Overview

overview

6

Static

static

3

bca3437de6...07.exe

windows7-x64

6

bca3437de6...07.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20230824-en
  • resource tags

    arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
  • submitted
    30/08/2023, 19:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bca3437de621987841058ccb9894481d00072b92d1dc2028c83e4e4da6d68d07.exe

  • Size

    29KB

  • MD5

    f927e5fde0dfcf57a6f3fe9ae8a06f66

  • SHA1

    6ce2c8aaa52d35337d8badc47f4d689a80da18c7

  • SHA256

    bca3437de621987841058ccb9894481d00072b92d1dc2028c83e4e4da6d68d07

  • SHA512

    6dbff3589e1cf5f634f0d08610486c6c9f88e92c6eb201cbeea5a30c2b3e01a2248d2eaa441846e6c15b60d17701dbe0cf307921cf2081b7a6590d285d90d89c

  • SSDEEP

    384:NbbL+1Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOnJh:pO16GVRu1yK9fMnJG2V9dHS8

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bca3437de621987841058ccb9894481d00072b92d1dc2028c83e4e4da6d68d07.exe
    "C:\Users\Admin\AppData\Local\Temp\bca3437de621987841058ccb9894481d00072b92d1dc2028c83e4e4da6d68d07.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2448
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        3⤵
          PID:2096
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1204

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\7-Zip\7zFM.exe
              Filesize

              876KB

              MD5

              751fb3baa92790f13bc71f7823dc1c42

              SHA1

              248674e8e9a78ee82f54e348116788d10dc47c14

              SHA256

              36d66bb0888a8c7b0d431bfd128579a8d43d7142ce1c1cef4172efbdbcb071dd

              SHA512

              721f96ee04196edfee4a5a08de1edbdac6c5988378fa4bf044ca1042afb53850a5e4e4dc8cba51dbf9cd9d5d74872ea28d448c1f90ec64e2fd637b3579dbdf77

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-1528014236-771305907-3973026625-1000\_desktop.ini
              Filesize

              9B

              MD5

              12552b9021ecf1e73a82450bf9743eda

              SHA1

              2310e07e90a56edfc666f3b107bf20a44698d1e8

              SHA256

              d4edfeefd9fb37b8a99f9678d010a0325f6a4d03bcdf2a55de9d8366f1de907b

              SHA512

              452dd208242815c3c5f05c9accdc21923bcc2d7b304cbbb59352c087e4a8b9bb7f5d950fd5f3c1a44dd4426a018e7cd5e800c01c7ea650b55a18f753e686a0f2

              Download Submit

            • memory/1204-5-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1504-69-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1504-17-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1504-23-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1504-0-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1504-75-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1504-9-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1504-87-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1504-190-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1504-286-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1504-329-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download