Overview

overview

6

Static

static

3

92440b562f...99.exe

windows7-x64

6

92440b562f...99.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2024 03:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92440b562f6e17a602c96f489ef13c4043d3e026ab7a392eb80cb1207aa5a999.exe

  • Size

    26KB

  • MD5

    fef4706af3e9d80fb0818f9f77a619f4

  • SHA1

    d2876a45d16ffe676a5f8f85a58db7f7478015ee

  • SHA256

    92440b562f6e17a602c96f489ef13c4043d3e026ab7a392eb80cb1207aa5a999

  • SHA512

    2368e43f4d1c6990e4d42096f4b8c046f59a2b10efe1c3f4b20c73ded5bdaa1b529eaa9184e281ff0a6b8976d56d4f66c118e0afe0a3f3d811cb93201b65336a

  • SSDEEP

    768:uw1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoZw:HfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1260
      • C:\Users\Admin\AppData\Local\Temp\92440b562f6e17a602c96f489ef13c4043d3e026ab7a392eb80cb1207aa5a999.exe
        "C:\Users\Admin\AppData\Local\Temp\92440b562f6e17a602c96f489ef13c4043d3e026ab7a392eb80cb1207aa5a999.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1008
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2452
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2508

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        054a7dee151c8d7dfc80a249e27c24f5

        SHA1

        2f595f5d038e0ed2ef1fc51a94a35d8009e500e5

        SHA256

        3147caa89606ec06d30990cf35b53587cad5b5f5f8904dbc82b8171b0c0038fb

        SHA512

        cfaef8c9bc4deae6044e748f301f8463c59723ac08f1610b61191be95de2a6fa2ca5744c445b951dc738abe3f1a979492d21fc3f4ce6777e0655bf51d6425074

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        956KB

        MD5

        9366c740ac259aa938f81e612e9908d6

        SHA1

        531e7f8b2982bd43a7caf5f70cb526c4413e3dde

        SHA256

        5168664dba4abefa1eb38b270d03d66a7d8444f5f36ffa6930c24b7f2cca3d95

        SHA512

        ec3bf06157b99f0dd0be1c17f8544327b303bf9b6a396b15790859da624bc49925ce135d48fbadf095992b7dcebb75cfecadb6b52c954d9e45471c6ef6d4ac8b

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-406356229-2805545415-1236085040-1000\_desktop.ini
        Filesize

        9B

        MD5

        ffee50c69ce4733057892ab912ba2f08

        SHA1

        09ffe94208f4dbeac5a20bad25ffae158e3fc6dc

        SHA256

        c1b6255859813f192c8648418d3923dc540ce2566fac2a17a736f33014438abc

        SHA512

        cb68a272d6d7941417a7dddd9988b5b1f2245fbfeb8df4876b59f7b4157e75a8328dc68cbc0b81c3d6386f75d1632a271635eca276bd274c9a5cd54b34e5c72f

        Download Submit

      • memory/1008-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1008-7-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1008-14-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1008-20-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1008-66-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1008-72-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1008-1825-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1008-3285-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1260-5-0x0000000002970000-0x0000000002971000-memory.dmp

        Filesize

        4KB

        Download