Overview

overview

7

Static

static

3

bc6a1af99c...2f.exe

windows7-x64

7

bc6a1af99c...2f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc6a1af99cbb01a592627cb05b1041645b8d675fcffb70f4e5a3f29e6f52f72f.exe

  • Size

    362KB

  • MD5

    6fcb9f7bb2b2e428f5320b10e17d3da9

  • SHA1

    857420aa3bb20a1ae2bced11a9a575aacf69270f

  • SHA256

    bc6a1af99cbb01a592627cb05b1041645b8d675fcffb70f4e5a3f29e6f52f72f

  • SHA512

    70d1a68924a70346f3f3301a41e694352832ad53710818db22c2871d0998fa315ef433e3f74dbf4e17c07de90645610f7c101096ef2ea6461099537dd6c6462a

  • SSDEEP

    6144:bFp9zU66bkWmchVySqkvAH3qo0wWJC6G/SMT4FWqC:xpRU66b5zhVymA/XSRh

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3548
      • C:\Users\Admin\AppData\Local\Temp\bc6a1af99cbb01a592627cb05b1041645b8d675fcffb70f4e5a3f29e6f52f72f.exe
        "C:\Users\Admin\AppData\Local\Temp\bc6a1af99cbb01a592627cb05b1041645b8d675fcffb70f4e5a3f29e6f52f72f.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4988
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3160.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:556
          • C:\Users\Admin\AppData\Local\Temp\bc6a1af99cbb01a592627cb05b1041645b8d675fcffb70f4e5a3f29e6f52f72f.exe
            "C:\Users\Admin\AppData\Local\Temp\bc6a1af99cbb01a592627cb05b1041645b8d675fcffb70f4e5a3f29e6f52f72f.exe"
            4⤵
            • Executes dropped EXE
            PID:2440
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4352
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1372
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4652

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        5d32193de2cfdf187b43e5aff62a4fd2

        SHA1

        69c3b62ab39c979b2ebaff09c8f299ac3966690f

        SHA256

        b777124eef2f354f48d4e31f57404982b2dcfaa8a08f18cc81dccb11459a367f

        SHA512

        793dff9014d718b26300d6210fe9335131dd56ec0f6c48374ec1777b98fc5fa48cf285f6e066a02813fa77adab8269692e9ec4b14dc11bc04bf4782534ad9ae8

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        a1e57af09339824060d8a7932a8835df

        SHA1

        9f996516ac086808685c7881f792a6999f08f17f

        SHA256

        140672e1f00a179bc8c347b30c377661feb60494fd12de24fb73251f08249834

        SHA512

        09a9d04e62fc469fe071ac39d9484096df230528924307cd92b804056087e2f206ff3d676119a01badb51beb869777cadc9772964cd3fca20a70066d185331d6

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a3160.bat
        Filesize

        722B

        MD5

        406206a75a1aad6401a9fb946dc1beb9

        SHA1

        edd54a92a03e8799785aa768d7760513c2823889

        SHA256

        0ee343acb3df0b7ffe861d66c6e8ce673c47df66d9e5266d44a7363bce540005

        SHA512

        94c2ff301b9632b36f147954d76cae4f959c94db4fd4c659e2ed983004430bed65a5d582e0f31948cc44b6512a11b26afc60268c549050b7fdcbdc19e354ffb2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\bc6a1af99cbb01a592627cb05b1041645b8d675fcffb70f4e5a3f29e6f52f72f.exe.exe
        Filesize

        335KB

        MD5

        40ac62c087648ccc2c58dae066d34c98

        SHA1

        0e87efb6ddfe59e534ea9e829cad35be8563e5f7

        SHA256

        482c4c1562490e164d5f17990253373691aa5eab55a81c7f890fe9583a9ea916

        SHA512

        0c1ff13ff88409d54fee2ceb07fe65135ce2a9aa6f8da51ac0158abb2cfbb3a898ef26f476931986f1367622f21a7c0b0e742d0f4de8be6e215596b0d88c518f

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        45fabbad5797257dc9a43b6cc8d2432d

        SHA1

        67df885f45d55667a66a6ec54b07bb1d84eab7de

        SHA256

        26ac0021f99062a8bfe7fb75f9af3bb948576eca9585dd54701f27fad6706b6c

        SHA512

        296c7145356bf381683b2095ab5b897003edae7e5db0e14c737e356340905fcde29a9f1fc94b9737d5efd95fbe132d4661b5316405445e6cde136c9a59a0d25c

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-355664440-2199602304-1223909400-1000\_desktop.ini
        Filesize

        9B

        MD5

        02ced53ce3f5b175c3bbec378047e7a7

        SHA1

        dafdf07efa697ec99b3d7b9f7512439a52ea618d

        SHA256

        485bb2341321a2837fd015a36963ea549c7c6f40985e165fd56c8a1e89b3f331

        SHA512

        669dde3ea8628704d40681a7f8974cf52985385c92a61a540c97c18c13eb4d451207ae171b2a56cd061cadbc90e672a84eb55111b1f5016846918d73fb075c99

        Download Submit

      • memory/4352-26-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4352-32-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4352-36-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4352-19-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4352-1226-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4352-4792-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4352-12-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4352-5231-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4988-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4988-9-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download