Overview

overview

7

Static

static

3

e67c6b9b57...b1.exe

windows7-x64

7

e67c6b9b57...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 23:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e67c6b9b5735e9a95425454de51ae1f841e0e596f38362eb007c6c2f70645bb1.exe

  • Size

    7.3MB

  • MD5

    6e2762acc0f214e219d4ef108bbf70a2

  • SHA1

    6884466f16c1e36f3b665002784aea6602abbe4f

  • SHA256

    e67c6b9b5735e9a95425454de51ae1f841e0e596f38362eb007c6c2f70645bb1

  • SHA512

    c4054dbb0760b129938bef311c07a53ce7c062c9daead80e840e5b558d69866761578d4dbd8200568ee72e8afec78c3f59e5255d8d3aeaf4e01bc9ac57e0a438

  • SSDEEP

    98304:hmB9OWBVClfcaA1oZeSajfztbVCGQX4bME4bP8nQgMVQNKe5AJbI8D:hg9OHi1oZepfxUGGNQNKe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3240
      • C:\Users\Admin\AppData\Local\Temp\e67c6b9b5735e9a95425454de51ae1f841e0e596f38362eb007c6c2f70645bb1.exe
        "C:\Users\Admin\AppData\Local\Temp\e67c6b9b5735e9a95425454de51ae1f841e0e596f38362eb007c6c2f70645bb1.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4284
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a211F.bat
          3⤵
            PID:3480
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:1992
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:3120
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:1620
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:1428

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Program Files\7-Zip\7z.exe
                  Filesize

                  573KB

                  MD5

                  c234fbedd69bda7f01772e5e0c88312f

                  SHA1

                  d016ab4a3a07bd9d50bbf2ecec1440230549acfb

                  SHA256

                  f2b7ee7688871677bbc519f133538d67cb5dcb9f3e9442b2ea52130a1e6b3d9e

                  SHA512

                  b0d9aaf029d6aa1b443961a72423c24af9457e0cc0cd20bf2e853c05bebf345731950c70a68c5151d6563f6aa78c72dbdf1dd3dc8d953f7101bc1a06d67e6bca

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\$$a211F.bat
                  Filesize

                  722B

                  MD5

                  2a6072b729903b8a4d7a355095c46437

                  SHA1

                  80c9fc7af07db050ea77ed7c83f3fa9092dea873

                  SHA256

                  73c10d557099ab5d364e798c8fef40b7973676f2da12154de454bd546e4869c7

                  SHA512

                  bc0d2af29895f058748d64b5a5082db47dde0c1a14c2020d071e3ebe11464dbed3e456c7d1ebbbc966636beea2cb52c38122061e824cbbad90922cd5714d0447

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\e67c6b9b5735e9a95425454de51ae1f841e0e596f38362eb007c6c2f70645bb1.exe.exe
                  Filesize

                  7.3MB

                  MD5

                  172b6d29b3cdcdf2b0b14332eb216161

                  SHA1

                  7534c39aecd8a968c8cdf34db4cb388d999a3065

                  SHA256

                  3bb1c042bf917e6577be28edce3243628e9ce4245e9abbc2cc0196ccca26630c

                  SHA512

                  71e4e14c689974821c0bb80637a53cd5234df0111b809612ac810846fe2ba9d288da20141455b984dd842c8343166f807f8da51e74b66fbe3aec181db72806ce

                  Download Submit

                • C:\Windows\Logo1_.exe
                  Filesize

                  29KB

                  MD5

                  9bcc3e645527978b32c6d1984175f69d

                  SHA1

                  d9dce23336396ddbfb4e54c207d755e9b8104b92

                  SHA256

                  3b15b041a301264dac387cd799e223d8d55f3652573aa7048a7bf4c01b5308e1

                  SHA512

                  a88275729c3768ca2ee9a9373bc5c97f1e70c5488de73ce1c46d5589978180608d44d87fa9e142b5f977d543cdd4130fb4fad1a4088bd65c39d448af1dbb5c6b

                  Download Submit

                • F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
                  Filesize

                  9B

                  MD5

                  f29b71f66ac42a28a8d1e12a13d61861

                  SHA1

                  bd61fbc8b6eed4cae3fa29d7b950784258be10cd

                  SHA256

                  9a5e4ff44f8f5bb21798074ea03e493911b59680e37191522562dece826da1cf

                  SHA512

                  90c31cda60a9a63e3fa78e99f1104d1a9c9f811e11b62f75063b6007ae284c8c233b5d1235defab7ae0deec3b7892c85af9319219405c44d16fa29a3215f50e0

                  Download Submit

                • memory/1992-40-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/1992-18-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/1992-8-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/1992-32-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/1992-36-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/1992-25-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/1992-67-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/1992-894-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/1992-1181-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/4284-0-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download

                • memory/4284-9-0x0000000000400000-0x0000000000436000-memory.dmp

                  Filesize

                  216KB

                  Download