB

  • memory/2156-2-0x0000000074B8E000-0x0000000074B8F000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.