Overview

overview

6

Static

static

3

a5ff9c9043...5e.exe

windows7-x64

6

a5ff9c9043...5e.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    179s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/11/2023, 05:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a5ff9c90435afbf88e02e2c03de1ebdd6d130ae4a9cd947344cf27a85b6e6a5e.exe

  • Size

    26KB

  • MD5

    101dc1e52547c3f3f38c33cde7b1d50c

  • SHA1

    366c8591cfd66512512fc161afeef10aa2d14def

  • SHA256

    a5ff9c90435afbf88e02e2c03de1ebdd6d130ae4a9cd947344cf27a85b6e6a5e

  • SHA512

    d0a085dfda3a7bc03447bc32b76cb25a35be12a36a99d5960c56e908fb6a03759409c8d28defe708c30708514e0d7cc2289d777f88f75923e0d5e2362c28f325

  • SSDEEP

    768:q31ODKAaDMG8H92RwZNQSw+JnbmQj3FZJ9Vs9XnsD:CfgLdQAQfwt7FZJ92Bs

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3208
      • C:\Users\Admin\AppData\Local\Temp\a5ff9c90435afbf88e02e2c03de1ebdd6d130ae4a9cd947344cf27a85b6e6a5e.exe
        "C:\Users\Admin\AppData\Local\Temp\a5ff9c90435afbf88e02e2c03de1ebdd6d130ae4a9cd947344cf27a85b6e6a5e.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1068
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4900
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:3720

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\Google\Chrome\Application\chrome.exe
              Filesize

              2.8MB

              MD5

              73cda133b540251d04494db446edcaef

              SHA1

              4b2c7c0a956905f1ce3a5c85353c565536bc7890

              SHA256

              41b29919e1a74ed9994cfacbdd1ddb55c8a438186c85339df22d24430d7ae551

              SHA512

              6ed65afa99c5fd848010f571ee9b42535fcefecd9842ca0f0566100c8dd9be6d294b05d85d12485a9bcef974b7a53473b343415f50ec333799843ca1aa56b6fb

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-177160434-2093019976-369403398-1000\_desktop.ini
              Filesize

              10B

              MD5

              f51c3552f0c301ae8d98c7fba5088597

              SHA1

              b74920b9332b7ddc34e3d793215d6d402dfa265e

              SHA256

              d9d5ad4ac9b545fe611f501ffb102acad318e4d1e5648061eda6ff03ffc3e3a1

              SHA512

              281662d4c7abe512da2489431bb4ad36d979fd441654ec1212af9274dc7b0ea666111c52f1ee842adde37cbb51a8fe095091b52ad824cfdf4516f2f08232eb81

              Download Submit

            • memory/1068-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1068-5-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1068-8-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1068-13-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1068-19-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1068-24-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1068-28-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1068-294-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1068-1072-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download