Overview

overview

10

Static

static

3

build.exe

windows7-x64

6

build.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2024 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    build.exe

  • Size

    3.6MB

  • MD5

    159cb32f97f5a5297b9ef46e16556631

  • SHA1

    d9a2cee6035f972e395015c0847ffd491a65b284

  • SHA256

    452c77d9be7b82107a1325d98f75d0194e61c311e4fa7204a15b52e42bc3c2d2

  • SHA512

    6e974f974d1cb3104e20a51cbe7a636bd81af111ff64784f58a3194acaf6970545436cdc9ee6182a58c168e5aed68a3929baddf0c5227743496ee252136c1e77

  • SSDEEP

    98304:2kqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13C:2kSIlLtzWAXAkuujCPX9YG9he5GnQCAL

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\build.exe
    "C:\Users\Admin\AppData\Local\Temp\build.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ee641c09-dbe0-40e6-a9f4-f8ad1ad32b60.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1136
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:1356
        • C:\Windows\system32\taskkill.exe
          taskkill /F /PID 1812
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2360
        • C:\Windows\system32\timeout.exe
          timeout /T 2 /NOBREAK
          3⤵
          • Delays execution with timeout.exe
          PID:1708

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\CabDA9.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Stealerium-Latest.log
      Filesize

      2KB

      MD5

      d3ac7c0f4af96aea827fe024f21cb3c0

      SHA1

      1df41f08d345d1c4ccae903063d2fd3ca7b908a2

      SHA256

      e7cf3b2450ceb772724d724dd7fbfeea3027bd83ddf3b7b41f9ba5d2193abe2d

      SHA512

      cfb99fa85b2a813bb6ecebac6c5b0c9eca0c8100fad4e0e49a2e577fed8ace1d5b36050dff8a054c140c3f866303fe8a55bda3669f77953a74169175516761a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarDBC.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ee641c09-dbe0-40e6-a9f4-f8ad1ad32b60.bat
      Filesize

      152B

      MD5

      1ef7f9a049fcc52e5240cf1215caf585

      SHA1

      7891a61ce033fd3975f6d72e7b9dd1c289cbab07

      SHA256

      1dfd173049a213b11618e853109ab20363da9b5762c46b52a23bd7b7cd308a77

      SHA512

      87f0305a4138bb68344287607dd245fe45020acac901e0f10386bf75fc912130c9359589bd041e184df21aaa329ea001cb39b3150ec2db94cc769c77b043854d

      Download Submit

    • memory/1812-0-0x000007FEF5B33000-0x000007FEF5B34000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1812-1-0x00000000003F0000-0x000000000078C000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/1812-2-0x000007FEF5B30000-0x000007FEF651C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1812-91-0x000007FEF5B33000-0x000007FEF5B34000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1812-92-0x000007FEF5B30000-0x000007FEF651C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1812-210-0x000007FEF5B30000-0x000007FEF651C000-memory.dmp

      Filesize

      9.9MB

      Download