Overview

overview

7

Static

static

3

5e8ae276e0...33.exe

windows7-x64

7

5e8ae276e0...33.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 04:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5e8ae276e033383aa6459654ddc97969243ed582ac70a40779766846279c0533.exe

  • Size

    7.3MB

  • MD5

    743dbbf295a884dfcf1cae2daec55193

  • SHA1

    2e3cf1c38e4c3e9293fa01a775477c5f645ac7a7

  • SHA256

    5e8ae276e033383aa6459654ddc97969243ed582ac70a40779766846279c0533

  • SHA512

    a7d99e240cb0288ef39a96dedbb96e2f0c4cb7f460beb8b602cc2cffd741efb5baa3d461ae127cef7e87db35b445f8b9eab1a0c3dda2abff11ea736e5d1b404d

  • SSDEEP

    98304:4mB9OWBVClfcaA1oZeSajfztbVCGQX4bME4bP8nQgMVQNKe5AJbI8D:4g9OHi1oZepfxUGGNQNKe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3408
      • C:\Users\Admin\AppData\Local\Temp\5e8ae276e033383aa6459654ddc97969243ed582ac70a40779766846279c0533.exe
        "C:\Users\Admin\AppData\Local\Temp\5e8ae276e033383aa6459654ddc97969243ed582ac70a40779766846279c0533.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3344
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC738.bat
          3⤵
            PID:2424
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:4888
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:3908
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:1192

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
                Filesize

                254KB

                MD5

                a036bc46b8f17b2af3637b788423d6b3

                SHA1

                f1ffdfb2ecf8ef1bfddcf0a2a42ac62c234bbf87

                SHA256

                bc659808d3143ea5818d3939662cc861ebc1b7d58c3dc08705017af49a700b1e

                SHA512

                b72703148c657255dc4f10b8b101f19385f0b487a503408b79d91bd1ace979e8374c938bf7d5bd590b1ef277b02837701252792b8b92917640591f27199aefe6

                Download Submit

              • C:\Program Files\7-Zip\7z.exe
                Filesize

                573KB

                MD5

                e1eae81482621cdac8824ba25efae29d

                SHA1

                52689e758a44b270421e4cc4b2793828a1780fb7

                SHA256

                99f2db0db26146f097c0c811ebcc275dc0682642cc75abe86f8fc6455b9aa36f

                SHA512

                fe747b72628a8e13914b96b4bc2cba608c16661ec71e23b06d18b48af438872e5753f9fce65113d4da7cb73beabb86ce0aa0cf28472d151365b1cbd20aacd789

                Download Submit

              • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
                Filesize

                639KB

                MD5

                ad5a7e5eb1a1cdd791957e07c93748ae

                SHA1

                6e4f8c5f4d791327e11d0d68ca6f514554af8481

                SHA256

                cfee92d916fbbb95d8282c3264d3708ad1ddfdd9db4daaf00e0c96a22854c4dc

                SHA512

                a8acd191aec48dac8d5808a93ee973ea52793140e318b4d870fb10e4e8ba0756fe95654134dd1c175168375a0f7caebfd8a7d46a9b3dc71006f830b53dd9fefe

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\$$aC738.bat
                Filesize

                722B

                MD5

                76aaa9955db63adae8bb8fb956fbb091

                SHA1

                46c96732b93a6b3398614eaedd6c3d5cce5cde14

                SHA256

                dca2738d4c8eb0312eda2f24c37f306e843f4d199ecb64b81ca973f741247c20

                SHA512

                1447f47a470d9c54b1e4c58f9b021bc9c708eee3368cc8c909950088649d240528cc50d6291cb67ac8ece7c1a319d192ec023e084afefa9c0d258338c590b12a

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\5e8ae276e033383aa6459654ddc97969243ed582ac70a40779766846279c0533.exe.exe
                Filesize

                7.3MB

                MD5

                172b6d29b3cdcdf2b0b14332eb216161

                SHA1

                7534c39aecd8a968c8cdf34db4cb388d999a3065

                SHA256

                3bb1c042bf917e6577be28edce3243628e9ce4245e9abbc2cc0196ccca26630c

                SHA512

                71e4e14c689974821c0bb80637a53cd5234df0111b809612ac810846fe2ba9d288da20141455b984dd842c8343166f807f8da51e74b66fbe3aec181db72806ce

                Download Submit

              • C:\Windows\Logo1_.exe
                Filesize

                29KB

                MD5

                3779b7c17bd509ec3a5074fe2d4b29d1

                SHA1

                03ad48fea32d38ae5b61e125aece75b5eb4e564d

                SHA256

                6e33fc0dcbafb1c8b0f74ba3d95f64c1240c4a6ebb3e93888c6324b81a722453

                SHA512

                28a8fa23da21f7a77aaecb5dcb1ad0cce08d1118ef8644276ff258c583d0ab102ec861f1fe623b856e36e65d04db3dfb7db3973b2e1b56eff136b965da26aead

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-2288054676-1871194608-3559553667-1000\_desktop.ini
                Filesize

                9B

                MD5

                02ced53ce3f5b175c3bbec378047e7a7

                SHA1

                dafdf07efa697ec99b3d7b9f7512439a52ea618d

                SHA256

                485bb2341321a2837fd015a36963ea549c7c6f40985e165fd56c8a1e89b3f331

                SHA512

                669dde3ea8628704d40681a7f8974cf52985385c92a61a540c97c18c13eb4d451207ae171b2a56cd061cadbc90e672a84eb55111b1f5016846918d73fb075c99

                Download Submit

              • memory/3344-8-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/3344-0-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4888-25-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4888-35-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4888-31-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4888-1197-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4888-1226-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4888-18-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4888-4791-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4888-12-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4888-5230-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download