Overview

overview

6

Static

static

3

e3c3821d97...2f.exe

windows7-x64

6

e3c3821d97...2f.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2023, 02:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e3c3821d97d831fe32ef85bf7e78b397eba5cd839568aeae330e28e702eb662f.exe

  • Size

    26KB

  • MD5

    2da5a57d1ba2ed4b46bc3c9817948557

  • SHA1

    8b28792220f874e0abd68de5d946c3ae111f6abb

  • SHA256

    e3c3821d97d831fe32ef85bf7e78b397eba5cd839568aeae330e28e702eb662f

  • SHA512

    29940a2b80714d8f816a0d6b4f5d93cfb4aeae5e0303f6f06d5091a3e0dc405ae1a1def41ea5e2e709ed6c20d4f4fd8f1d9527ca6eb4eb6d6cf1bc5fce4a7e91

  • SSDEEP

    768:6M71ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:6MxfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1268
      • C:\Users\Admin\AppData\Local\Temp\e3c3821d97d831fe32ef85bf7e78b397eba5cd839568aeae330e28e702eb662f.exe
        "C:\Users\Admin\AppData\Local\Temp\e3c3821d97d831fe32ef85bf7e78b397eba5cd839568aeae330e28e702eb662f.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1952
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2256
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:1760

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
              Filesize

              251KB

              MD5

              5725841defcb7e0548144bdc53e0b867

              SHA1

              dd8c3c919b9ee5d068c5c42ba049cc2898add5c5

              SHA256

              7a1876d6402a6e910fe1ace26d0fc6a0ae27599d0258f9352f6b81bc2b4b72a3

              SHA512

              de6785d1de40c6b86ec99918bd3b0e884a81377ad1d353799cd34a3399cde727ccbcd48af0880cd5f48ee9ef1bb98fa8f870a83c38f8b9aea77cbea2ade0331c

              Download Submit

            • C:\Program Files\7-Zip\7zFM.exe
              Filesize

              873KB

              MD5

              25b103da011c601d4f3575acb6badefa

              SHA1

              e09061728a44cc049301e6c2c3c35a8a5af4164a

              SHA256

              c62802627b8d2eed481b553d6a0c996a2667a9845ef2e5b3a084d190dd8eefe0

              SHA512

              ab65f281739b792e8ea4bfe9371352d63e52b110b3e7f3d44adc03bbda96dc1658255260b788827029dd1ffa73484ad57958d729b98ca0b85be78a16685cb8a9

              Download Submit

            • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
              Filesize

              471KB

              MD5

              4cfdb20b04aa239d6f9e83084d5d0a77

              SHA1

              f22863e04cc1fd4435f785993ede165bd8245ac6

              SHA256

              30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

              SHA512

              35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-377084978-2088738870-2818360375-1000\_desktop.ini
              Filesize

              9B

              MD5

              2326d479b287193a70f520700dc8d23e

              SHA1

              afea66d3788a50debd6f5d4c9dd51f68a4477e64

              SHA256

              95d41561a1467d20977f59108e85da181e0b4dfd3db9e40182ae7378c4a927f8

              SHA512

              cb971c406ddf7147536a6a1569d4ff49d7219aa52cde5d110be1109874d66daace832d423d7969af9e6bbc9738a65734c7e68e994591b7677aad51fa0f52cf37

              Download Submit

            • memory/1268-5-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1952-66-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1952-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1952-73-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1952-20-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1952-1825-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1952-14-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1952-3285-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1952-7-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download