Overview

overview

10

Static

static

10

bca3772529...45.exe

windows7-x64

10

bca3772529...45.exe

windows10-2004-x64

10

bccb34575f...72.exe

windows7-x64

10

bccb34575f...72.exe

windows10-2004-x64

10

bcf1af9a5a...be.exe

windows7-x64

10

bcf1af9a5a...be.exe

windows10-2004-x64

8

bcf783e363...97.exe

windows7-x64

3

bcf783e363...97.exe

windows10-2004-x64

3

bd515574dc...8c.exe

windows7-x64

1

bd515574dc...8c.exe

windows10-2004-x64

1

bd68ca7605...39.exe

windows7-x64

10

bd68ca7605...39.exe

windows10-2004-x64

10

bd707a0357...e3.exe

windows7-x64

9

bd707a0357...e3.exe

windows10-2004-x64

9

bd7edfedeb...0b.exe

windows7-x64

10

bd7edfedeb...0b.exe

windows10-2004-x64

10

bdad1ff46d...f2.exe

windows7-x64

10

bdad1ff46d...f2.exe

windows10-2004-x64

10

bdae9ff159...df.exe

windows7-x64

10

bdae9ff159...df.exe

windows10-2004-x64

10

be01d2552c...1c.exe

windows7-x64

10

be01d2552c...1c.exe

windows10-2004-x64

10

be077774c9...87.exe

windows7-x64

10

be077774c9...87.exe

windows10-2004-x64

10

be0a8aeb7e...56.exe

windows7-x64

3

be0a8aeb7e...56.exe

windows10-2004-x64

3

be1643898c...f5.exe

windows7-x64

7

be1643898c...f5.exe

windows10-2004-x64

10

be183db6d4...94.exe

windows7-x64

10

be183db6d4...94.exe

windows10-2004-x64

10

be2375e810...94.exe

windows7-x64

10

be2375e810...94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250313-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd707a0357b19ea6953d47900bb051e3.exe

  • Size

    9.0MB

  • MD5

    bd707a0357b19ea6953d47900bb051e3

  • SHA1

    8beefca61bdb6d8086bd6f3e16d86eab575138a2

  • SHA256

    979c2c3e2496830b8778123e349c9b00168ffef73fbc0f7e53ff110147f9be6c

  • SHA512

    4e458c7b4e6ca8e77c783ea92ca511816fed9b7525c0805982b0350e7713210afcc11e6004005200192172ab65ab2eb115a5eba4f60e448bfea1d38cf9bbf718

  • SSDEEP

    196608:jxSZrxSZExSZfU+2at3DS7sJav43YmOZdqUJ9quict4zvv0uP:jxSZrxSZExSZfU+2aJDSgJnmqukY4zHN

Score
9/10
defense_evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    defense_evasion
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
    defense_evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe
    "C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Looks for VMWare Tools registry key
    • Checks BIOS information in registry
    • Checks computer location settings
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1560
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4512
      • C:\Windows\system32\timeout.exe
        timeout /t 1 /nobreak
        3⤵
        • Delays execution with timeout.exe
        PID:6136
      • C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe
        "C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe" relaunch
        3⤵
        • Executes dropped EXE
        PID:4784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bd707a0357b19ea6953d47900bb051e3.exe.log
    Filesize

    1KB

    MD5

    5cb90c90e96a3b36461ed44d339d02e5

    SHA1

    5508281a22cca7757bc4fbdb0a8e885c9f596a04

    SHA256

    34c15d8e79fef4bddec7e34f3426df3b68f8fc6deac29ea12d110f6c529fe3bb

    SHA512

    63735938c841c28824e3482559df18839930acc5ea8600b1074439b70a2f600a92f41593568e49991f25f079e7f7361b4f1678feadbf004f6e9e4d51d36598d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe.bat
    Filesize

    399B

    MD5

    18f7e01be92f7674eb444b559e1e0696

    SHA1

    f5eeb0adc69bddebadab8928f13a54fd13fe5c86

    SHA256

    ee7d2a9beaf743a23e22d7d0442389ed861e6100e8409085aab6979e5acb21c9

    SHA512

    55ec9320d26282b2646a3e84a365876a5a1b6db70d5ebbbf0d69daf597b41093020e09d7db8663b50333be50ae87542c55b6c96aba635e8a6c40e1ce60a9d3fc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bd707a0357b19ea6953d47900bb051e3.exe.tmp
    Filesize

    9.2MB

    MD5

    694ca97482c7dd1a4027ad216b575f3c

    SHA1

    50a05de7d0e61e6d1cd17c6cc0f27f0580870586

    SHA256

    2ac1bc3c3d94c4bd6fadcef78f65a98c281f6fe468ed356c7776e08bc9569420

    SHA512

    e672384f621b73976888289881d1f04c7782a143ff9b915eb38316b2c41c611c2d272bd7c458f3d40728ddd3aa23f7b42336c6a96a22aed4fec479585f2cbfc6

    Download Submit

  • memory/1560-4-0x00000202B1D00000-0x00000202B20D6000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1560-3-0x0000020299150000-0x0000020299164000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1560-5-0x00007FFCD19D0000-0x00007FFCD2491000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1560-6-0x00007FFCD19D0000-0x00007FFCD2491000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1560-7-0x00007FFCD19D0000-0x00007FFCD2491000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1560-8-0x00007FFCD19D0000-0x00007FFCD2491000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1560-9-0x00007FFCD19D0000-0x00007FFCD2491000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1560-0-0x00007FFCD19D3000-0x00007FFCD19D5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1560-16-0x00007FFCD19D0000-0x00007FFCD2491000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1560-2-0x00000202B1BB0000-0x00000202B1CFE000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1560-1-0x0000020296E70000-0x0000020297580000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/4784-20-0x00007FFCD1920000-0x00007FFCD23E1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4784-21-0x00000224558C0000-0x00000224558D4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4784-22-0x00007FFCD1920000-0x00007FFCD23E1000-memory.dmp

    Filesize

    10.8MB

    Download