Overview

overview

8

Static

static

3

bd7303de7c...cN.exe

windows7-x64

8

bd7303de7c...cN.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2025 08:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd7303de7c0aab78b788dfc289cad7a12b8c9987076ff5d0fe11c819922ec0dcN.exe

  • Size

    518KB

  • MD5

    f32c6f3be8c7020340b7530b86e88b00

  • SHA1

    bf0256c1427152d6857d626e265078b4cecdf4ac

  • SHA256

    bd7303de7c0aab78b788dfc289cad7a12b8c9987076ff5d0fe11c819922ec0dc

  • SHA512

    bef5f624f56cdbbb3b840d870e0fef25f3609388758d28e671898085a3d115644b2cdca5fd78a4e15c11e1141b89f9bb7eaed2ad7ebad993ba878c4a7992db6f

  • SSDEEP

    12288:HtKe6Zv23Y31Juc0jKLy2w/z5oTfVEzytsA+MvpeZ+:b6Zv2YubK1wr5oyzytD+y++

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd7303de7c0aab78b788dfc289cad7a12b8c9987076ff5d0fe11c819922ec0dcN.exe
    "C:\Users\Admin\AppData\Local\Temp\bd7303de7c0aab78b788dfc289cad7a12b8c9987076ff5d0fe11c819922ec0dcN.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:4328
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 712
      2⤵
      • Program crash
      PID:2408
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 4328 -ip 4328
    1⤵
      PID:3508

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\concp32.exe
      Filesize

      523KB

      MD5

      9a2d686530d93b500ddf918229045936

      SHA1

      96410e712b5314a66d13e78fae06c75ab7dc233b

      SHA256

      0b662644660f1357862dcd60691b12da0fc72817d78be2eb2f4d5aa1ca010222

      SHA512

      b129b8226d6dccec5127f8c9745248d10fe902ab6d3bbb82bbff45d8eac09b890fa4b365795fcd85f2738538c0a53376bffbe08f5c430faf48ccb4234f0b3f8a

      Download Submit

    • memory/4328-0-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/4328-7-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download