Overview

overview

6

Static

static

3

a1c4765489...30.exe

windows7-x64

6

a1c4765489...30.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 14:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a1c47654896d7c78937bf82083af325d1eb007deee89830ad78d48659e9e6730.exe

  • Size

    26KB

  • MD5

    f6bc7ff37e4968ed377720ee5e275f9f

  • SHA1

    2ac8d03270bd7acf83191669d7e60f4e640452a7

  • SHA256

    a1c47654896d7c78937bf82083af325d1eb007deee89830ad78d48659e9e6730

  • SHA512

    7495c95835c25472b619cea2f303c3a66be88e0967a715df151379f31a30bda2c4392c845bba78eaed939197e080d70decf01222c58ed0ab6fe4c2dd62bf95db

  • SSDEEP

    768:y1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoGwXnKx:UfgLdQAQfcfymNG+Kx

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1136
      • C:\Users\Admin\AppData\Local\Temp\a1c47654896d7c78937bf82083af325d1eb007deee89830ad78d48659e9e6730.exe
        "C:\Users\Admin\AppData\Local\Temp\a1c47654896d7c78937bf82083af325d1eb007deee89830ad78d48659e9e6730.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2080
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2188
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2560

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
              Filesize

              251KB

              MD5

              03f2b0baf58ba658d3a68c3a410c7103

              SHA1

              aeea14914f27c7b4d962caeb90e9dfadde1fffab

              SHA256

              895644b779b1d449613044a4f5f7da13ce5bebbda58d97961cbb7d1f18d95c40

              SHA512

              efc74a220ab91fe06331ac388149cad22d88f12aae2e3d601f00570dde02d06c61421285608a48287e8f688ad1112cce57e287f8d87700fd59d4f162a946f706

              Download Submit

            • C:\Program Files\7-Zip\7zFM.exe
              Filesize

              956KB

              MD5

              9bd082f539046b92281ad4ec17940f73

              SHA1

              785df9eb5b59a82bd19f0c96202037fe6451757a

              SHA256

              30fcae65670c8f6350dbd1866a8b01e699ce678f0fb04a9b9533ca3e68a2c703

              SHA512

              1ffdda672d9603dbd057b268ee001ece453a24e7f38b121c669bb83f53cb4ae84afc2a2194964319c39105020b5d54281a8af6e328b257bd5714461901de0f4c

              Download Submit

            • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
              Filesize

              471KB

              MD5

              c6c8fde27f649c91ddaab8cb9ca344a6

              SHA1

              5e4865aec432a18107182f47edda176e8c566152

              SHA256

              32c3fed53bfc1d890e9bd1d771fdc7e2c81480e03f1425bce07b4045a192d100

              SHA512

              a8df7d1e852d871d7f16bae10c4ff049359583da88cc85a039f0298525839040d5363ce5ef4cbdb92a12a25785f73df83cf0df07752b78e6e6444f32160a2155

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-2297530677-1229052932-2803917579-1000\_desktop.ini
              Filesize

              9B

              MD5

              72b7e38c6ba037d117f32b55c07b1a9c

              SHA1

              35e2435e512e17ca2be885e17d75913f06b90361

              SHA256

              e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

              SHA512

              2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

              Download Submit

            • memory/1136-5-0x0000000002D10000-0x0000000002D11000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2080-66-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2080-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2080-72-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2080-20-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2080-826-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2080-1825-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2080-14-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2080-2872-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2080-3285-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2080-7-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download