Overview

overview

7

Static

static

3

fe38ecbc05...f5.exe

windows7-x64

7

fe38ecbc05...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2023, 13:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fe38ecbc054b051b0d6ef87faf8169753e519e5997bd352836b799338026ecf5.exe

  • Size

    7.3MB

  • MD5

    8c06ba25d98aa2b94df710616e898da2

  • SHA1

    74c6bc0125135516b2eb6f1bbf9444ef608724e6

  • SHA256

    fe38ecbc054b051b0d6ef87faf8169753e519e5997bd352836b799338026ecf5

  • SHA512

    f67223abe116b2449e76a67cd68697cac66218f9547097972f93d961985d76e53cce848f416306ae0abf2fdac0a89530e457bfbe3c850a62ec308f44131d6cac

  • SSDEEP

    98304:EmB9OWBVClfcaA1oZeSajfztbVCGQX4bME4bP8nQgMVQNKe5AJbI8D:Eg9OHi1oZepfxUGGNQNKe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3260
      • C:\Users\Admin\AppData\Local\Temp\fe38ecbc054b051b0d6ef87faf8169753e519e5997bd352836b799338026ecf5.exe
        "C:\Users\Admin\AppData\Local\Temp\fe38ecbc054b051b0d6ef87faf8169753e519e5997bd352836b799338026ecf5.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3544
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8916.bat
          3⤵
            PID:3332
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:1260
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:4948
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:1128

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
                Filesize

                254KB

                MD5

                83156f326cbfda263c69aa7483942b52

                SHA1

                2678a927c50dffc984dbf96318c2368cbf9eae13

                SHA256

                3e1584d8d0df28547eb7471438402367a205c24b3b1afbfa96e66a9e621a9e03

                SHA512

                2599056c1c703760c099053cdbefb48137ceea1556457623506b88857a881f305d89fef9156cf0d740d35d02d3ce18089f5d7f6706dec7b257f9e9d5d27ff5a1

                Download Submit

              • C:\Program Files\AssertInstall.exe
                Filesize

                1.2MB

                MD5

                e0249c003a2d9041362d16f2b3b13932

                SHA1

                d3b9b9dd8176c39673c2779843177699b1824581

                SHA256

                a0aa870a5df7d8a32936e5ac851103490a7add2ad1b10052fb79160e55665e75

                SHA512

                c5aecf38e304bf00968c57762e2c5512db5478fa655b14846f7055e5d3b868c4d23fa87e8f0e1483367751c6e3dddca1ff418e053d584a843a2fc15e80e762ad

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\$$a8916.bat
                Filesize

                722B

                MD5

                6f9b79a3cd03100cc4f80c5b4623d923

                SHA1

                1b038d12a14a22f86a7d62d164092f60101693b6

                SHA256

                b6c024223081e8ae5df0d100642f77494e15b2d791cdfae556c0dcc66438eaee

                SHA512

                d4e8b06a6b84757c026d245798e00597fc45bbb65a84b51fda242b4ed465fc4a6ed849bdcdc05b8af6fb4f269760cbff85866e47d0c81f5027dd62ba31a9db9a

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\fe38ecbc054b051b0d6ef87faf8169753e519e5997bd352836b799338026ecf5.exe.exe
                Filesize

                7.3MB

                MD5

                172b6d29b3cdcdf2b0b14332eb216161

                SHA1

                7534c39aecd8a968c8cdf34db4cb388d999a3065

                SHA256

                3bb1c042bf917e6577be28edce3243628e9ce4245e9abbc2cc0196ccca26630c

                SHA512

                71e4e14c689974821c0bb80637a53cd5234df0111b809612ac810846fe2ba9d288da20141455b984dd842c8343166f807f8da51e74b66fbe3aec181db72806ce

                Download Submit

              • C:\Windows\Logo1_.exe
                Filesize

                29KB

                MD5

                a62477e460e659315b21ece9526e0026

                SHA1

                8fafdc80bbee8b35e27ae3311925e683b0feb5cb

                SHA256

                008730275226074245e4200da9af9bf3649c41679c74fabcce2dd9cf282a9d3f

                SHA512

                4ee01b80cb4543180f5e90e576638a0e629b9f4b82664463c0232089189b148af371e08b400d1c5715ed57e881372cd53dddbaa25049b3eb1c30740a68ebb035

                Download Submit

              • C:\Windows\Logo1_.exe
                Filesize

                29KB

                MD5

                a62477e460e659315b21ece9526e0026

                SHA1

                8fafdc80bbee8b35e27ae3311925e683b0feb5cb

                SHA256

                008730275226074245e4200da9af9bf3649c41679c74fabcce2dd9cf282a9d3f

                SHA512

                4ee01b80cb4543180f5e90e576638a0e629b9f4b82664463c0232089189b148af371e08b400d1c5715ed57e881372cd53dddbaa25049b3eb1c30740a68ebb035

                Download Submit

              • C:\Windows\rundl132.exe
                Filesize

                29KB

                MD5

                a62477e460e659315b21ece9526e0026

                SHA1

                8fafdc80bbee8b35e27ae3311925e683b0feb5cb

                SHA256

                008730275226074245e4200da9af9bf3649c41679c74fabcce2dd9cf282a9d3f

                SHA512

                4ee01b80cb4543180f5e90e576638a0e629b9f4b82664463c0232089189b148af371e08b400d1c5715ed57e881372cd53dddbaa25049b3eb1c30740a68ebb035

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-177160434-2093019976-369403398-1000\_desktop.ini
                Filesize

                10B

                MD5

                72a26291bcc1408e80553c90265fe898

                SHA1

                a597c3e1d8792f9c1732ca655a17d7c3144e506e

                SHA256

                2cf79adb55578ac8b37ff6133a48d876948392d25b36466d0a97ea24cdf4ab63

                SHA512

                62dc3cfd82e41d1640cc18d1fc4a4a4e64173569105a05aac6402d41897bf7d35627756ed416087f5c27a35d7f1543eabc1b1a69bb6208780c97bfd9c37e3dab

                Download Submit

              • memory/1260-25-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1260-18-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1260-31-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1260-36-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1260-40-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1260-433-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1260-1084-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1260-12-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1260-4227-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1260-4636-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/3544-0-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/3544-9-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download