92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c

Analysis

max time kernel
0s
max time network
8s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 23:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe
Size

222KB
MD5

17f14555fcf8ea8f37f4902bf00782fe
SHA1

dc5a5328c6024a9b025bf3a23b74af1eaf3ce0bd
SHA256

92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c
SHA512

6e776a22d32edba4f3a6085f92c9f45aaaa0e514b32a84cf8069877297124ec6e348beb30830c20eae980dbdf8e3dc0d8d60df46aa9efc517cd976bed179de1b
SSDEEP

3072:KftffjmN/aSi/qNwmmfg63jDpmSMG/0iAO7D1E2rr5dpUebuk1noV0NLPmd+1:KVfjmNylmmfg6zVmjK0idbucRLP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3680	Logo1_.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe
File created	C:\Windows\Logo1_.exe	92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe

Runs net.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 1356	4876	92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe	83
PID 4876 wrote to memory of 1356	4876	92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe	83
PID 4876 wrote to memory of 1356	4876	92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe	83
PID 4876 wrote to memory of 3680	4876	92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe	85
PID 4876 wrote to memory of 3680	4876	92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe	85
PID 4876 wrote to memory of 3680	4876	92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe	85

C:\Users\Admin\AppData\Local\Temp\92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe
"C:\Users\Admin\AppData\Local\Temp\92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2C11.bat
  2⤵
  PID:1356
- - C:\Users\Admin\AppData\Local\Temp\92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe
    "C:\Users\Admin\AppData\Local\Temp\92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe"
    3⤵
    PID:3256
- C:\Windows\Logo1_.exe
  C:\Windows\Logo1_.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    PID:3728
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      PID:3572

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39a5055 /state1:0x41c64e6d
1⤵
PID:3504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a2C11.bat

Filesize
722B

MD5
d8bd0fb0bb38a6ace66545c32a9a6c47

SHA1
0ee259e860021981de3cf9a17ab5719c28d90bc6

SHA256
7f32f72672a3e8b88540ea90033f6d124209cc046d9de99adfe60c5985927622

SHA512
f811d39378649dec53b25c2713e59e6a50d85f89e4006b03212518f925a983ea95f1f034f6585b1d3abe2de6bb686f9c5c5029b52170f909a334f1f1d5833a66

Download Submit
C:\Users\Admin\AppData\Local\Temp\92ad7fb5f279baf4133b3b8981ac34ef56dbe26ed946e21b6a348198375be79c.exe

Filesize
196KB

MD5
218c296901cade577e8952e437aced34

SHA1
41c1be576c349730b42d2086c8f4184b66a9924e

SHA256
539f365bfcffd9ff57ed94d7943d40553cd345b7daec2ae3330ef77c7be88a6c

SHA512
923b0b7dcc595760801a09ce15f532749f25ad0563cff94bf26f73f4f88b4b2650a852a0e7a3bfec9ed5b1730f77035a3da54e19f2363a6bc8ba7f0387bf1ea1

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
e775b4af8097a3d5af255a698fa52750

SHA1
cf922ffbd0cd996e51c469fb035b1d564fa926b4

SHA256
8fdafecfba18d52ff994ce55258a62359d1e03851a8ffe4ca88c75bc8323948f

SHA512
007275f84970cb6eddf464171c67ceb1e2009e2c8173d0ae7e09e4dbdbc7d12f9c1e487b1dcfeb4d047fb57b5f687ffbf731bc7d90a73be9b680b7c49cfed773

Download Submit
memory/3256-18-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3256-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3680-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3680-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4876-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4876-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads