Overview

overview

6

Static

static

3

d3ec625c0e...00.exe

windows7-x64

6

d3ec625c0e...00.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2023, 22:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3ec625c0e6ffa6a270bca41fcb9e966ee0bc162d0ddae993b3b1252d49bf300.exe

  • Size

    27KB

  • MD5

    e9ee3524e66c3ea245fc6d68854d7a22

  • SHA1

    223eb15895212bd1e01016c92514211252ac8d9e

  • SHA256

    d3ec625c0e6ffa6a270bca41fcb9e966ee0bc162d0ddae993b3b1252d49bf300

  • SHA512

    589c878a35e951bd11af0f474a3f0ca470ec9346bff3f34c67e608d4c057d64e10c9927dedb9e1814c48a98f957c198279bad4e665391eccc79aa06f2c5eb530

  • SSDEEP

    384:MJhG1Gt5M0zhIV/DZ3KZp7JcTO4yf9KFL/KaUUqd3qR+FlYTj9QTN0wpD9p5Cs:OG16GVRu1yK9fMFLKaTxsujCT7pZpY

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1260
      • C:\Users\Admin\AppData\Local\Temp\d3ec625c0e6ffa6a270bca41fcb9e966ee0bc162d0ddae993b3b1252d49bf300.exe
        "C:\Users\Admin\AppData\Local\Temp\d3ec625c0e6ffa6a270bca41fcb9e966ee0bc162d0ddae993b3b1252d49bf300.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2976
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1492
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:1092

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        76acd25d25089a18b98e1c1d459e7858

        SHA1

        10f3a2ec6bfb0e3139b682ac7223fd8f34dce9e7

        SHA256

        7266c8cce994735b9c2b331123d58d29fed61210a6ddbdedb1200387631232ef

        SHA512

        f7acae0d9f58107606a9b75ffe5667e754660041e1fd6fa585fbdb9a4ee04e7c70350b2b8b93a9f9a48ab52b0eafb381e580e725173d0e9350f58e71e0d441ba

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        874KB

        MD5

        4b27412b5b7fd0b86caf6130d642e84c

        SHA1

        b08d36528116466fb192757830d4f72cec93a6b0

        SHA256

        1f8753433c71144ad0043c02a4bef2078b5590c7776c0cefaf86a5caea56941d

        SHA512

        c950567af7db0ca52b9acc8a167879745a355f8671458f8da416974ad17e967fb5ab0cb6c3bc14dc558338b16d3cd483b11b2662ab901e4a667b88abe6499fd4

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-607259312-1573743425-2763420908-1000\_desktop.ini
        Filesize

        10B

        MD5

        81570c50286369016cef7a9f904c4b04

        SHA1

        b5758b23667cb35cad0adb23371b830fcee4f4e5

        SHA256

        b882f41a5c84d248a75714eaf215a9e363a49361b6a14beedb921ee3dfdb46a1

        SHA512

        0e6c479b0252e24635810b7d030cc9b5b17603ee20ccf62812446b8d15884521c6c7be65dfc0090bb1502e859fae27c2a63b3e58be714021f473a88407982162

        Download Submit

      • memory/1260-5-0x0000000002A10000-0x0000000002A11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2976-22-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2976-20-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2976-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2976-67-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2976-73-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2976-75-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2976-15-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2976-1826-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2976-1830-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2976-7-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download