Overview

overview

7

Static

static

3

4d35e30fb2...a0.exe

windows7-x64

7

4d35e30fb2...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d35e30fb26917f4541ac0e5dbcd01cf3a336a5fc90452b6eacc320316a0aba0.exe

  • Size

    573KB

  • MD5

    80a91ca7e5b8765b1b6ce306878d96a7

  • SHA1

    a00b0bf5cad2c194ba8fe43f78c5de663b5fa9c6

  • SHA256

    4d35e30fb26917f4541ac0e5dbcd01cf3a336a5fc90452b6eacc320316a0aba0

  • SHA512

    79710a753b4b0056b786e437902be3fb49d6dbdde67645f7664638a542948d7ca91de042be86f3a0f63479cc1107e86178f588f65e424922c945b8df479c40c4

  • SSDEEP

    6144:0uJpE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHQQfu:A7a3iwbihym2g7XO3LWUQfh4Co

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3196
      • C:\Users\Admin\AppData\Local\Temp\4d35e30fb26917f4541ac0e5dbcd01cf3a336a5fc90452b6eacc320316a0aba0.exe
        "C:\Users\Admin\AppData\Local\Temp\4d35e30fb26917f4541ac0e5dbcd01cf3a336a5fc90452b6eacc320316a0aba0.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2260
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1A1.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4996
          • C:\Users\Admin\AppData\Local\Temp\4d35e30fb26917f4541ac0e5dbcd01cf3a336a5fc90452b6eacc320316a0aba0.exe
            "C:\Users\Admin\AppData\Local\Temp\4d35e30fb26917f4541ac0e5dbcd01cf3a336a5fc90452b6eacc320316a0aba0.exe"
            4⤵
            • Executes dropped EXE
            PID:3536
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2220
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4596
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3104
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3904 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:948

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          573KB

          MD5

          80a91ca7e5b8765b1b6ce306878d96a7

          SHA1

          a00b0bf5cad2c194ba8fe43f78c5de663b5fa9c6

          SHA256

          4d35e30fb26917f4541ac0e5dbcd01cf3a336a5fc90452b6eacc320316a0aba0

          SHA512

          79710a753b4b0056b786e437902be3fb49d6dbdde67645f7664638a542948d7ca91de042be86f3a0f63479cc1107e86178f588f65e424922c945b8df479c40c4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$a1A1.bat
          Filesize

          721B

          MD5

          be9916933dbf6b4351ce84628f78560c

          SHA1

          cc849f2819cfe833e09ac9841115729790d2770d

          SHA256

          0d29776b6743e3cd73b6dccc81b0b2205cf42f744686c716f18310c3384e91f1

          SHA512

          b58a99eff149075820a5d4805aebf8d549aa02b7a6e124b8e6327df98897e3d853442bdee9307bd294b84dc7e1e721e94a33e343c2f8c4d958ebd29a9b201c27

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\4d35e30fb26917f4541ac0e5dbcd01cf3a336a5fc90452b6eacc320316a0aba0.exe.exe
          Filesize

          544KB

          MD5

          9a1dd1d96481d61934dcc2d568971d06

          SHA1

          f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

          SHA256

          8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

          SHA512

          7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          29KB

          MD5

          20c6e98c959558ea79c93b292b62b085

          SHA1

          b1bed6910b2eb263d3d1268ee884266b5d1f3e16

          SHA256

          b413c3a51cfcce35b310d048cca6be88d60fd9513d900e6050b75b1200931a69

          SHA512

          2a95a2ed5dc36e4f0bf34965a439e5c0a4ac946b3497fec8fe2d8246d89c37e5b002e3727a218e715e314c08f4dc96f1c16e563cdd1fe1fa8e58068f35c7192e

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
          Filesize

          9B

          MD5

          2be02af4dacf3254e321ffba77f0b1c6

          SHA1

          d8349307ec08d45f2db9c9735bde8f13e27a551d

          SHA256

          766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

          SHA512

          57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

          Download Submit

        • memory/2220-33-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2220-19-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2220-8-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2220-26-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2220-37-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2220-41-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2220-71-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2220-1015-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2220-1182-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2220-1785-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2260-0-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2260-12-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download