Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/03/2025, 06:15
General
-
Target
bd707a0357b19ea6953d47900bb051e3.exe
-
Size
9.0MB
-
MD5
bd707a0357b19ea6953d47900bb051e3
-
SHA1
8beefca61bdb6d8086bd6f3e16d86eab575138a2
-
SHA256
979c2c3e2496830b8778123e349c9b00168ffef73fbc0f7e53ff110147f9be6c
-
SHA512
4e458c7b4e6ca8e77c783ea92ca511816fed9b7525c0805982b0350e7713210afcc11e6004005200192172ab65ab2eb115a5eba4f60e448bfea1d38cf9bbf718
-
SSDEEP
196608:jxSZrxSZExSZfU+2at3DS7sJav43YmOZdqUJ9quict4zvv0uP:jxSZrxSZExSZfU+2aJDSgJnmqukY4zHN
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe.bat" "2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\timeout.exetimeout /t 1 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe" relaunch3⤵
- Executes dropped EXE
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
399B
MD518f7e01be92f7674eb444b559e1e0696
SHA1f5eeb0adc69bddebadab8928f13a54fd13fe5c86
SHA256ee7d2a9beaf743a23e22d7d0442389ed861e6100e8409085aab6979e5acb21c9
SHA51255ec9320d26282b2646a3e84a365876a5a1b6db70d5ebbbf0d69daf597b41093020e09d7db8663b50333be50ae87542c55b6c96aba635e8a6c40e1ce60a9d3fc
-
Filesize
9.2MB
MD5c24ff340e48d178d624057668f394940
SHA18527e0b22692f1c0b2cc75e523138b99ca3ea5c5
SHA2560e1dcc12b1109ce83894fcaa99e62cb16475169566a4079c6582ba4f4ff0214c
SHA512fb7960aad36f3d68780771ef85a68af8093ca4789737e1de11627b08936fc3121b2652df2e0b587fb85fe5daa18d50a8484993cd249ac088f2d0f5ff9579498f
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
80KB
-
Filesize
9.9MB
-
Filesize
7.1MB
-
Filesize
80KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
3.8MB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
1.3MB
-
Filesize
7.1MB