Overview

overview

7

Static

static

3

4503e01489...1b.exe

windows7-x64

7

4503e01489...1b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4503e01489b3052532b7de4845cf9950b7fb7300d7c59369fa4b92f20551281b.exe

  • Size

    88KB

  • MD5

    ca873718c40924b8dad2d2426c98d327

  • SHA1

    735a846507a6d7e0766aa89ce1e921f2542fcec8

  • SHA256

    4503e01489b3052532b7de4845cf9950b7fb7300d7c59369fa4b92f20551281b

  • SHA512

    2a42d3cf9f5c5df321ed4f91d7eca46412067df8873e992959b92e22bfcdb9ac4bc34bb7c633857b8b467831bf4ea910536af2bb420d1c6f1aa88ae6088262f5

  • SSDEEP

    1536:ptD3SHuJV9Ntyapmebn4ddJZeY86iLflLJYEIs67rxo:ptDkuJVL8LK4ddJMY86ipmns6S

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3420
      • C:\Users\Admin\AppData\Local\Temp\4503e01489b3052532b7de4845cf9950b7fb7300d7c59369fa4b92f20551281b.exe
        "C:\Users\Admin\AppData\Local\Temp\4503e01489b3052532b7de4845cf9950b7fb7300d7c59369fa4b92f20551281b.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4464
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a32B8.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:808
          • C:\Users\Admin\AppData\Local\Temp\4503e01489b3052532b7de4845cf9950b7fb7300d7c59369fa4b92f20551281b.exe
            "C:\Users\Admin\AppData\Local\Temp\4503e01489b3052532b7de4845cf9950b7fb7300d7c59369fa4b92f20551281b.exe"
            4⤵
            • Executes dropped EXE
            PID:4808
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3060
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1312
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1408

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        acd3efdb8830b647d12d588722446be8

        SHA1

        cb0771cd6a4a8da78395018b7f1cfc78b749b8ea

        SHA256

        dcb724651943d49df290fffa5f750f598825688a6d805d29b9219a9d86c70f4c

        SHA512

        68d3207c376cc7983ffa57150ff9978501880e8b0e865280c60a8d9fbd8cfdf56873e4f0a1653c2911465a4fbe70699057375be077395d5a14e886f94b5135ff

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        cf4e3bae04bdadb00d1c0031f3e83b4b

        SHA1

        a891189ddcecf038fbc2a1a406ee647d4377bb4c

        SHA256

        7bd39bae2e652b9efaeebdc1851a5a918bd10bf9f698d9f1c0fc28e8eaa81cc0

        SHA512

        d85b89e87a593dff3a1205abed52e03b745fe60acb0778c36ba657e5578aa2ec5fded43ba323854aad7c923722e6cde746f68d6424aef797d2f10d47707a3f53

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        78dce78141f21990ddc2880082f61f81

        SHA1

        c342d95c158fa5ae6059e916a8632828ee59179c

        SHA256

        f0ac1e616bcc6a3ae19c5dc02fb6c6ef2607126a1b15a0dd3460e9a1d30d5e40

        SHA512

        0e201dca71730204d9c31ad7e0ec94e4d1fad0f3e0221e4fad1d7f2b87b7104b932e14963e604305166f8ab085cfed2d3f3b8b686f84bf297078f1ad28c9f297

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a32B8.bat
        Filesize

        722B

        MD5

        b2adc10502dc1cecefec77ad475334a6

        SHA1

        5b9b9d4a18b9df99aa6d00e914a9a665b9162935

        SHA256

        f567b379878df1eedd6862a0112947af70380bc46fdfa1dd2ffe9e22ed7d5922

        SHA512

        71a98a0e1f8e41edeec5848a8fcf3b4d6e6bb0ced271650eb664338bc88e9ba06325e00763ad5d751c712bcb8c19100ff36dea468d0e3e701bc0123b7a2c0751

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\4503e01489b3052532b7de4845cf9950b7fb7300d7c59369fa4b92f20551281b.exe.exe
        Filesize

        59KB

        MD5

        dfc18f7068913dde25742b856788d7ca

        SHA1

        cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

        SHA256

        ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

        SHA512

        d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        b66e0ea105de456f0d8801304fd4720a

        SHA1

        b789094d238484b6179a831b302945ba41282535

        SHA256

        29392376b2fa0ae7ff030d5f3db1933421ac7e401da5aaa8b789ad0d97f30274

        SHA512

        cf1c156f525ab87cf4b9f84bddb90e59b7e0bac85f62b801415dfcca370b1cf7f757dcb917de870ccab19800b3320b929e717ba504eecc42cd6a40a5669786d4

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-355664440-2199602304-1223909400-1000\_desktop.ini
        Filesize

        9B

        MD5

        2be02af4dacf3254e321ffba77f0b1c6

        SHA1

        d8349307ec08d45f2db9c9735bde8f13e27a551d

        SHA256

        766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

        SHA512

        57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

        Download Submit

      • memory/3060-26-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-33-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-36-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-19-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-1227-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-4792-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-12-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-5231-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4464-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4464-8-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download