Overview

overview

7

Static

static

3

9d20ff8c0e...0a.exe

windows7-x64

7

9d20ff8c0e...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 10:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d20ff8c0ecfd7a2fe114c7a77bf58b8ef9d237c5ead15f94733ae90ebf6ca0a.exe

  • Size

    88KB

  • MD5

    db1d27ba722527943154fa7302a645de

  • SHA1

    cb224fdd40fe467f69322c5282c849db36ccc186

  • SHA256

    9d20ff8c0ecfd7a2fe114c7a77bf58b8ef9d237c5ead15f94733ae90ebf6ca0a

  • SHA512

    38c1c93ac1c4746596ac0008a03e62acad556f98127af48b50bdae47060a43c89ed106b356dcdd60b5666ac7e4c6aba354a40f1e504e75c5e4db683e0d8019de

  • SSDEEP

    1536:pp3SHuJV9Ntyapmebn4ddJZeY86iLflLJYEIs67rxo:ppkuJVL8LK4ddJMY86ipmns6S

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3592
      • C:\Users\Admin\AppData\Local\Temp\9d20ff8c0ecfd7a2fe114c7a77bf58b8ef9d237c5ead15f94733ae90ebf6ca0a.exe
        "C:\Users\Admin\AppData\Local\Temp\9d20ff8c0ecfd7a2fe114c7a77bf58b8ef9d237c5ead15f94733ae90ebf6ca0a.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4556
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2F3E.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1908
          • C:\Users\Admin\AppData\Local\Temp\9d20ff8c0ecfd7a2fe114c7a77bf58b8ef9d237c5ead15f94733ae90ebf6ca0a.exe
            "C:\Users\Admin\AppData\Local\Temp\9d20ff8c0ecfd7a2fe114c7a77bf58b8ef9d237c5ead15f94733ae90ebf6ca0a.exe"
            4⤵
            • Executes dropped EXE
            PID:2084
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3060
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1572
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2332

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        a6f7c2b6733b6ca1205b8bc3cabf60ae

        SHA1

        aa020a0c252d39d84405b26b8c07c0960c5e3725

        SHA256

        f82add4f9b0aa2d5aa05433eb2daad6f5d7e0c13ed1a2d08c97859a3d73e3388

        SHA512

        fd67f193c39ab9232423095539412615fca5bc325443b9402865e67816267fa49b1a30a8f4fdb0e9b76379a202ae2b7d08fe8d1618839ab9359a57a07a662363

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        fb82e3b6ef1262d77b7a9522d72f1eb0

        SHA1

        9f75cfcb887a2af74e51423f83b120958b2e6078

        SHA256

        f62b2435a3f3dae2501cde159c9412ba704004a0c7146ee71377c0e4042daa9a

        SHA512

        67c1cc1a0ce26e4ea9bd6cf07b47d5578a885c680ed8dde90d6f0e4ea9c0ad2875d289605bc5e16f60a74461ec37e6634cfcb79aae1db12425e944d25cbce45f

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        c8d281da4c32df16eef470c27c8cb459

        SHA1

        00efc9f6844bfaa37c264b6452c6a7356638ab10

        SHA256

        058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

        SHA512

        e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a2F3E.bat
        Filesize

        722B

        MD5

        481186ae64b90d406573468cbc8f7489

        SHA1

        b6d962d58a6fc7bd3bb5c497e95f08c16c4541fd

        SHA256

        c9c0c492df7313910b601dfcad7990a3caf0a0632c1c1a16919d4e7d1f645cf7

        SHA512

        ea7d00debc3178595125d49769be464e813e200ab12435859b420cd8f078fe5ffee93677cbce797d48f6da35a842711fbdd60466d1c7bb98f32c945eeef7c081

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\9d20ff8c0ecfd7a2fe114c7a77bf58b8ef9d237c5ead15f94733ae90ebf6ca0a.exe.exe
        Filesize

        59KB

        MD5

        dfc18f7068913dde25742b856788d7ca

        SHA1

        cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

        SHA256

        ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

        SHA512

        d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        27d304159402ea827a20e0adadf71b0b

        SHA1

        9da1c5139a061c53e1ae604ebd83a70b7e8a2522

        SHA256

        861bf1bb7af83cbf78449416dc7a4281496372c29000fa87018ca29c8dc9aee4

        SHA512

        8d0bda7e6913974ea690b05b57229a15d43cdd8cb3c74c28f8c89b839f895d8b0be173f9f255aadf8876b97fce75ba4fee3687401de9aba90eaa50908d6c2b01

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1132431369-515282257-1998160155-1000\_desktop.ini
        Filesize

        9B

        MD5

        8c34dc99037d2222f90612d7a5e52499

        SHA1

        fda1121fbbb4ed65e2bbf0b7d7c9847d6f47fe7c

        SHA256

        5b74167b62086b62f2f1540c9601d4c70c005e86ff72d5d514f87c82df3cb468

        SHA512

        999a3f71583131a044764079e1d6c447190f81bdb3b32d3f423f97ea6f5a4cf431ddf0b5ad61a2f72e9aa280a859555c131c9b89a4713cdaf955a7f90b6258cf

        Download Submit

      • memory/3060-26-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-32-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-36-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-19-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-1226-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-9-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-4792-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3060-5231-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4556-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4556-12-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download