Overview

overview

7

Static

static

3

327a7e69cb...2e.exe

windows7-x64

7

327a7e69cb...2e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2024, 00:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    327a7e69cb102823ec0ff1f9cef546d465b7a67f1e38495d53129d406a14df2e.exe

  • Size

    46KB

  • MD5

    883d747a39aa4ff20c93f5732d14533f

  • SHA1

    3a8f720eae459459b6ff869b1570912062aa3d9a

  • SHA256

    327a7e69cb102823ec0ff1f9cef546d465b7a67f1e38495d53129d406a14df2e

  • SHA512

    69e00490951d97cf379267e99dc014bf2d7e15805d2995deae35baf5eec3f2816bb404dacbeb9242a2bc151c5257bd5254d9f7ab9098cee27e394dabda285b0e

  • SSDEEP

    768:kf01ODKAaDMG8H92RwZNQSwcfymNBg+g61GoLHnV9P8fGZ2Fl/flDG7OUf2hD:FfgLdQAQfcfymNTV9q/f2OUfS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3500
      • C:\Users\Admin\AppData\Local\Temp\327a7e69cb102823ec0ff1f9cef546d465b7a67f1e38495d53129d406a14df2e.exe
        "C:\Users\Admin\AppData\Local\Temp\327a7e69cb102823ec0ff1f9cef546d465b7a67f1e38495d53129d406a14df2e.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4896
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6DAE.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4692
          • C:\Users\Admin\AppData\Local\Temp\327a7e69cb102823ec0ff1f9cef546d465b7a67f1e38495d53129d406a14df2e.exe
            "C:\Users\Admin\AppData\Local\Temp\327a7e69cb102823ec0ff1f9cef546d465b7a67f1e38495d53129d406a14df2e.exe"
            4⤵
            • Executes dropped EXE
            PID:932
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4752
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:3216
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1920

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        920549b3749f17049173fc1c69ce5fcd

        SHA1

        1b5be37d2d800e23d87b4c415fdfc7ff875b8580

        SHA256

        ddaf4a789e331cc85e2503408634f6c90a5013d876588cdcd62f937159797980

        SHA512

        beb8eac40bf9fd6db8b88ecdac79afe2ced905c5216e06f3f401f536b3b1358b870470962b97b61721bfeec1820bf5446e6bce49aa5e3667e29f08ed776dcddb

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        32f1533e0804f46c6938b1be53ab3863

        SHA1

        91abd3f0fefb66700cf3552f60daf2f8b474ee0c

        SHA256

        2c348507b976365dcea99944dbe0b223575a8616b0e2f657ad3a7221d475c82d

        SHA512

        f2780ced5c878cadd6a56b5c89cb1175f195ffd28ff622c72876a9b2df9cf2fbc3255094947cc2efb4ee3855ee364e9a1504552fcf72fd50f42615c5ac4c6601

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a6DAE.bat
        Filesize

        722B

        MD5

        741fca84b63027feb78a7d375e738267

        SHA1

        43cc24143701213e02c99a584bc17e8bb0eb90e9

        SHA256

        f5cbd4cf8b046b0ebbab3baada835fd35bd88738c9747cf3ce647d8fe82ae6e7

        SHA512

        7c1b8df7439d5e80e6cb946aa5304ed4e97669f7f97f2632d6cd2604c8fe81997e57f562360c05da90760313f9fbc02b8a6026dbb56eea6da68ea0a0359d522e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\327a7e69cb102823ec0ff1f9cef546d465b7a67f1e38495d53129d406a14df2e.exe.exe
        Filesize

        20KB

        MD5

        eecbaf85768c517873d9d252a80b195f

        SHA1

        029a51833a50acedd0cab3b4346e00c4410fe6e2

        SHA256

        db5e89efdc811020d02ecbcd908a118baadfaf65a54b2b6d8ff413a49b750e02

        SHA512

        fdd70770b4c42c03f85ce5c9b081df48313bc0415b1085193ea259c114befa93eff0136129b7d99f591268c546e8652512b468275b0b905497d576af9bdad4ec

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        f598376cea79e7f718da4683838390fe

        SHA1

        f78e230efc8c5e8c91a0b9b113ceaed1540b265a

        SHA256

        4b3bae74acc7982f6fced2e409db1a27fe3d1a12b183172722deb128d0f369fb

        SHA512

        4c522f02a7dd671865f570ca74faa19ba74287240856f8ed7c85cae0f079b66b5af92e5f4c0ec6d77b41b8c0fd58f030c7d16d20d7ad537eb9117ab7d1bbc831

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3336304223-2978740688-3645194410-1000\_desktop.ini
        Filesize

        9B

        MD5

        0b7b9562015af2b7e19efc062b59ee14

        SHA1

        bca831ddb43ecb24747e57434d4b443497801c21

        SHA256

        7ef40a98b77a81085c0a426908276cbaead1573daf25f79344d7b4502d953774

        SHA512

        bd3c5f0408ac0ad1b82734cc0c4aca5fa6c96c901307f2e85dc4ce6d1db5a91ac6f7e4794e84286813fd94c648665a94f3496e5d22f6b0f624af4b795871f5a3

        Download Submit

      • memory/4752-32-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4752-19-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4752-26-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4752-37-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4752-41-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4752-10-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4752-580-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4752-1165-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4752-2604-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4752-4719-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4896-9-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4896-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download