Overview

overview

7

Static

static

3

b82426cda9...49.exe

windows7-x64

7

b82426cda9...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-08-2023 19:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b82426cda9ed45d3321498c4773c2b1472de2baa01756812b1f87d73ac54c949.exe

  • Size

    118KB

  • MD5

    f99ef8eb09b24dd7026e9680f666a54e

  • SHA1

    f8ee5da2e1ce2f12481b67494b583f1781a95de4

  • SHA256

    b82426cda9ed45d3321498c4773c2b1472de2baa01756812b1f87d73ac54c949

  • SHA512

    93f3590216028c22b5c26aca08534f677b1b9e82f57f454e4ca5601110cd41de42317a2041d97eb2d3230509a8bef1807570731c7d0c7f18e81e2487086dc8a6

  • SSDEEP

    1536:OmfgLdQAQfcfymNG+Kxwmn4Y4Ykv8JEn6M04HiKq7UkPlHae5:7ftffjmNoxwmn4YtkcQ6M04HalEy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3144
      • C:\Users\Admin\AppData\Local\Temp\b82426cda9ed45d3321498c4773c2b1472de2baa01756812b1f87d73ac54c949.exe
        "C:\Users\Admin\AppData\Local\Temp\b82426cda9ed45d3321498c4773c2b1472de2baa01756812b1f87d73ac54c949.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2992
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEEF.bat
          3⤵
          • Suspicious use of SetWindowsHookEx
          PID:1132
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1060
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2616
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:556

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        edf07d233b5fa4fbd83febae9adf82d9

        SHA1

        59dc0562df337c65f823037d474db6fe30c18e57

        SHA256

        3cfee539be1a2652082a554d73be98d00611a00e9a65c61877c843dea89d3a0d

        SHA512

        d17ee9f317bcf4f1fbdae2adc71b30427d0f9e398295c40333c871d6ee58a487682fb238f3e3e78f5cca28e6af86497eb29aea2dbc10ecdf9b7fde7a7194f30b

        Download Submit

      • C:\Program Files\ProtectDebug.exe
        Filesize

        690KB

        MD5

        ae20401e650dab7ec454a3f12f7e3cfb

        SHA1

        6675171bef025a252a20bfe653ce39d6c88f9f84

        SHA256

        12cd9e59dbda8e31799cdc799d165a077f78af1172f039da5e293c44a2d4370e

        SHA512

        1b5b157b6b83ba5c6dc0f42265baea2f5f4180973b8510e7bacb5bb886719b116d62664763826cf475c2378253714a3478d80fa60afcd8492bda6a881a1338a1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$aEEF.bat
        Filesize

        721B

        MD5

        18e0112e36144020d154086494593599

        SHA1

        766f42d1b4064de7e14485a84f4ac102d3276ce6

        SHA256

        71ca6af29f51461c7eb50ce0eedd84e80625d30a038f9681db9d32081680811b

        SHA512

        5ded75c8a0a0669883d6a1b766e540df41811476762c53d5df7aa53f561951295723f85eae9b200ed9d3071a58c848f70568b93c6d50d35fd4b77c762f0c5e9a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\b82426cda9ed45d3321498c4773c2b1472de2baa01756812b1f87d73ac54c949.exe.exe
        Filesize

        91KB

        MD5

        13bd3153788cd2b2507707cf4cfffad3

        SHA1

        37222b1be626903e89a840760394561bf0f46264

        SHA256

        33870552c399350caa27ef708d0a883a366da5e08b7231301103427da5092b3a

        SHA512

        f0f1fd5ed49214c68c22832c9f33acc826a4e4284fafa51b14241ffb04b2c0f30fe356c4110270768981aa1fe8bdc8beb9a19b01ffe872dbb925fd5280ad0f6d

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        76d139dc82d0b5e4f8f9231f1a8ec2b4

        SHA1

        d3af685526a7e0dddef11d6a5ce4a28334c4bf8a

        SHA256

        9510462fe48643e4b616c731af8388e5fb614b36da73122d21f85a96aec71d66

        SHA512

        967ef8402d092b89f11190cb8dfa37068f6e70f6b049139ddd38ca2e12e180616cc9e6b8268c60844e8a0c4bd44f98a81723f98ec0ab2aa76c6aa5507c4744db

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        76d139dc82d0b5e4f8f9231f1a8ec2b4

        SHA1

        d3af685526a7e0dddef11d6a5ce4a28334c4bf8a

        SHA256

        9510462fe48643e4b616c731af8388e5fb614b36da73122d21f85a96aec71d66

        SHA512

        967ef8402d092b89f11190cb8dfa37068f6e70f6b049139ddd38ca2e12e180616cc9e6b8268c60844e8a0c4bd44f98a81723f98ec0ab2aa76c6aa5507c4744db

        Download Submit

      • C:\Windows\rundl132.exe
        Filesize

        26KB

        MD5

        76d139dc82d0b5e4f8f9231f1a8ec2b4

        SHA1

        d3af685526a7e0dddef11d6a5ce4a28334c4bf8a

        SHA256

        9510462fe48643e4b616c731af8388e5fb614b36da73122d21f85a96aec71d66

        SHA512

        967ef8402d092b89f11190cb8dfa37068f6e70f6b049139ddd38ca2e12e180616cc9e6b8268c60844e8a0c4bd44f98a81723f98ec0ab2aa76c6aa5507c4744db

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-4176143399-3250363947-192774652-1000\_desktop.ini
        Filesize

        9B

        MD5

        2326d479b287193a70f520700dc8d23e

        SHA1

        afea66d3788a50debd6f5d4c9dd51f68a4477e64

        SHA256

        95d41561a1467d20977f59108e85da181e0b4dfd3db9e40182ae7378c4a927f8

        SHA512

        cb971c406ddf7147536a6a1569d4ff49d7219aa52cde5d110be1109874d66daace832d423d7969af9e6bbc9738a65734c7e68e994591b7677aad51fa0f52cf37

        Download Submit

      • memory/1060-18-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1060-25-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1060-31-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1060-36-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1060-41-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1060-12-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1060-1278-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1060-2605-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1060-4820-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2992-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2992-8-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download