Overview

overview

8

Static

static

78150127ed...31.exe

windows7-x64

8

78150127ed...31.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2022, 19:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    78150127edf6b95f5206fc37648c6dee4670dd803fad738abaa9e000ba612a31.exe

  • Size

    130KB

  • MD5

    16d518f07b60a68155e3bcd1d38d66ae

  • SHA1

    50e5d757e176947c982a5e8681edd7a015a8deb1

  • SHA256

    78150127edf6b95f5206fc37648c6dee4670dd803fad738abaa9e000ba612a31

  • SHA512

    8bbcaa000d66e42a59887d9eddef5285837bb1ad654d4610a27c571f3d71cb37c4fa2d637045e219cf36147fd120d47d413a9dfcb17b35f1df450d344002606d

  • SSDEEP

    3072:HbRBxl5RBzt8OP4xI6xjVwYarMQO0I85aR4:nxl5Rdy646mzWON85L

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78150127edf6b95f5206fc37648c6dee4670dd803fad738abaa9e000ba612a31.exe
    "C:\Users\Admin\AppData\Local\Temp\78150127edf6b95f5206fc37648c6dee4670dd803fad738abaa9e000ba612a31.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4196
    • C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2544
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        3⤵
          PID:2696
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a77B5.bat
        2⤵
          PID:4832

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\$$a77B5.bat
              Filesize

              722B

              MD5

              d5c3e8917472b4bec070689201ccc86a

              SHA1

              799d3429d0f190ada54565215da4e7e2171335d9

              SHA256

              26dc3851fd37f7f0a343dc660d0dabaefa35e85e100f358a98ed7ecc8a54cb88

              SHA512

              c0e55a1fc51ae9fa293da1c351c9d2d73d8c9fe793ff1abd33bc9a940348c1c2d858c7948e56d8dbf2fda282e5dcf827e7c07f243bcd22344506f0e8f008e6af

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\78150127edf6b95f5206fc37648c6dee4670dd803fad738abaa9e000ba612a31.exe.exe
              Filesize

              28KB

              MD5

              542c8af218f89a936478c2806c6ecb87

              SHA1

              4d867ebf6554cefa80481497fc183c9d387aaf4f

              SHA256

              57d161cbc7359f488d500f53b4b13b8f3a3741d43ea2786fe88de01fc47ce8aa

              SHA512

              9206b2ac45d251c36a6c7fad1e22797fa099696b78b65171675e1eed5b4580e973da3443ca85dd2e4bf71fc23335843266ab83b6fe12307bbff325ba760be26a

              Download Submit

            • C:\Windows\SysWOW64\wmdrtc32.dll
              Filesize

              40KB

              MD5

              03ebc053c8eec6b4f4afbbb5dc64b169

              SHA1

              9ed172dbce1a6a1dd20e08a9720afba210eee79c

              SHA256

              ad25714f5c7eb2e27742b5e0886e865fc8884e8b65cb863d2aeba0c6dbff2d02

              SHA512

              40eab99574ea6614341b869239b014a74cdc24da0c4be69681eaab18de72bbef14ad4cf36215e39eff4978b8ed074762ce25bb85a042219ac5db5cb46390e9ff

              Download Submit

            • memory/4196-134-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4196-135-0x0000000010000000-0x0000000010015000-memory.dmp

              Filesize

              84KB

              Download

            • memory/4196-138-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4196-139-0x0000000010000000-0x0000000010015000-memory.dmp

              Filesize

              84KB

              Download