Overview

overview

6

Static

static

3

cbf4b6420b...5c.exe

windows7-x64

6

cbf4b6420b...5c.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    100s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2024, 07:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cbf4b6420b44b5144b9d1e78a966b230d1ca4d14bfe2d942e355eb660e08f15c.exe

  • Size

    31KB

  • MD5

    b756e0071add3e9408c34890bc1cac77

  • SHA1

    7ad28bf40d2c31342086f74a8e58ba358f36fa48

  • SHA256

    cbf4b6420b44b5144b9d1e78a966b230d1ca4d14bfe2d942e355eb660e08f15c

  • SHA512

    d1e1c6ad12e266030c68c6833cdfbc05e2f4cc6cca4b8ae7a9287ccdb7caa39fb2868da853251e7adcda79a73f52b8dbfd5be0330223cf3c9a809e2f0c94daba

  • SSDEEP

    768:2KF5BaJ3rnLg3FISrlZHqcol2NReG7h0QSUXVzq0c0F:2EMAISrlZHNoANReSzJq0c4

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3352
      • C:\Users\Admin\AppData\Local\Temp\cbf4b6420b44b5144b9d1e78a966b230d1ca4d14bfe2d942e355eb660e08f15c.exe
        "C:\Users\Admin\AppData\Local\Temp\cbf4b6420b44b5144b9d1e78a966b230d1ca4d14bfe2d942e355eb660e08f15c.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2444
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2872
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:404

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • F:\$RECYCLE.BIN\S-1-5-21-1168293393-3419776239-306423207-1000\_desktop.ini
              Filesize

              9B

              MD5

              0b7b9562015af2b7e19efc062b59ee14

              SHA1

              bca831ddb43ecb24747e57434d4b443497801c21

              SHA256

              7ef40a98b77a81085c0a426908276cbaead1573daf25f79344d7b4502d953774

              SHA512

              bd3c5f0408ac0ad1b82734cc0c4aca5fa6c96c901307f2e85dc4ce6d1db5a91ac6f7e4794e84286813fd94c648665a94f3496e5d22f6b0f624af4b795871f5a3

              Download Submit

            • memory/2444-0-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download

            • memory/2444-5-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download

            • memory/2444-12-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download

            • memory/2444-18-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download

            • memory/2444-22-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download

            • memory/2444-26-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download

            • memory/2444-1682-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download

            • memory/2444-5174-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download