Overview

overview

6

Static

static

3

fb046a393f...de.exe

windows7-x64

6

fb046a393f...de.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/08/2023, 08:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb046a393fa5157dfd9c7588cdee0a2f63a080ffa87f37c07e4108b122a64fde.exe

  • Size

    29KB

  • MD5

    0c703da6086c3f27b18ded94c3173e44

  • SHA1

    4ded32f04260e5359d04640d4ac7a2449e772bca

  • SHA256

    fb046a393fa5157dfd9c7588cdee0a2f63a080ffa87f37c07e4108b122a64fde

  • SHA512

    0414051bca55539e4821f1cc964bb45fa624b617e5eff8204f8a5178224405256816e4f693c1b5b62680ef17bf47f09b12d7c3c418b59653b97d8828af30dffa

  • SSDEEP

    384:Nbbgh0OJe1Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOnJh:pS816GVRu1yK9fMnJG2V9dHS8

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2788
      • C:\Users\Admin\AppData\Local\Temp\fb046a393fa5157dfd9c7588cdee0a2f63a080ffa87f37c07e4108b122a64fde.exe
        "C:\Users\Admin\AppData\Local\Temp\fb046a393fa5157dfd9c7588cdee0a2f63a080ffa87f37c07e4108b122a64fde.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4108
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:208
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2252

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        4f6a98f6a0625a7c9089572d4ed066e0

        SHA1

        678514020e3072e9996e5a916093bfacba0f2034

        SHA256

        0cb16d3c2e08e5a2c6fcc0f1b6af2013bfdcd49aba6e6d84e5fd0cddfab2e8fa

        SHA512

        5a27c30deb869eab41cfd0f624c3e8db4a3332faea951927594964866146105d75debc50dc682856f82b58f6cd812e4fcbfbffaefa36dcbeaee0b0beb45ff30e

        Download Submit

      • C:\Program Files\Google\Chrome\Application\chrome.exe
        Filesize

        2.8MB

        MD5

        6151ed30ba3db5e3ab09c633cb759c66

        SHA1

        28d548ee727f74aa378271cd49677560dc3cff68

        SHA256

        753d35d472d486ac87e88f887a7c3bcca3bc23cc6468b9dc98234e5d4519a1e2

        SHA512

        c49acc182eb195c983f513750b69c2bd2455be072e488f5b20ca4d52272e277cb599f694b2453dee94590b77e4b8b3549165130037b8301540e7b98eef5de9b5

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1043950675-1972537973-2972532878-1000\_desktop.ini
        Filesize

        9B

        MD5

        c0232c2f01c543d260713210da47a57b

        SHA1

        63f2c13c2c5c83091133c2802e69993d52e3ec65

        SHA256

        278e1b8fd3f40d95faaecf548098b8d9ee4b32e98a8878559c8c8dfcd5cd1197

        SHA512

        2ccfd67393a63f03f588296bb798d7a7d4ec2ea5d6ac486cb7bdf8a5a66b1df944d8b548f317e58bfe17dea2ae54e536ffe77bc11a43c931f3d10e299ab3fca0

        Download Submit

      • memory/4108-27-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4108-18-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4108-23-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4108-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4108-13-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4108-135-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4108-1264-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4108-4370-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4108-5-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4108-4806-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download