Overview

overview

6

Static

static

3

188c643214...2e.exe

windows7-x64

6

188c643214...2e.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/02/2024, 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    188c643214553172b88465e1555775bbee2f38e8aade04abd70e952bfb22fa2e.exe

  • Size

    26KB

  • MD5

    d2d2a40536baba535c73db8ebf952282

  • SHA1

    b4d82964a3fe7dbbda65c98303290e457c0489ee

  • SHA256

    188c643214553172b88465e1555775bbee2f38e8aade04abd70e952bfb22fa2e

  • SHA512

    94798e9737bd080a58d9643769204c1bca3aacfdd65e0896f847525c40ea58959a684e0df13068c930e4de98447d684435dcea2b3a35db918924022f70af0b54

  • SSDEEP

    768:H1ODKAaDMG8H92RwZNQSw+IlJIJJREIOAEeF1:VfgLdQAQfhJIJ0IO61

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3412
      • C:\Users\Admin\AppData\Local\Temp\188c643214553172b88465e1555775bbee2f38e8aade04abd70e952bfb22fa2e.exe
        "C:\Users\Admin\AppData\Local\Temp\188c643214553172b88465e1555775bbee2f38e8aade04abd70e952bfb22fa2e.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1492
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2712
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2992

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        67c74b97c2071187d39ee2e50ac48fcf

        SHA1

        fde80377c7e7dc46324c9bc948098f57c8fbc374

        SHA256

        416e5e449e430cd27534878cc952014e862505b3cba07927ede5a25eb095ed6a

        SHA512

        7c91dd105eaa54bbdb168422d65b9d5b0cd3af748a117c36a6c276fae55d809eb9c3acdb71a8e58d2a2879dc13a7a78a6473ecaad1c2737464e2d33f25fd345b

        Download Submit

      • C:\Program Files\7-Zip\7zG.exe
        Filesize

        710KB

        MD5

        274a1e0064ca941ba9ab3f5bacf922b3

        SHA1

        c72a9d01ee2b518f7ff03d09a5c0a536ed77867e

        SHA256

        2603ee540fb51565dfa2f75db545d7856122aea710ab5f31df5255b613f74c26

        SHA512

        6f900bd9feab4cff3cdf7c3cb0956636147d68ddddd5cf8a91821394141330ebc2682825b65a835fa1d2a71155a7879002f2994c0d3d3c0b7897fad6c0e3ed65

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-4123566616-543693798-272350410-1000\_desktop.ini
        Filesize

        9B

        MD5

        b347a774e254ac3f0d6aaea35544ac50

        SHA1

        7f332d15a7648f7a698b3068a428811361f4e9ab

        SHA256

        1ebd1b85bb264260df3d9fb0a2062b29199c7b6137dcc98486874c1d257c73cd

        SHA512

        ce8615c90c8794f0aefeb0c6ce5da126732695e6be36b5e625f3a073d55c6f8cd88ca465b07e2c0e87355b5baad887a3f0b26c4eb262484a83d35565e72ba138

        Download Submit

      • memory/1492-27-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1492-18-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1492-23-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1492-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1492-12-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1492-202-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1492-1152-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1492-3649-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1492-5-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1492-4704-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download