Overview

overview

7

Static

static

3

cee964296a...ce.exe

windows7-x64

7

cee964296a...ce.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-03-2024 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cee964296a3441cda07893b772b68d15d6e22f5649fa2de45a7753aca27628ce.exe

  • Size

    487KB

  • MD5

    ad8007511bd20d7f503dfeaffbe919fd

  • SHA1

    e31688bc97e8d158bd0da8f04b21e4dc9efd926b

  • SHA256

    cee964296a3441cda07893b772b68d15d6e22f5649fa2de45a7753aca27628ce

  • SHA512

    fd8b7e31fc679756ae14d881feefa28297b3709e8b963bb6d31b8f6faab21364580ffc7c78a0764527ec3c8e05777b4db4a24ed11ff1bb1cbc9ede0d3965c306

  • SSDEEP

    6144:ZXuJoz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV4:R1gL5pRTcAkS/3hzN8qE43fm78V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3376
      • C:\Users\Admin\AppData\Local\Temp\cee964296a3441cda07893b772b68d15d6e22f5649fa2de45a7753aca27628ce.exe
        "C:\Users\Admin\AppData\Local\Temp\cee964296a3441cda07893b772b68d15d6e22f5649fa2de45a7753aca27628ce.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3568
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a323B.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2208
          • C:\Users\Admin\AppData\Local\Temp\cee964296a3441cda07893b772b68d15d6e22f5649fa2de45a7753aca27628ce.exe
            "C:\Users\Admin\AppData\Local\Temp\cee964296a3441cda07893b772b68d15d6e22f5649fa2de45a7753aca27628ce.exe"
            4⤵
            • Executes dropped EXE
            PID:4764
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4184
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4600
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1892

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        3a9e3f48dfa3fe9fdb994723a23d73bc

        SHA1

        9aecc76a820839a16913e78318d430e794319949

        SHA256

        6c13925b5bdd985d2e04af1933a1d76feb7192de4637de9a709564705fc9dd81

        SHA512

        a3651033d18e0aef67eb990d068756dafb716e5d5d1ce9608fffbce57ae29e25caf3d61f18ec241bbb28e69c89be51dd0b3ed44d5255db37b59c09f2ab65829b

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        9731c7e9e2cd3b065d66ce49c1db4048

        SHA1

        cab3904588f07f9d978c8fe218348dbffb5df90d

        SHA256

        9b58d4a51608648c8301250655eb75b2bf8f159b5509bf1fa8629c681f30bc17

        SHA512

        016e009b695553a70871615e74814fce347222c83016de04108a8b0f0fe8ee338788d230388ef3f18a773613bc1931c1c679cbfba04c395d01910ebed50b2e7a

        Download Submit

      • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
        Filesize

        484KB

        MD5

        45268e665a2d4307baca16b4a08dcbf5

        SHA1

        2c9c0408fb4cef19db38fe4049422f34f38d7d0a

        SHA256

        145b05019248756bb55c20f5665f47f66f36a17b7a26d76fa59e522c9706b5d6

        SHA512

        c4204f5eeb30c16eecba0d4f6ff51e081d16375b28c2801f7e33a84ae0a9ad139a20bc951a0a53c715740cb8c966c36c782ec3724942bda0328580c7ff598cad

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a323B.bat
        Filesize

        722B

        MD5

        afc40fc13375dc744cb24be8ca7c3dbd

        SHA1

        d8b0e35edda911989f35a3cd9f9117b32eb33247

        SHA256

        955848981a0fb694d5fba00af6e0c491513decbc842b40e3883bae8e35fa6c16

        SHA512

        cd1a1725cd3cf083ce578fd1ed2d709bd650c4a2c2ea6dbd4e65416704427ae4fb959bf31e64afeded413464397dcd1773a0a4cd8ef3d90f9f98f43d0e3dc950

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\cee964296a3441cda07893b772b68d15d6e22f5649fa2de45a7753aca27628ce.exe.exe
        Filesize

        458KB

        MD5

        619f7135621b50fd1900ff24aade1524

        SHA1

        6c7ea8bbd435163ae3945cbef30ef6b9872a4591

        SHA256

        344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

        SHA512

        2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

        Download Submit

      • C:\Windows\rundl132.exe
        Filesize

        29KB

        MD5

        72204b3896b27e0e4b58190ba1ed8195

        SHA1

        762d4a960b35d2c8a7f458f109291948175799b8

        SHA256

        34aa074b53f45173252aa8c2b82c3eda84f8dc4c447fcafc9fe580f71badddc6

        SHA512

        cbabd2d4bf84a4f5a167d6d31011f0fece755f3cce318ec18f3c85bedd658f22c806eeb89234515fc814e1c24a4bbf60c58a0b0931e820b22133b3d240540cb7

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-399997616-3400990511-967324271-1000\_desktop.ini
        Filesize

        9B

        MD5

        54b7af1605eeb1f5569c4b61bc719660

        SHA1

        36ae9b4051c72b86fc5bad5d175acf9e9ed12076

        SHA256

        9b92406bdee720b5f88c329b99690d3721c7f917aa57c3febac6efcb7e938a2b

        SHA512

        83b77ba22dde00916a9be4d1e12d9ff8584c6e53c192107edca49ac6608fc82718a7d902e4143c2968e92cf53853d5b7a94f8b6d6a7c5d29c4add5ea04ae1704

        Download Submit

      • memory/3568-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3568-8-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-37-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-32-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-41-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-12-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-1008-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-1175-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-1913-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-26-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-4740-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4184-19-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download