Overview

overview

7

Static

static

3

ac52a9fd9b...21.exe

windows7-x64

7

ac52a9fd9b...21.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/04/2024, 02:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ac52a9fd9be02e599fa6bc28cdd84ef80a584b67bd0a657c8a54b9e8633ae221.exe

  • Size

    2.7MB

  • MD5

    5212f5e971e925dd07adf15af8a17376

  • SHA1

    927b1054b00c07447dd05e7e89550ffc685d1db8

  • SHA256

    ac52a9fd9be02e599fa6bc28cdd84ef80a584b67bd0a657c8a54b9e8633ae221

  • SHA512

    17c7beb748d159cd9753d403a5f27bf63b769ca12bf06eb481ded61e7e939b225eae4cd1f6f05ec18a38860cf399d4e15c3f2eeffb39a19f5df7efdab37fb57c

  • SSDEEP

    49152:KlI7bphcx1u9DSegx9T3JuabFjv3NGOaedbokObZCcP9:fbpqHV/9TZzFjvvJiP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3388
      • C:\Users\Admin\AppData\Local\Temp\ac52a9fd9be02e599fa6bc28cdd84ef80a584b67bd0a657c8a54b9e8633ae221.exe
        "C:\Users\Admin\AppData\Local\Temp\ac52a9fd9be02e599fa6bc28cdd84ef80a584b67bd0a657c8a54b9e8633ae221.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:656
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a321C.bat
          3⤵
            PID:4000
            • C:\Users\Admin\AppData\Local\Temp\ac52a9fd9be02e599fa6bc28cdd84ef80a584b67bd0a657c8a54b9e8633ae221.exe
              "C:\Users\Admin\AppData\Local\Temp\ac52a9fd9be02e599fa6bc28cdd84ef80a584b67bd0a657c8a54b9e8633ae221.exe"
              4⤵
              • Executes dropped EXE
              PID:976
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2252
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:3724
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:5084

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
                Filesize

                254KB

                MD5

                182a1efac234be152c673103584b3add

                SHA1

                1606a8d53426ba27ede4b18d13acbbef1697efeb

                SHA256

                451c03fad8659d2d4599148b14036f011eee1b09148a92c788d838aa372a8ced

                SHA512

                da708d9792c5a1cb66113400529c8c2dc548299fe90022bde3c7c03c3e0a7c5926b8079ea3a6065801ab01e2418cbffffac667ba72bdb650f21aba9b05a0b2b8

                Download Submit

              • C:\Program Files\7-Zip\7z.exe
                Filesize

                573KB

                MD5

                df2ea083f9bf31bbd8f3644e90e2b4e7

                SHA1

                70a8690904eb5a5da503f43759b5cb80d2838a6d

                SHA256

                554486c45097e6aad0e2f63f05c018d6e19a91fcedf6c56ae3b4e1b7ffdf46db

                SHA512

                d99a22e3d2909826b2381043fb23bb7dcc02348cda0022c7356dbf958c97ed6aff1e1571f2c0c334415b1e376b149eca674c1ff7d0a426d017c3071eea810afa

                Download Submit

              • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
                Filesize

                639KB

                MD5

                ff7ce6c4ffc92d1beca4883dfcfde0af

                SHA1

                4a52e320cd88765f13e2799a4980a12f788c98a4

                SHA256

                5a4e150d03f1cfadccd40a407a3ae8ec5ffbb5d28ea95dca136d67cac24fd8b5

                SHA512

                99056bcbb382e545304a33002a6cfbb7a57df663feca5a3842bf077d1126931ba78d5e04a93cbd72a7c6d9eb09005750e5cff1030d8586e26838e7634d7ad583

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\$$a321C.bat
                Filesize

                722B

                MD5

                34d4638b7ed76c441d2cfdb79270f7a1

                SHA1

                cf2c5e7683aca2a32b184b8c7ebfd608ce8c6a6b

                SHA256

                da63690b990507489dca8901f5e578fbac8824600ee35d37d9bd166ef2d54448

                SHA512

                001fce4545247e8a9af5d0adedac0e025389c27d26013c6de10331b4f664670c06958430be46c682e0ce03d92979e2c0deeb27266b87b476112210efa50c3d01

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\ac52a9fd9be02e599fa6bc28cdd84ef80a584b67bd0a657c8a54b9e8633ae221.exe.exe
                Filesize

                2.7MB

                MD5

                97194fd7c69a4567bc31c979c690b0af

                SHA1

                cffb41f6593ccd46a4a8a0469c7d60d5d7fcec88

                SHA256

                6931d5c2c509314bb48c9d28eff255163d5c1875c76666b0c9611467ded323ae

                SHA512

                be6a4efa49a7834d5ef95405e28a642c3ace0f3b1374ab5acce76d8a74316e321ef693e3afe64320f9b613ba740dd793db3e39a06e329b2fd474ec5687fe0e81

                Download Submit

              • C:\Windows\Logo1_.exe
                Filesize

                29KB

                MD5

                34b640fa0177319ac442b6f3bbdaac54

                SHA1

                174c06017aeaceaab18228ca8eead4f7e94e58a2

                SHA256

                e0520317e9229269c4ab52b7690e1c289c2d3f9284f651c3f9d7d6abd1e49207

                SHA512

                2cbe13eff0bb3b532c33efc8aa781951adfc256ad96a0e32ffdb37f4eded8d474a0b3a143d50a9a4ca1f3938eb8f0a09a1333278eb211b5cc2c0466173244d9a

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-1132431369-515282257-1998160155-1000\_desktop.ini
                Filesize

                9B

                MD5

                5e45e0c42537212b4bfef35112ec91ba

                SHA1

                10c59c091fd35facc82bbc96938f118ce5a60546

                SHA256

                9f6b7a83161db36757e96dc40936aec1e5a9a41f9fca089f9cf5a4d695dd5ed5

                SHA512

                ee964e08687daa53fdc8e063402791acb104bd59f5d0f8a6d11d3e889db476315641c38032ade4177cd794b060f9fc4e6fd161989e452aae828c875c747e4bfb

                Download Submit

              • memory/656-8-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/656-0-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2252-26-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2252-36-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2252-33-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2252-1227-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2252-19-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2252-4792-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2252-9-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2252-5231-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download