Overview

overview

6

Static

static

3

fe70164681...cd.exe

windows7-x64

6

fe70164681...cd.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2023, 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe701646818df815e6cb3e26621e874a8d598545c26044e17dff1b644ebd7ccd.exe

  • Size

    26KB

  • MD5

    b6aa1b2ff7935f46847b8470067f2500

  • SHA1

    2b72bfdaaf24129083089f514586261b6717ca33

  • SHA256

    fe701646818df815e6cb3e26621e874a8d598545c26044e17dff1b644ebd7ccd

  • SHA512

    cd13d1dfbffc6d0f515c2c009f31270b131cbd04a5e9c6d7da87e6bc755b497677bd8a7b92e80e34ed92996b3d1cf67dc099af219a951b5bdd7f16046677d21f

  • SSDEEP

    768:gp181ODKAaDMG8H92RwZNQSwcfymNBg+g61GoZw:mmfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1980
      • C:\Users\Admin\AppData\Local\Temp\fe701646818df815e6cb3e26621e874a8d598545c26044e17dff1b644ebd7ccd.exe
        "C:\Users\Admin\AppData\Local\Temp\fe701646818df815e6cb3e26621e874a8d598545c26044e17dff1b644ebd7ccd.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4092
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4324
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:4080

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        d284596a2f6500f2b2507f019006f537

        SHA1

        bd1c9ec2a3364ddce7189c6cdd9ccaea54f3d72c

        SHA256

        2573750654dc06389e06718086dfd0230ec9b7477986c2844fc34ef0bbcde5c5

        SHA512

        c9e4d69b2c5321b6cf04e092c90ef3e58ab1eb6bf47c0b1d9b8b754704d9a00531ddfdaacbf5e88cf55b797f7867d184da3876689e3e42bf7e4e4356f29ea9b2

        Download Submit

      • C:\Program Files\Google\Chrome\Application\chrome.exe
        Filesize

        2.8MB

        MD5

        4f1a26b67b7aa8cca7f7fe1d12d87fad

        SHA1

        525f0570ee07d6dd20c23daa45b477304d61b6a6

        SHA256

        36ff88a16e0fbf589d153d34f11b14f6e8376ddba399d4bc677d58477c38f44a

        SHA512

        4670de53fb54dc21332146c85d399408dc3dcc933a5a2a027db7d6f5dc9a555f56187adcbb79f7a36b29cf3586994c272390d69cb98ecf3c31f5b8284fac92d7

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2890696111-2332180956-3312704074-1000\_desktop.ini
        Filesize

        9B

        MD5

        2c012c1af0648018cb6d8f5d91a5a1df

        SHA1

        a55ab94d1fdb3374bee98660f16093ebca4e9258

        SHA256

        50313ae96f06443d8a81be791ed17d2060cbbe0b3ab5675290bf34eabbbdce3a

        SHA512

        1db76dae120f6de58372c7aec1c84b213242e991bdd92fb1a327b32bb91af55bab93719d55d49ae3712bf0b42998d561960ffe086bb3e42e806acc248ce1664e

        Download Submit

      • memory/4092-23-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-14-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-19-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-27-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-13-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-123-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-1264-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-2761-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-5-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4092-4806-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download