Overview

overview

6

Static

static

3

cbf4b6420b...5c.exe

windows7-x64

6

cbf4b6420b...5c.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14-01-2024 07:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbf4b6420b44b5144b9d1e78a966b230d1ca4d14bfe2d942e355eb660e08f15c.exe

  • Size

    31KB

  • MD5

    b756e0071add3e9408c34890bc1cac77

  • SHA1

    7ad28bf40d2c31342086f74a8e58ba358f36fa48

  • SHA256

    cbf4b6420b44b5144b9d1e78a966b230d1ca4d14bfe2d942e355eb660e08f15c

  • SHA512

    d1e1c6ad12e266030c68c6833cdfbc05e2f4cc6cca4b8ae7a9287ccdb7caa39fb2868da853251e7adcda79a73f52b8dbfd5be0330223cf3c9a809e2f0c94daba

  • SSDEEP

    768:2KF5BaJ3rnLg3FISrlZHqcol2NReG7h0QSUXVzq0c0F:2EMAISrlZHNoANReSzJq0c4

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbf4b6420b44b5144b9d1e78a966b230d1ca4d14bfe2d942e355eb660e08f15c.exe
    "C:\Users\Admin\AppData\Local\Temp\cbf4b6420b44b5144b9d1e78a966b230d1ca4d14bfe2d942e355eb660e08f15c.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        3⤵
          PID:2044
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1372

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • F:\$RECYCLE.BIN\S-1-5-21-3627615824-4061627003-3019543961-1000\_desktop.ini
        Filesize

        9B

        MD5

        0b7b9562015af2b7e19efc062b59ee14

        SHA1

        bca831ddb43ecb24747e57434d4b443497801c21

        SHA256

        7ef40a98b77a81085c0a426908276cbaead1573daf25f79344d7b4502d953774

        SHA512

        bd3c5f0408ac0ad1b82734cc0c4aca5fa6c96c901307f2e85dc4ce6d1db5a91ac6f7e4794e84286813fd94c648665a94f3496e5d22f6b0f624af4b795871f5a3

        Download Submit

      • memory/836-0-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/836-7-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/836-14-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/836-20-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/836-62-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/836-68-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/836-1081-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/836-1740-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/836-2980-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/836-3127-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/1372-5-0x0000000002E70000-0x0000000002E71000-memory.dmp

        Filesize

        4KB

        Download