Overview

overview

6

Static

static

3

a0a30b7768...e5.exe

windows7-x64

6

a0a30b7768...e5.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-03-2024 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0a30b77689b576933f180e999cf603a0b85e08fbb223e10804458b735d98be5.exe

  • Size

    26KB

  • MD5

    3b6a05b3634e7169fd0ad6deb0dbc644

  • SHA1

    4beb4f3237883a962da7c83f9c9fcb8e3924912c

  • SHA256

    a0a30b77689b576933f180e999cf603a0b85e08fbb223e10804458b735d98be5

  • SHA512

    c1cbe6bc734de171ecd9882899f03f82f28e82d99412bff8af5c22d18c4455dcdb3695ff38f3e720e74a3b9c373ee4191d21a92ecfdf952c15403e3bbb382af5

  • SSDEEP

    768:m1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:AfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1200
      • C:\Users\Admin\AppData\Local\Temp\a0a30b77689b576933f180e999cf603a0b85e08fbb223e10804458b735d98be5.exe
        "C:\Users\Admin\AppData\Local\Temp\a0a30b77689b576933f180e999cf603a0b85e08fbb223e10804458b735d98be5.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1264
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1100
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2620

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        09016b1f43937f57b85c873442c14063

        SHA1

        b3d26fe1b70d2e0973919f1d50a1d84fd2f23931

        SHA256

        1718327aff16407c961f5f8b97f048eb69587a816ec262a96dd267a8c18add27

        SHA512

        a875b5e8d9d7ac74f0a9786c03132e530f7324fa7628c960cc4ffd8a6f83aea169031d712fa4045b9715e2c7092d966eef6d66089401ec8f936a314649d430fb

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        956KB

        MD5

        501cc556efba5f07d21f741d45f3f498

        SHA1

        b082e138e899eed0e72f1f8e05f29bbb98f9bdec

        SHA256

        13aa67164b95fd35b7933a29889a0d2871b201c5c9515662d032493e590b5439

        SHA512

        e7b8c115c36201a9c80c5cfe474ff1a723f55e74bc77a68bca1eb0eea2cdc2a217f5a275d23596b9ca50ecb889b16ad290bb5ef9589abd3253325d29c15da68c

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        471KB

        MD5

        4cfdb20b04aa239d6f9e83084d5d0a77

        SHA1

        f22863e04cc1fd4435f785993ede165bd8245ac6

        SHA256

        30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

        SHA512

        35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3452737119-3959686427-228443150-1000\_desktop.ini
        Filesize

        9B

        MD5

        cbff752523567179ac32a14f905e1944

        SHA1

        446aa136e2ec27c083df7dd49d0252f1c0243bde

        SHA256

        eb7756d2a0d4fe754f1fe3d1d30c92a3f7ac52252b13cd171fd7ce553d760371

        SHA512

        9131c53463d7ce35aa85fbd70b312fdbc04c7c649fae0f6a762758e8e39ee863bdf84a6d23d1879814f69a6d4c4fe38501235c2e557b68309d560f06c18e9eff

        Download Submit

      • memory/1200-5-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1264-67-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1264-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1264-73-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1264-21-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1264-466-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1264-1826-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1264-1960-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1264-15-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1264-3286-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1264-8-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download