Overview

overview

7

Static

static

3

e3b7ff33e6...c5.exe

windows7-x64

7

e3b7ff33e6...c5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 07:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e3b7ff33e69c6c534ffbfbe570b3f516b7635a302a62fe432948926f34291ec5.exe

  • Size

    88KB

  • MD5

    bd56685c827303195b84479f75d3739a

  • SHA1

    4b6de130e2220dfe559578d90a6656ec5398ed57

  • SHA256

    e3b7ff33e69c6c534ffbfbe570b3f516b7635a302a62fe432948926f34291ec5

  • SHA512

    f43ca4e5066f8dd5d9685dd847f209aa064686409b9cdb4bde075b0955e7216e08a028298ec4c8a03cc45cdb46ba7d5e245e9977a67ddb3f17d49e39314eabe7

  • SSDEEP

    1536:T43SHuJV9Qax6yapmebn4ddJZeY86iLflLJYEIs67rxo:T4kuJVFvLK4ddJMY86ipmns6S

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3516
      • C:\Users\Admin\AppData\Local\Temp\e3b7ff33e69c6c534ffbfbe570b3f516b7635a302a62fe432948926f34291ec5.exe
        "C:\Users\Admin\AppData\Local\Temp\e3b7ff33e69c6c534ffbfbe570b3f516b7635a302a62fe432948926f34291ec5.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1304
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6939.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3220
          • C:\Users\Admin\AppData\Local\Temp\e3b7ff33e69c6c534ffbfbe570b3f516b7635a302a62fe432948926f34291ec5.exe
            "C:\Users\Admin\AppData\Local\Temp\e3b7ff33e69c6c534ffbfbe570b3f516b7635a302a62fe432948926f34291ec5.exe"
            4⤵
            • Executes dropped EXE
            PID:3764
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3480
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4972
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1636

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        5427c8355686e9236966d4dcd2119f7d

        SHA1

        441677316f5b657a05982f73fce0c439e7155a44

        SHA256

        678007290f0ed12852fcdeb88dd9cdb7b40913508d8cc9772cfcb40a7e217936

        SHA512

        67cdc1309d3e076088b3d16875b92f2bd0f060576441319e325560eca7d7c5f0afd15165cc76f49887fff67c869c5c835925d81288ad2add23d0d89a5647f97b

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        13422276d7810956f6445967f57b3d4f

        SHA1

        ad27cd941dc130c87147544dafb3fb889ce097c8

        SHA256

        6194a5dfb2209516a0de7872b2f3eb13212df3cd68943f5b2f6a1ff075547a06

        SHA512

        91b019fa08ae70098b00cb19662c9978be34825760be4f4aae4bf70517cd9e0c146a0870e3577faa85d8efd1290351cd0818e2da1856c3fb860c9415b22293c9

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        470a3027d524047e1388a789be103e9e

        SHA1

        9af6b6db9925b91470a1c7c8d8758f670a76fa8c

        SHA256

        390515c293a7534b1badec267568e5a3f2b7348314adcc1eaf2a2e066592ab59

        SHA512

        0c76ca58bc45cc3f647dfa617f778457762e1864cc9c41f042f629416165866dda6e8d4d3575bdff12025b70548b0beab4c403213813928668011b388a2138a7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a6939.bat
        Filesize

        722B

        MD5

        b11fa315c0009c2105cff5d9b4b5da93

        SHA1

        9d0d1e028904f15b18b6580f6feb092215773e21

        SHA256

        8c90f82c33595db979f50f9adad8304a99b10b7a62785bdf92cd58cdb092296c

        SHA512

        b99864dcf6f63174fcf553bc2dc879e1a0742135ff290ddf6078ba9fb2908176bd1cab67cf081bec80699cf99f7e1a726de8a58adbcebd06db8d2fd5d05e37e4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\e3b7ff33e69c6c534ffbfbe570b3f516b7635a302a62fe432948926f34291ec5.exe.exe
        Filesize

        59KB

        MD5

        dfc18f7068913dde25742b856788d7ca

        SHA1

        cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

        SHA256

        ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

        SHA512

        d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        243b2978a3e87c6a237767247bbbf6ef

        SHA1

        b592a11def8ab37d926ab4bc5601aaf1fc852c2a

        SHA256

        ea5e030c047d36a2bd930bd50153e3bf228e7644a3e30ce24bc9cb0f92f48a9c

        SHA512

        f8a617e6c1b790984b8df091938966b68916033b596b0fad51e2c19e0f33ccead7fe35032d0b8db2747fa20f065b87b36226c15e7e46eef73686699f142d71f6

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-4084619521-2220719027-1909462854-1000\_desktop.ini
        Filesize

        9B

        MD5

        72b7e38c6ba037d117f32b55c07b1a9c

        SHA1

        35e2435e512e17ca2be885e17d75913f06b90361

        SHA256

        e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

        SHA512

        2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

        Download Submit

      • memory/1304-12-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1304-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3480-26-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3480-36-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3480-28-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3480-1226-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3480-19-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3480-4792-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3480-9-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3480-5231-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download