Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-12-2024 15:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bb2.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
bb2.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
bb2.exe
-
Size
2.0MB
-
MD5
810677a2ddfd49bfa9937111e70541e4
-
SHA1
434af3697614f68f4578f29d7a863bcd1956fa0f
-
SHA256
c1aa1f4be7a6d041df6b2acd63c8fa4dca37bfeb05e5d2a0404a643513bbb244
-
SHA512
eb8d809649063af662a2b78939186b944985e07e6a82ae7c1b7f479c39509eea5f524b1f1ac2df03f344547a32a0406a9d2a448fb4a2ae3dcd3721d4400e186f
-
SSDEEP
49152:tIBSURBTLEFbXL2momSkmmtEQQQUmemmmmmmIzme4ks:CSUXnEFX2momSkmmtEQQQUmemmmmmmIu
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2320 2156 WerFault.exe 29 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bb2.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2156 wrote to memory of 2320 2156 bb2.exe 30 PID 2156 wrote to memory of 2320 2156 bb2.exe 30 PID 2156 wrote to memory of 2320 2156 bb2.exe 30 PID 2156 wrote to memory of 2320 2156 bb2.exe 30