Overview

overview

6

Static

static

3

fe1f55ff02...02.exe

windows7-x64

6

fe1f55ff02...02.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 07:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe1f55ff02bf2a55f30f28f7461a32e977d5a800df7b2b03d1edd9eab72bd102.exe

  • Size

    26KB

  • MD5

    bfbdfc7eb7233d2a5ca073ad8e5cd371

  • SHA1

    e6ada9aeebe98324457077c2c361c1379d6b8c3b

  • SHA256

    fe1f55ff02bf2a55f30f28f7461a32e977d5a800df7b2b03d1edd9eab72bd102

  • SHA512

    df3c51954f03f3d6b94acc96e3289fab1a22449d08e1bfff7b665bdbbb8eab2da9bacc61a57d82cce75496dfb1069cbae454df5b1109cb7d061c267ffd507d86

  • SSDEEP

    768:L1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:hfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1380
      • C:\Users\Admin\AppData\Local\Temp\fe1f55ff02bf2a55f30f28f7461a32e977d5a800df7b2b03d1edd9eab72bd102.exe
        "C:\Users\Admin\AppData\Local\Temp\fe1f55ff02bf2a55f30f28f7461a32e977d5a800df7b2b03d1edd9eab72bd102.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2876
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2952
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      1⤵
        PID:2948

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        433d035ff5acbd8429947f51a00c8221

        SHA1

        2af87d32dc3f6ba8be7f7fd4a081ddad12e40416

        SHA256

        f37c46e4a4d1eec74a16637666bd530c9da567771277658b27475dddfe0e4f6e

        SHA512

        ad9e7221b8d863444cfe725ba767c118637d46bf65111632f76303b69b43d5710b673172c34d86ef159c01e0c0746b3a56809fab7077e880ef2919a8f863de0c

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        873KB

        MD5

        34d3ac3b786364b39345f6270684a090

        SHA1

        14412112b3274ca90cf90db7f08c8053a637cff8

        SHA256

        934e032fb34ee9b36c49e7379775635045c727b6b2c21961e8b63545826be33f

        SHA512

        595eee1f4641beb2a92798013970f06012e4944031b23c77809e7e1f5c35376426f647a947f3df6a9698aae985cadf3904da149d61ae6a869eca5eec3e9ec2dc

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        89KB

        MD5

        c74d0680ec77b29d3b9b315b987c2014

        SHA1

        8599174e7675fd71bc5b0d1fd33347ede8ed8d78

        SHA256

        7ee014bcbb1ac1766839ab9068cd0dc6604d8a5342e5cfbf5b2c4b7056cb6f43

        SHA512

        bca99ba9a1da6990cec60af0c44dc212b58e0c127a512cbd1545104a5e060e72e0129b7f1119c87a60b372381d66f30b1c6bd90bcb22f84cc01ecfbdd1969f98

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3627615824-4061627003-3019543961-1000\_desktop.ini
        Filesize

        10B

        MD5

        34c7bf8c1e8aa0e76a1cb36da6f3c07f

        SHA1

        93bff4db65fd067f94ca08ce2654a2675925b27d

        SHA256

        89ee7da24a1550d124e7ac206a8d49733f819c098eebf27b8c7f28e931a09f53

        SHA512

        ba8fa54ac2e6eafb524f14c7d286d9910afd808ec561c933af8b72a9cdb813e0e7777dc04a9dfdb6c985f27f123ac34a19782d6c0e734f8ab4e9860c9033139b

        Download Submit

      • memory/1380-5-0x0000000002B10000-0x0000000002B11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2876-68-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2876-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2876-74-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2876-22-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2876-641-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2876-1827-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2876-16-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2876-2427-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2876-3287-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2876-9-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download