Overview

overview

6

Static

static

3

d1dac160c0...fe.exe

windows7-x64

6

d1dac160c0...fe.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-03-2024 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1dac160c031e0cc6a9503e1e0b4a36571e0293ba050f5a9c859ece04896dffe.exe

  • Size

    29KB

  • MD5

    5e89dcb94742ed6215c602c94b743e50

  • SHA1

    0699c02b02d583ae5292a68e0ade2ca27992e1f1

  • SHA256

    d1dac160c031e0cc6a9503e1e0b4a36571e0293ba050f5a9c859ece04896dffe

  • SHA512

    84e8e5645828712fe3e372e1bcdb9453133873b487cc2088d3b8562f948061a041bbe22f93361b62d30ae55cbaf955cef7dc36978eb59c7cbdde2f86f8ce31ad

  • SSDEEP

    384:NbbT2wuPW1Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOnJh:pAPW16GVRu1yK9fMnJG2V9dHS8

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1280
      • C:\Users\Admin\AppData\Local\Temp\d1dac160c031e0cc6a9503e1e0b4a36571e0293ba050f5a9c859ece04896dffe.exe
        "C:\Users\Admin\AppData\Local\Temp\d1dac160c031e0cc6a9503e1e0b4a36571e0293ba050f5a9c859ece04896dffe.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2208
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2288
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2504

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        d20a8f02fb08eecf5f0eb07335b3422d

        SHA1

        dcdd5d2f82c7870591425528b78634e08eb34ca9

        SHA256

        c33037d6b0e39147d1383fd9a5c2763c6dadaf47f90bc325736f9f382b408d2f

        SHA512

        602c3c440e594e8893c94e55c4975a1287d48ebe08e22cbf8483d23de7c83b6c3908fae7214f7b42e32354d24aaffb9311804bfb792e0d8d706b10973ecbd534

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        959KB

        MD5

        94148257cdf807e913ede7e54bfaa919

        SHA1

        cb15728a1218afb8d242499fe4a3cb87f918d3af

        SHA256

        4edb29f93429d3f05227eb172d3148a290e901baa6e7c071ef049f245ac5034e

        SHA512

        1f1aa72b1835d56e026221bafb53bf9a19423aa822cfacd7090e268f9f4c15d9a01dc4403abb4a591e836ea1a97466271db365ae96be4ebb69af4a0ef5dfecd8

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-406356229-2805545415-1236085040-1000\_desktop.ini
        Filesize

        9B

        MD5

        9d515d16952bdb1cf51672ad091046bc

        SHA1

        5fe954c6d41499122182eb48cf6f9d203b9eae7c

        SHA256

        12ddf5d72be26a3f4fb46d905661e24bf30948454c9701f20e50436a238a25db

        SHA512

        d0f7522406355a837e55f5a99b6969ed4b0ccbc2e427b83a917eedffc37899b139c2b33ea73a90469a6045b3b71848bf97641528644a4a3f55d666223fa31d4b

        Download Submit

      • memory/1280-5-0x00000000026D0000-0x00000000026D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2208-67-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2208-21-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2208-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2208-73-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2208-15-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2208-1826-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2208-8-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2208-2411-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2208-3287-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download