Overview

overview

6

Static

static

3

2f29233712...b7.exe

windows7-x64

6

2f29233712...b7.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    151s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f292337123ea05cc319571922a428f66484d75d7151ef5fb3514e98f10e62b7.exe

  • Size

    26KB

  • MD5

    ef359495270e5486e41e1c35ba24d436

  • SHA1

    b692ac26ea0813782ee3c34875c2d1108a252986

  • SHA256

    2f292337123ea05cc319571922a428f66484d75d7151ef5fb3514e98f10e62b7

  • SHA512

    eb6483f2bacb356e4d0d4dcc8c14486e42459c201971df9252bd0ba3bc7b4e2120c9687090b7fde7f8595fa52013f220b2b529eec4052e46c2478d1e3594b671

  • SSDEEP

    768:y1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:UfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1280
      • C:\Users\Admin\AppData\Local\Temp\2f292337123ea05cc319571922a428f66484d75d7151ef5fb3514e98f10e62b7.exe
        "C:\Users\Admin\AppData\Local\Temp\2f292337123ea05cc319571922a428f66484d75d7151ef5fb3514e98f10e62b7.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2036
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2348
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:1736

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        61bef8c82fe3a524a635981cc08741c0

        SHA1

        3311ff5766e25acf5ba33667c86ee28208f5b49d

        SHA256

        2d0e5449ccb198a03c4a99c9e6d86ed7ed4ba69250de5ef758ca0848b7d9761c

        SHA512

        a06d7deb52be18d8049d764f048d2720c0ed11139877859b70a7a8e6b25387fd3babc8c450454e6199ce04b7146fbcd4ba0472a9e074857b49ef2a6c22b14c39

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        873KB

        MD5

        efd018b956e2d2b742c7856a57d7609c

        SHA1

        8d273885c9b4358dfaa2c81ae706647444949ac6

        SHA256

        bca17930399fb5d3e4ef45ff0ecf19d2d8223258eac11a16f2adefa5b7275d00

        SHA512

        36034c2e80b58ce2ec80896630eb60a4cc2b2deb72084610100cced956d2b83381d76c429b024a79854b379aa9f0359efdcbc8339b43dd473b1288504f2649a1

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2180306848-1874213455-4093218721-1000\_desktop.ini
        Filesize

        10B

        MD5

        dbf19ca54500e964528b156763234c1d

        SHA1

        05376f86423aec8badf0adbc47887234ac83ef5a

        SHA256

        bfa0ad2e861e2369dc239edf8f62fbe1c4507d877ec2f76e46e48f1e68fdd5ae

        SHA512

        fb8ce1253ad6d3c1b7d970614dbc2d21574576336a490b54a8dc705a3d8637c0669747ba821fb2f4da14d7447dc24607aca988b0cd3bd9fc4d9d5988b4b631d0

        Download Submit

      • memory/1280-5-0x00000000029F0000-0x00000000029F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2036-8-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2036-15-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2036-21-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2036-67-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2036-73-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2036-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2036-1825-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2036-7-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2036-2427-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2036-3286-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download