Overview

overview

7

Static

static

3

aea0196797...48.exe

windows7-x64

7

aea0196797...48.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 06:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    aea01967971a6e1ae19195580b85c80660ff932081a278fb46ac8d17669fbb48.exe

  • Size

    711KB

  • MD5

    54613e5f70d1130b2b4c699fac92baf8

  • SHA1

    25df80dfcb80166ad9b3a3f6e72748f9fead8c07

  • SHA256

    aea01967971a6e1ae19195580b85c80660ff932081a278fb46ac8d17669fbb48

  • SHA512

    1ddbb007c6c4874e3cf6b0c045548157961345bfa9869704b4830e061d9bc46d0e985a12dac48d866bc2377c25a0a10b551811284618cf8328bceda4572f5836

  • SSDEEP

    12288:ZpKfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:ZpGLOS2opPIXV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3336
      • C:\Users\Admin\AppData\Local\Temp\aea01967971a6e1ae19195580b85c80660ff932081a278fb46ac8d17669fbb48.exe
        "C:\Users\Admin\AppData\Local\Temp\aea01967971a6e1ae19195580b85c80660ff932081a278fb46ac8d17669fbb48.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1424
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a913.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3796
          • C:\Users\Admin\AppData\Local\Temp\aea01967971a6e1ae19195580b85c80660ff932081a278fb46ac8d17669fbb48.exe
            "C:\Users\Admin\AppData\Local\Temp\aea01967971a6e1ae19195580b85c80660ff932081a278fb46ac8d17669fbb48.exe"
            4⤵
            • Executes dropped EXE
            PID:5052
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4316
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1356
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3992
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4416 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:3460

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files\7-Zip\7z.exe
                Filesize

                571KB

                MD5

                a4f9ed602757a7e592430a4c91b63de2

                SHA1

                34461c2bc695e42acdd244af53a15911c9dcde1f

                SHA256

                3282ffe7abdf17810b647b0af326d8bd51120079585345f06cdca88a3912674e

                SHA512

                188b359d3e9af5abd438303c8ad16707d0efbf6e62818a602437473d1df9c1d6cd7421d9fe7e98a224dbfeb5b0bee05299cb80d39f2cacf1ad8f0d82620d60d5

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\$$a913.bat
                Filesize

                721B

                MD5

                641fc79a62780d19e94e21f46cb41645

                SHA1

                d6d90d54493f872ecd1f12aca79179cbc689b3b3

                SHA256

                f77fe24c52c943e823120b05719d464b966380fc57e90d4a9fe2c3115152cd67

                SHA512

                f66fb442e072c265e5026770578eb2c2fd3201f747519d8c6dc6862f2f8f959661ed180cdc26727455fe1fe51dcaa28667944e16af40e9866ae5303c3c10d770

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\aea01967971a6e1ae19195580b85c80660ff932081a278fb46ac8d17669fbb48.exe.exe
                Filesize

                684KB

                MD5

                50f289df0c19484e970849aac4e6f977

                SHA1

                3dc77c8830836ab844975eb002149b66da2e10be

                SHA256

                b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305

                SHA512

                877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

                Download Submit

              • C:\Windows\Logo1_.exe
                Filesize

                27KB

                MD5

                18dc1033ae8902d1d05f7bb5651753be

                SHA1

                44d68d222bf905f98a2a48ba964010826c80cd59

                SHA256

                a3f31e286d1c18d1e958f66d909c32c5f35a3b785ba9827774568b04f843f199

                SHA512

                e7de2a47c6076f6d6de889dfe0937ac3b9e948c85f9e10a27ba2bd14b943e713c7631bd8b0d3f610418a154977cddd2acabad152b1c09b374806ce1e5e61f7eb

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
                Filesize

                9B

                MD5

                27729a3995958245e2d6799df42e26e7

                SHA1

                dfe386f53277c8387b50122f3fda9bc2467815ba

                SHA256

                9313041e89d4585b2606afa4809b101e7e8a2c944d063a28c796b0c0f070b5f1

                SHA512

                ba9157cea7ca5c01b52e2a4a758f4e12e018990e49f1ece5fa6d83423f37a0a4dd5246d9b01e5e212d5e8c36a66a8d0e2645bc73753671295965a855a5028ec6

                Download Submit

              • memory/1424-10-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/1424-0-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-37-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-8-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-32-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-26-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-41-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-19-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-141-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-1015-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-1182-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4316-3549-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download