Overview

overview

7

Static

static

3

56098e2f6e...72.exe

windows7-x64

7

56098e2f6e...72.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 23:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    56098e2f6e6b5aae3ca49833321c6faa689e960088b432d5c7ae89b2c6d81a72.exe

  • Size

    64KB

  • MD5

    58b71527cbe8d874a5841412e1996879

  • SHA1

    b3e758b6012636a4c4025e5b0288eff23061e908

  • SHA256

    56098e2f6e6b5aae3ca49833321c6faa689e960088b432d5c7ae89b2c6d81a72

  • SHA512

    982d2b6e12b0e6baa269c6af370099ea37acbc186f569ea1d6bdd5f85ec74b33bfeaf2e3c6f1234f3b0e36d7b0abb4b8b24c6839f324705fb404db84a1a6d14a

  • SSDEEP

    1536:u3SHmLKarIpYCriw+d9bHrkT5gUHz7FxtJ:ukF3pxrBkfkT5xHzD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3156
      • C:\Users\Admin\AppData\Local\Temp\56098e2f6e6b5aae3ca49833321c6faa689e960088b432d5c7ae89b2c6d81a72.exe
        "C:\Users\Admin\AppData\Local\Temp\56098e2f6e6b5aae3ca49833321c6faa689e960088b432d5c7ae89b2c6d81a72.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4136
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF2EB.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4564
          • C:\Users\Admin\AppData\Local\Temp\56098e2f6e6b5aae3ca49833321c6faa689e960088b432d5c7ae89b2c6d81a72.exe
            "C:\Users\Admin\AppData\Local\Temp\56098e2f6e6b5aae3ca49833321c6faa689e960088b432d5c7ae89b2c6d81a72.exe"
            4⤵
            • Executes dropped EXE
            PID:4988
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4636
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2148
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:660
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:2248

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
                Filesize

                252KB

                MD5

                77ee188223dcfafb7462df60ece01014

                SHA1

                e50a83b646f9f6f39aeec31b02c8217c2a1f8b0e

                SHA256

                24afcba40d869810ac75fa262e0260c70bc809c52b03f69b894a9900302f503a

                SHA512

                2c672117c68da77fa2ffd481aa9d47715a16678f764658f16f25e14b7f1cfeab668363258aeac828175573b45682c1af1c11d33838d3bc543ca142bc655e5c64

                Download Submit

              • C:\Program Files\7-Zip\7z.exe
                Filesize

                571KB

                MD5

                0f5bc25921fb1793260daba5ade4d170

                SHA1

                17a1156dde17caa3b42189f684f0558c10ae442a

                SHA256

                904f91fe3258eb083441810d7c8313cad6bc34f01531b2dc80ebe45bd48957d1

                SHA512

                ba87dafc4217e674ef58bbf4580625969c2bea891581fe7bf19516693792d88e90aab29831d83c41f88f124ad06b557e3c202774da40085c34766fea50bedf73

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\$$aF2EB.bat
                Filesize

                722B

                MD5

                9cfa66bc70dd0d5d01d0c19d230fd232

                SHA1

                4b1dec48cc6c2457d144696392075e47829bac54

                SHA256

                13b0454ef34e29fb8727d5b8b668ed3e27393cf16a2c57eb46d82b9912fcc3f6

                SHA512

                206af45a3fef1120e2b9f2ba672ea0b17f1db5311279817d615bd5d3c9b7859d3d0b610997c7f72dcc21e35a4790ecceb754f1f1611c040a456c272c735a2fcb

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\56098e2f6e6b5aae3ca49833321c6faa689e960088b432d5c7ae89b2c6d81a72.exe.exe
                Filesize

                36KB

                MD5

                9f498971cbe636662f3d210747d619e1

                SHA1

                44b8e2732fa1e2f204fc70eaa1cb406616250085

                SHA256

                8adf6748981c3e7b62f5dbca992be6675574fffbce7673743f2d7fe787d56a41

                SHA512

                b73083c2f7b028d2946cb8f7b4fe2289fedaa4175364a2aac37db0aeff4602aede772ccc9eba7e6dcfcb7276e52604ca45d8021952201b5834485b48bca3dc93

                Download Submit

              • C:\Windows\Logo1_.exe
                Filesize

                27KB

                MD5

                f11895b99e4d85d54be150f60ef5142a

                SHA1

                0738b220874e3dad3f55e54e89087d23ecc19579

                SHA256

                ff27d3bf265bf3b741302c43313f3429bd787de9a43690ff4560041bce547db3

                SHA512

                416eb4e28173df5ce923994d2d95cff0bdb91a4f0b65c1931b6b48be727105fcfb9db5424637bcf8936582cbd7cb25e0505f40bc3717e2eab9a64f0d86878e0c

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
                Filesize

                9B

                MD5

                7d02194d5f21d1288ee3e3f595122aba

                SHA1

                68e51fcc75148bf51da5ad67c7137b85946fc393

                SHA256

                a4da2cd5e1bd5b7cc915b0572d2805cb074c16122fa7e5a41fbc1203aafc3416

                SHA512

                b5aba933dbbe76d9c49da7e4bd9aa8449f164d1a6563feb65e795fd497f42a5c8cc317186adf817990a180e46499987a7403b68b0b089a38ccda0fc9f2dd6c1c

                Download Submit

              • memory/4136-12-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4136-0-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-20-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-27-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-34-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-38-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-43-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-162-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-1016-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-1183-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-3261-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download

              • memory/4636-10-0x0000000000400000-0x0000000000435000-memory.dmp

                Filesize

                212KB

                Download