Overview

overview

6

Static

static

3

25f91dbdf3...35.exe

windows7-x64

6

25f91dbdf3...35.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/10/2023, 07:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25f91dbdf33a79d04ef3286b0184b6cf7571a6809f412eb465c0851a1725c035.exe

  • Size

    26KB

  • MD5

    aa81527202a31901a862980388c26325

  • SHA1

    6bb4788475984392f7edd3901eeb795681669a8c

  • SHA256

    25f91dbdf33a79d04ef3286b0184b6cf7571a6809f412eb465c0851a1725c035

  • SHA512

    8f47e39839522d7ae6f7ed091eedb2f339637a93154af03a49163bee218bf007fddd091f9debbb776326e76861c1489f64c628218872891ee8e5990ec115e70f

  • SSDEEP

    768:/1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoZw:tfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3280
      • C:\Users\Admin\AppData\Local\Temp\25f91dbdf33a79d04ef3286b0184b6cf7571a6809f412eb465c0851a1725c035.exe
        "C:\Users\Admin\AppData\Local\Temp\25f91dbdf33a79d04ef3286b0184b6cf7571a6809f412eb465c0851a1725c035.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2848
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4012
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:1468

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        c3d4c0154ae8b003a1153c9068b0dfef

        SHA1

        a80a846b2eea08845e96bc151b53078d48cef779

        SHA256

        390da8c73d321cc1ad02eb3425021590c5367fe86d1135be11beed121bb7f414

        SHA512

        17f67aea0a4be721636a93a4fbcdf6037e7995dbca7e7884b59efceaa8a3e600214addd2145d4dbf6a2680f02c5a74ccdc44ab7ae5e451e0be6241fe906f8d1c

        Download Submit

      • C:\Program Files\Google\Chrome\Application\chrome.exe
        Filesize

        2.8MB

        MD5

        3470033b19e6d4233d108c41861724ee

        SHA1

        dda0c0bf37d88e0b1ebe2466990976b85a198e26

        SHA256

        b1da986a196bf484fde4c8c0099681913294079745da85aeb88e92d1dfac4074

        SHA512

        c3d0b8b99e3a24032656608f3f57fd5f77d91d822db50368df6a1cdd4f3941087108ce41b02b49086f88bb47826ccee5a1f69b2810671e8d3c5be06bc1e3daad

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3811856890-180006922-3689258494-1000\_desktop.ini
        Filesize

        10B

        MD5

        e0b221b9338753deceb4d4e7a6bf13e8

        SHA1

        56521251ff5aab737b3617dd82eb07df74ad588f

        SHA256

        3e46e7e2c6c9cf629a9230a5b1c5b196f727959b334cbb517641244ec5c4b065

        SHA512

        391e4ed4ed44dc677fd663677cb7e69e4c23e4a3629940e46cf757d812395a7876a93c3568d12e5dd99e06b7068e22397694cf54723efa3f0f5789b9687b5810

        Download Submit

      • memory/2848-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2848-5-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2848-13-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2848-18-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2848-23-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2848-27-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2848-158-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2848-1070-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2848-4632-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download