Overview

overview

6

Static

static

3

000a5a6eb5...39.exe

windows7-x64

6

000a5a6eb5...39.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    000a5a6eb5145fa5f6efca8c651e71df66fea96e76d65e45571a0a1bf9b07939.exe

  • Size

    26KB

  • MD5

    ae26fc09106ef9dc7e9ade522fa68b02

  • SHA1

    089067f07b53c0123ffd5b576055de16e7e44d74

  • SHA256

    000a5a6eb5145fa5f6efca8c651e71df66fea96e76d65e45571a0a1bf9b07939

  • SHA512

    22aaa03ae403650c67c34a51d8ab94e48d23a0fd448c7b43be232c93a9b1d4b69fdda639f44bc923bbb3af300b62e2c055394e09fdf503fe4e5c3b0a756da8cd

  • SSDEEP

    768:gciVA1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:gvVSfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1240
      • C:\Users\Admin\AppData\Local\Temp\000a5a6eb5145fa5f6efca8c651e71df66fea96e76d65e45571a0a1bf9b07939.exe
        "C:\Users\Admin\AppData\Local\Temp\000a5a6eb5145fa5f6efca8c651e71df66fea96e76d65e45571a0a1bf9b07939.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2096
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2944
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:3064

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        aaf26595eb481222b6ffa53838a00948

        SHA1

        0762d990629a7052957c1d46400e90a045328404

        SHA256

        e60d63534671568f41b7bc4fa2d6069ba4ef216be084ffe5cf628149e8f88ce9

        SHA512

        6ddfc97644e2f745f6eaa40cb6d98f33f7b8f6c9af3ae55bf3b44e3c3cf0899ecbb2aad85910c073c766fd04715a2748ef0614858afb351eeaf0693d87f5dbb3

        Download Submit

      • C:\Program Files\SuspendCompare.exe
        Filesize

        95KB

        MD5

        156ad57f25fee55e00a3dbd3f2539c30

        SHA1

        43e4d9b113e3ac961601e75ab36667fd7b5a19e0

        SHA256

        1eaac750d6c9163f488bee1a910dd62dcec4f9446fb4ae36c202a44d2caa384a

        SHA512

        0ef2a0ea0fc86530abd64fb247f7875831e15ae4e98ee160eefbb6e61be008ee4dbd1397701949da215156210804f52819b24a1f85f46af967c2196ecb309926

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2180306848-1874213455-4093218721-1000\_desktop.ini
        Filesize

        10B

        MD5

        dbf19ca54500e964528b156763234c1d

        SHA1

        05376f86423aec8badf0adbc47887234ac83ef5a

        SHA256

        bfa0ad2e861e2369dc239edf8f62fbe1c4507d877ec2f76e46e48f1e68fdd5ae

        SHA512

        fb8ce1253ad6d3c1b7d970614dbc2d21574576336a490b54a8dc705a3d8637c0669747ba821fb2f4da14d7447dc24607aca988b0cd3bd9fc4d9d5988b4b631d0

        Download Submit

      • memory/1240-5-0x00000000029F0000-0x00000000029F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2096-8-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2096-15-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2096-21-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2096-67-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2096-73-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2096-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2096-1826-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2096-2325-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2096-7-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2096-3287-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download