Overview

overview

7

Static

static

3

a5d107a386...1f.exe

windows7-x64

7

a5d107a386...1f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 11:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a5d107a3864311e800805d8598e893d9d27b663fffbac9d24cdd35036cf5661f.exe

  • Size

    122KB

  • MD5

    e292335dfe1304bc4ab6caeef0234409

  • SHA1

    156a37f9c299a5c3dac7ee2074a30043303e8d98

  • SHA256

    a5d107a3864311e800805d8598e893d9d27b663fffbac9d24cdd35036cf5661f

  • SHA512

    4d3c00a77a73de473386b6d3ead7163c68f4a82dcc4e0409e4d6ca035334f0702d23bc20d20c9ce35db66f2b3f03403a0c81eb2cf38633c1d28f7e09c8ca58cc

  • SSDEEP

    3072:1ftffjmNSoFHzg2I0PpPNX6RLXWertCQyyNU:1VfjmNvZzhPpPNq6QyH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3376
      • C:\Users\Admin\AppData\Local\Temp\a5d107a3864311e800805d8598e893d9d27b663fffbac9d24cdd35036cf5661f.exe
        "C:\Users\Admin\AppData\Local\Temp\a5d107a3864311e800805d8598e893d9d27b663fffbac9d24cdd35036cf5661f.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2972
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a42E5.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1868
          • C:\Users\Admin\AppData\Local\Temp\a5d107a3864311e800805d8598e893d9d27b663fffbac9d24cdd35036cf5661f.exe
            "C:\Users\Admin\AppData\Local\Temp\a5d107a3864311e800805d8598e893d9d27b663fffbac9d24cdd35036cf5661f.exe"
            4⤵
            • Executes dropped EXE
            PID:220
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4660
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2160
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1600

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
              Filesize

              251KB

              MD5

              9b93e29b22e6f04690e432f03f2dfa2e

              SHA1

              47f1cee9f961506ccebd6044febbb88ca2430597

              SHA256

              c8aeb785387be37a4430fc2cf99f162eb573b2df50026b64fcf1ddd3c6a8014c

              SHA512

              83212d8c1097387007b15ff8e486af84db6ccd16a6623a9d873fce187d3a74d0d0aeff810e08084047e8022f7ed48b3112e7be7ba6a0f8fda0f499932feeaf7f

              Download Submit

            • C:\Program Files\7-Zip\7z.exe
              Filesize

              570KB

              MD5

              88123c00c7cb2b0782b09805d65ab0e3

              SHA1

              62154151738b66ca06c73a27a25302d676218c2d

              SHA256

              255584efa79f855a1dd7e85748825bf09bc1e9050a19c9fa3fee31f1ddc6eb4d

              SHA512

              238d89a4220d754da809e937959695203753d3d7b42f73cee956c969a974b63948a43cbd0a16ef18547435e2059c5f6b01fdb1c852f4be62ec15d16d3a3b7b58

              Download Submit

            • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
              Filesize

              481KB

              MD5

              1db5b390daa2d070657fbdb4f5d2cc55

              SHA1

              77e633e49df484b827080753514cc376749b0ceb

              SHA256

              d5fbaf5c0d8e313d4dad23b28cac4256c5dbed6ab3b0d797e2971f30c5e095ad

              SHA512

              68aa0152f5aae79a146c1813915fd16ec5454b285bd1781370923f97d6c147d53684192f7f4161e5c1a340959ec432ecaac127b0abe7d08f70c387e08ee4f617

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\$$a42E5.bat
              Filesize

              722B

              MD5

              3de826ac95510632af9ba26916302cfd

              SHA1

              d0928cec1c7746816689da1666d384ff42d7d795

              SHA256

              b0ec611967efd15521230ed37cd25b7d6c1fe5722113b6d3c3c3a85a8948d2cb

              SHA512

              7caa57420f615b7516b646a0e1e9fed183f0ce31f80d53d1027bbf61033558d1b857dd4ca78323831d5b6086f10be8122679565788bab2d688353dfde4a3531b

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\a5d107a3864311e800805d8598e893d9d27b663fffbac9d24cdd35036cf5661f.exe.exe
              Filesize

              96KB

              MD5

              4f777a9f156035ab4670da6cdcbd651c

              SHA1

              78b6f97056e6d5674bbcb94f13c4bf5527319c02

              SHA256

              77a8efbcc5e81e9534ad80aa2836105491f015d8a7355d0ba960f8fe5df3d0c8

              SHA512

              244dae23bcabfe4f7bcd10af02f24f88840fd91defd989cd39ad8a7ea4cb2829f9101e966a8d8ff95099269461afef587c7f8008437d8c23a91fee08acd33437

              Download Submit

            • C:\Windows\Logo1_.exe
              Filesize

              26KB

              MD5

              11bac14958e375a9b26e1adae9f76043

              SHA1

              99f19224054d3dc26f20ace9c701e2c70d440d40

              SHA256

              eac627202d1b0142c98178cd516ac002c927846e714d0bd4fde46e62ef295a35

              SHA512

              a93847b47caf2ae4ae1cd27b1a8a3592f88d9d48d1bc0667e5b8d9a20ff8b6f3b80c42f11af5d77a53ae891327e1c55b88e5989565c4eb15dc39df6cb0932b67

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-399997616-3400990511-967324271-1000\_desktop.ini
              Filesize

              8B

              MD5

              658d36413fa4de67d2edb254a0383bbf

              SHA1

              bd660e7319a5040c3af6edca0911a4ab4bdc33df

              SHA256

              0118c20e2d539544ae8e73767b080d41f4ff57be18407222143ebea26d6affa2

              SHA512

              f368a5a7d963fec63b9d599a1da34ae9eea37261f8c4d267d73624f5a36a0402f1f780317e094b240de3980a0a144929ea2076a23b134267cb0209b3172e1b7b

              Download Submit

            • memory/2972-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2972-9-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4660-37-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4660-33-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4660-42-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4660-26-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4660-1008-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4660-1175-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4660-12-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4660-4740-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4660-19-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download