Overview

overview

7

Static

static

3

3ac86c4ec5...fb.exe

windows7-x64

7

3ac86c4ec5...fb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ac86c4ec5a90ec6e42323a1140f97fb.exe

  • Size

    70KB

  • MD5

    3ac86c4ec5a90ec6e42323a1140f97fb

  • SHA1

    9424f200f0a76409d2b1567762c449ea2023f90d

  • SHA256

    facadd5fbff3d577a0b0f107ac32ee67dbf06d2fe15f11b1ddfb3ddd1bec580e

  • SHA512

    a3c97aedc1e5cac62ece5730b5803c93f33b78af56076da77f8033db89f5abc233ef9bd8899684e2b0977fb801268a782024256fd4ba5121eb6992284dde3b27

  • SSDEEP

    1536:p4q8Q1xZtffrb8sjPFNhTYsFFrzckH2fmitF07Q:qKtfDwsjPThTYszDH2fD07Q

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ac86c4ec5a90ec6e42323a1140f97fb.exe
    "C:\Users\Admin\AppData\Local\Temp\3ac86c4ec5a90ec6e42323a1140f97fb.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:780
    • C:\Windows\Logo1_.exe
      C:\Windows\Logo1_.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1856
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\$$a8F6.bat
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2252
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1380
    • C:\Users\Admin\AppData\Local\Temp\3ac86c4ec5a90ec6e42323a1140f97fb.exe
      "C:\Users\Admin\AppData\Local\Temp\3ac86c4ec5a90ec6e42323a1140f97fb.exe"
      1⤵
      • Executes dropped EXE
      PID:2756

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\$$a8F6.bat
      Filesize

      529B

      MD5

      1e7e364ed84e753b7771011ddd0451b7

      SHA1

      83750a1b684a148b6974f6eca5e78cc9c07df83f

      SHA256

      f280aaebc2a0de6b77c51e62b8986a02ccafd8aee45079368c62bbf7ed410160

      SHA512

      c47e79c0cec6cd4ec4f3236fe99e8b650cf2b4af56b4ba1760be90980b57e1f9689b884f70a1bba4ba66576c1c6f32f546715f7c0626ab2414db88c9c4b9e3fc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\3ac86c4ec5a90ec6e42323a1140f97fb.exe.exe
      Filesize

      12KB

      MD5

      897cc6ed17649490dec8e20e9dd7ffd6

      SHA1

      cb3a77d8dd7edf46de54545ca7b0c5b201f85917

      SHA256

      cfb6b16c6c7ee64111fe96a82c4619db26ea4bac0e39c5cb29d1181b8c065f34

      SHA512

      b719f7b95f723d0563b270f1260d086168b118189ca74f2aef37e90ad55d66f5c261ecfb15f77e80af6a551587b966bf48818a6421350f8e86b8a5f59acbc2ca

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      35KB

      MD5

      b91239a391813bbe7187ccdbf8e397ad

      SHA1

      9601dde2ab67de4f18c122cd28a694ef5861f30c

      SHA256

      56b2a7c1f32c1f653e598a09bcb96b5ffba7627ffb418638d15f1a30722c4545

      SHA512

      cb83cd0ae020fd574bb0d7d4cad404bdc6a7bdc78710382a58c497f67e7ee0e55e404db7cafddc36f722da5abc32cb7c696aa03001bf6c9ec0fb661b2f7c85b2

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      11KB

      MD5

      37f8bf8f661fe6b33b5e78586908587f

      SHA1

      111d892c0c0752946b5a5a2038706adab32db02e

      SHA256

      362438f732e66a7f08c61f1965bb0892adfa328e0ea6c35fcabe46f5a255c86d

      SHA512

      77af9e293f3f646ec8a08bfcdaf9b113c16fbb61e8e738dd3ba7bad34496f9062ca6126b46620119ade88490f7a8a14dd543934a233f303cdb8b78fe0183b320

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      50KB

      MD5

      e1afa3ce65837f5e9c002e409a85ac0d

      SHA1

      b50f2348d8425e0a7d13fe29a82cab18cb510285

      SHA256

      f13e6cd953c042dbadc3087b81de39c9a3506a50382e414002d651e1afa16cbd

      SHA512

      2a0fd9706728326502e336e34226d0516ac8109281c5f459097ee46fc41824065a9bb24348ec61b99985a3e0a604a146625e964988a57515d3bf2c9543f01bcc

      Download Submit

    • \Users\Admin\AppData\Local\Temp\3ac86c4ec5a90ec6e42323a1140f97fb.exe
      Filesize

      8KB

      MD5

      a85ca7546e6cb608756261e6a24ed404

      SHA1

      f9fa5b3a066d2f2dda96fdd8f61b7e93fc7e2394

      SHA256

      3a642eb811c9b62c711ecbfe427ba4cf1dc41563bf0f2ed5686768d438f1f80e

      SHA512

      6f7e8bd606c0d021d92da634a33af6e36ac9e62ba4975d3f9f24a7ee9745c0931dc9fdd5a1cec844d9341c02a7bd3f6ff4914f2195261f839eda2f51573d1683

      Download Submit

    • memory/780-13-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1380-20-0x0000000002A40000-0x0000000002A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1856-244-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2756-37-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download