Overview

overview

7

Static

static

3

62f59c169d...f6.exe

windows7-x64

7

62f59c169d...f6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    20-02-2024 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe

  • Size

    1.7MB

  • MD5

    331e5d0e12e687832fef76d1d527088c

  • SHA1

    5eafdc333a6920df355e2efa7264aef1a1d9bee2

  • SHA256

    62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6

  • SHA512

    283f0a4c593a0dc08b596be1695291b409b76417709827e551e16d1f130cb2a8e4824a4548317d520c4fd35be1ba19048e0cafa062a61f3f99ff2de40ec17026

  • SSDEEP

    24576:f2FdZ65lIgDvLYNvxnngx1oZagmIjXIU6qOOF4N2RGSvlbstHXKi:f2FdZ6npCxnngx1oZ7zIFqrFG2RF9bA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1244
      • C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe
        "C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1448
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a5419.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2692
          • C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe
            "C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe"
            4⤵
            • Executes dropped EXE
            PID:2516
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2600
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2720
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2896

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        568f17750238ab463c745953a303648a

        SHA1

        25e9de37d6edb52c584c442e4f93a0448b4b37d4

        SHA256

        5351b82387339c78b116a077f2ba633da2a6fef86a165d92bfe28c2c3770ac81

        SHA512

        9034bc060e8155e07009d2142830f03b29c50525232fa1719038eae4fc742d460c5dad7b7fdd6957264c338072fbe71193a23d994510dc809ae240023b9f1ed3

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        474KB

        MD5

        82d95ff3c368229d3ecd547bfc2e95e4

        SHA1

        05c2c8065f243260792924168f85c614057119e8

        SHA256

        5fd8262ebaf159fa1ba5a2b80dad6f98477d1f549a651fc1a327f0dd207f2fdb

        SHA512

        27815b93d6070f7026c23ceac6210a78e694616d6a6a2012369b271e2d2ec986438f80dd3a29db4c4419b08084cb5a5914af216177669b86d8e2ae7184691699

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a5419.bat
        Filesize

        722B

        MD5

        f63249f6ad4355c2e23eb6348c5eaaa4

        SHA1

        a5654bb42468f671d1ac796e716ab54910ce9608

        SHA256

        4e011d3d32b8bd37e88e4194a9b49731b02bea72c8fd55325a4cec1487b042b6

        SHA512

        92cf40b48660ca909a3db7c02b5918fa984acff770374a8c4c1183a409feb812901c961d5730e6a56cde4d51ea9739f1220a31c5c22cee673f8c8df7c8aea445

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe.exe
        Filesize

        1.7MB

        MD5

        3bfea10ff3748a60378dab655d5276f6

        SHA1

        e61867576c5a69baae14b8e4fbeaaf5db3d451b1

        SHA256

        926c9cce80850e64a2efed8aed9406815c4a54d56a7f5d5125a426956496fc21

        SHA512

        70b44bd2655489a4e13c0c196f8632ab85920268f5378ce03a6080321e0df86ba3383718645c91b544f05eeb2ecf662a14fdaf9ff7f4726c94eea3db608bebfe

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        886eb3bf6157b45d4a041e1e32608c70

        SHA1

        f476a007366ac0349789b0e803ec46be523f457a

        SHA256

        a0e9eac517b54fe732db8bf9ceeb76c64a43e2e53bfd18b5a4ab0f8475f3873b

        SHA512

        6e978385b23d3054695eaf2209e92591a667ccbde747f69cb63ae28f2db3a362d136bf16afb41ceb8eb304161cc698853f9cb825a26cc683e9a693d07c190fca

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3308111660-3636268597-2291490419-1000\_desktop.ini
        Filesize

        9B

        MD5

        b347a774e254ac3f0d6aaea35544ac50

        SHA1

        7f332d15a7648f7a698b3068a428811361f4e9ab

        SHA256

        1ebd1b85bb264260df3d9fb0a2062b29199c7b6137dcc98486874c1d257c73cd

        SHA512

        ce8615c90c8794f0aefeb0c6ce5da126732695e6be36b5e625f3a073d55c6f8cd88ca465b07e2c0e87355b5baad887a3f0b26c4eb262484a83d35565e72ba138

        Download Submit

      • memory/1244-29-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1448-41-0x0000000001B80000-0x0000000001BB6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1448-15-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1448-20-0x0000000001B80000-0x0000000001BB6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1448-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2600-40-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2600-47-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2600-93-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2600-99-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2600-281-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2600-1852-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2600-33-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2600-3312-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2600-21-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download