Overview

overview

6

Static

static

3

b387d22f30...3b.exe

windows7-x64

6

b387d22f30...3b.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    151s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2023 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b387d22f30238b4c492ed175b00e557be0e2ae6310d66d74cda01fb4c941413b.exe

  • Size

    26KB

  • MD5

    7b0d0d6e90e730da617cadad201595d4

  • SHA1

    10255eb44d25ef90577bfb4027450345ec244544

  • SHA256

    b387d22f30238b4c492ed175b00e557be0e2ae6310d66d74cda01fb4c941413b

  • SHA512

    43a2d077f666c2b4695019203c1084c6404d5000664446bb32887040eb4443c866e02ae4fe2d412126081a9215767c162a87405c05b844829cf428e16dc2ff58

  • SSDEEP

    768:7f1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoGwXnKx:7NfgLdQAQfcfymNG+Kx

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1292
      • C:\Users\Admin\AppData\Local\Temp\b387d22f30238b4c492ed175b00e557be0e2ae6310d66d74cda01fb4c941413b.exe
        "C:\Users\Admin\AppData\Local\Temp\b387d22f30238b4c492ed175b00e557be0e2ae6310d66d74cda01fb4c941413b.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2268
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2168
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:1336

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        49bd7a2d4e4c6cb85e53a405401bb97b

        SHA1

        69486189591789565ff332a2fe629f208eb1fb5c

        SHA256

        8e56abbed3c9ae0870958f2970e4408e6df8707d30b78da261add9fad3215565

        SHA512

        052eba26c5ecb96174839bcfec2b3274a7c1c890ab734a8744dcbfed96ee05f7ce98c94adb560a8b1b7d364170f3bba6b1b44dd2408cd25f7aa09fed4d7f3f1f

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        873KB

        MD5

        cddd08ccc21c4449be1eaa163e800aa8

        SHA1

        dabc3874338724875a49f44e3dc7e453cd33e331

        SHA256

        5fb823c96e8b734143ff699264383d2274356d8c4a9bd9b1300d1bad4099a8ea

        SHA512

        e12e95b08bce76138b9003c8f4d07ad298bd09a4fc9db5d52ec960ff78caecb021f4e83a95df25ebbc0c6f50fcbb5dc5b9e209396f2f2e9559e2d40c2bc160db

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        471KB

        MD5

        c6c8fde27f649c91ddaab8cb9ca344a6

        SHA1

        5e4865aec432a18107182f47edda176e8c566152

        SHA256

        32c3fed53bfc1d890e9bd1d771fdc7e2c81480e03f1425bce07b4045a192d100

        SHA512

        a8df7d1e852d871d7f16bae10c4ff049359583da88cc85a039f0298525839040d5363ce5ef4cbdb92a12a25785f73df83cf0df07752b78e6e6444f32160a2155

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2085049433-1067986815-1244098655-1000\_desktop.ini
        Filesize

        9B

        MD5

        35dff1b2d2822022424940d4487e8d0d

        SHA1

        cf3c5e0326ffacd39689a35b566c8d3c626cc96b

        SHA256

        0432a628b4273444218f05d7d906b391ab84e1d51bc1b084c37456324e0f84ae

        SHA512

        91c1e3f5497c8c249e695b9e6f844f141b8747d5d1c5d23d09a2e39aae974cfcfe26b6a4580904b87aa495d452df942937fd721ff8189016a59f61c0835e1665

        Download Submit

      • memory/1292-5-0x0000000002820000-0x0000000002821000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2268-14-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2268-20-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2268-22-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2268-67-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2268-72-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2268-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2268-1825-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2268-7-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2268-3285-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download