Overview

overview

7

Static

static

3

57190afea6...e4.exe

windows7-x64

7

57190afea6...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-02-2024 12:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57190afea6f5a7dadadb71e53fdb52ed414f0349cb0c336e7c140902b9e922e4.exe

  • Size

    2.3MB

  • MD5

    3dc9ff73a15fdbb7e82ee3b7701460fb

  • SHA1

    575b04b09be3a58d1ee9338ee7c0180a8680695c

  • SHA256

    57190afea6f5a7dadadb71e53fdb52ed414f0349cb0c336e7c140902b9e922e4

  • SHA512

    739aedae88e0ffa6df1f6c4b4922d2c3bfa034434f1ca0dec44699065e0ede9610d34ac34f54a52429784a3816ea2492c8a2332acdcddaec2815273784ade5de

  • SSDEEP

    24576:O7wYYoB/QR2WPAFNpszLFxJ9MqeIlyPVvup2gO7lT5Msy7z1QgOyKKsd8Jbt06uk:O7wK21BLY3lKsSzWdy/JbhMJJt9wQ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3572
      • C:\Users\Admin\AppData\Local\Temp\57190afea6f5a7dadadb71e53fdb52ed414f0349cb0c336e7c140902b9e922e4.exe
        "C:\Users\Admin\AppData\Local\Temp\57190afea6f5a7dadadb71e53fdb52ed414f0349cb0c336e7c140902b9e922e4.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4412
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a881C.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3224
          • C:\Users\Admin\AppData\Local\Temp\57190afea6f5a7dadadb71e53fdb52ed414f0349cb0c336e7c140902b9e922e4.exe
            "C:\Users\Admin\AppData\Local\Temp\57190afea6f5a7dadadb71e53fdb52ed414f0349cb0c336e7c140902b9e922e4.exe"
            4⤵
            • Executes dropped EXE
            PID:4036
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4936
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2156
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3512

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        6a01463c2a198fa554a464b29ab26d46

        SHA1

        be0585bed6196d4516fbdb94ffebe968bdd47a88

        SHA256

        f7ce6c0f3e4730d663e769b43a8e12f45e700467f97c6f10a3bd15afd90f3505

        SHA512

        bdd7bd3069877b600a34b7cc5dcbb012ddb17793bfdc1817918e53bc35e166af727fce184a8dedf90f324eb22b6b6a4737e1ab1c273a398d5b7c84de8a7719d6

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        9192a33b5f97df2fea7505a69b2861d4

        SHA1

        2db29ce6c3e929cbdae6850a7f15d6131214ef75

        SHA256

        50a81e56ce96af82cfce1a0a031518f9a1bfdf98fda22aea26b6ea2f95673d77

        SHA512

        63195fe5da56943b583f339c45be7a1d4f7daed40ce13bd73231791707bc131dfb021b294dba90d3b23bbf753024d228a95554753b80aaa8773623eb98917d30

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a881C.bat
        Filesize

        722B

        MD5

        32794d9375dfacde4a92bb15531472ec

        SHA1

        8400935b71f02896a12e7d2cba3133f5061f5dd3

        SHA256

        ad43ab63ae31b835c4b180f86e3395f2a52a220f25de2a6771a3db0ca6a672ab

        SHA512

        4a18dfdc25ea78281b2c854486a2ba49a106620cf4e1fd25f0c3accec20017b40c1b3b9130a572a854d427fa99b5c0734d0d4120f98b4c59fe559bc1d41f83ff

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\57190afea6f5a7dadadb71e53fdb52ed414f0349cb0c336e7c140902b9e922e4.exe.exe
        Filesize

        2.3MB

        MD5

        7639c8a7d15680777f15e9180224e0ba

        SHA1

        4b4aa749ac518d5ed656f907385ebb72f698bcad

        SHA256

        f0cdeb69bd51faba35a1821c5715ed0d72beb6ab3b08eb42a3838be1d8f39d70

        SHA512

        4b4d21f6902da15ae2806f567dbe7ffe2911822567cb4f8c8541bc2436f0e429a8821c5188393317d49195a7951401674988d658040c5203ac5e7b13d731f8f9

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        25a486dcf2bd3b8f9e7cd7e801079f62

        SHA1

        60ba05537abab426c5d051d04bf5fd501d070914

        SHA256

        13addb45c988b23137e51c404bc5416ac149374f13eb7bcf21f2e93b8545267d

        SHA512

        14343a57186230975ad5699f5947179d4829e89e91dd527ad283acd630aa6817c13b4eb7a5f8084ea6b776dd561d008370129188d4eb0a5252b1bfa8746ea718

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3336304223-2978740688-3645194410-1000\_desktop.ini
        Filesize

        9B

        MD5

        b347a774e254ac3f0d6aaea35544ac50

        SHA1

        7f332d15a7648f7a698b3068a428811361f4e9ab

        SHA256

        1ebd1b85bb264260df3d9fb0a2062b29199c7b6137dcc98486874c1d257c73cd

        SHA512

        ce8615c90c8794f0aefeb0c6ce5da126732695e6be36b5e625f3a073d55c6f8cd88ca465b07e2c0e87355b5baad887a3f0b26c4eb262484a83d35565e72ba138

        Download Submit

      • memory/4412-10-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4412-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-19-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-32-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-37-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-42-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-26-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-374-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-1165-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-4082-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-8-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4936-4719-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download