Overview

overview

7

Static

static

3

e569ef3b85...bd.exe

windows7-x64

7

e569ef3b85...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e569ef3b8582c8b33345a0e0d6036e25414b39d41a2c7a611e4aa446372258bd.exe

  • Size

    711KB

  • MD5

    cd8467e76be811a377a327639a35e37c

  • SHA1

    a084eebd7e1ad2d8cb9b9191dad24113fe10548e

  • SHA256

    e569ef3b8582c8b33345a0e0d6036e25414b39d41a2c7a611e4aa446372258bd

  • SHA512

    0187df7926dcbcf086b7cef75247b07e15bcd1ec34cbc885533567e706b60a73d94229c15e8944900a12a3dab1da9b270cc92538fe775718e90721213d860c2c

  • SSDEEP

    12288:VpKfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:VpGLOS2opPIXV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3472
      • C:\Users\Admin\AppData\Local\Temp\e569ef3b8582c8b33345a0e0d6036e25414b39d41a2c7a611e4aa446372258bd.exe
        "C:\Users\Admin\AppData\Local\Temp\e569ef3b8582c8b33345a0e0d6036e25414b39d41a2c7a611e4aa446372258bd.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4948
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2E15.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:776
          • C:\Users\Admin\AppData\Local\Temp\e569ef3b8582c8b33345a0e0d6036e25414b39d41a2c7a611e4aa446372258bd.exe
            "C:\Users\Admin\AppData\Local\Temp\e569ef3b8582c8b33345a0e0d6036e25414b39d41a2c7a611e4aa446372258bd.exe"
            4⤵
            • Executes dropped EXE
            PID:2600
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4268
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1036
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4892

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        45176869ff4ca97755d08ffb45765b23

        SHA1

        365bf2c70a10602370bd8d149802927c52164cb6

        SHA256

        548d006a501826f362a576842cee94d5c94812dbd5e17f709cf3fd071a8ff837

        SHA512

        f88d8c681e934302d0df4735b0e7b730a26dc5e818c7c0a1d0440c84d1a6658a70a5d7b53845b9dfc776ed383a381b7f76c8c040018e1b6a8d21197d3b0d8569

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        180f66708a01c3b79c7e64efd96f147e

        SHA1

        b05b033b10b6fab8a0bd27000a404136bf2abf89

        SHA256

        30ae79670c9c587e32e6d478355a346c0cdfd09a3aa13d92a2f6be888db543e5

        SHA512

        ea65929c1a4f8dd279a6897248f1ce8f1a6f7a06c56db8921df393ce65e364f3dfc6d6552395f4e8ece84034ad7c390b4b20f7bd05ef00e4b67d01ea108dba38

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a2E15.bat
        Filesize

        722B

        MD5

        c8ce06a2cf123df0ef09718a824cdb8c

        SHA1

        add4a2ecf583a8e3e48cf65f3a4f3747016859b0

        SHA256

        20dc9bf0a487b11eeadca330568d9ad62eccf1a70815c1fb11409a9cfa6a1625

        SHA512

        96dfc4a09753e9a892611a1ac70ed365a93730577c66539c26a92693edd27889d44fe8d7a6ec9113d54a7abe67c8f9a25357a1896682edb9f91d374c86f53318

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\e569ef3b8582c8b33345a0e0d6036e25414b39d41a2c7a611e4aa446372258bd.exe.exe
        Filesize

        684KB

        MD5

        50f289df0c19484e970849aac4e6f977

        SHA1

        3dc77c8830836ab844975eb002149b66da2e10be

        SHA256

        b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305

        SHA512

        877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        f1bef7887eadcc719a4092978bf5929c

        SHA1

        c87bbfae9f8c990a9ef7abcbee695006fb97d03a

        SHA256

        78361883ed10c93e33dd13e2b56b8dc43d854f387dd809dbd75875ae4db89cf0

        SHA512

        3ffaa66e7c774fef7de06e689bb8a16d48a0702443573aa34dbdfdbba3661003db4d73cf6713a41cab87d6c967f60b02915c6dce46a33fe8294088b435f9e672

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3906287020-2915474608-1755617787-1000\_desktop.ini
        Filesize

        9B

        MD5

        e7957b9f3d9556c996418169821a7993

        SHA1

        b7028de0f91d2e50a8d5f6d23613331a2784a142

        SHA256

        71a21a13d7822776d52d9a6146651dc9155db9f0bfbd978acf43d12dea2a8539

        SHA512

        72bc8552047095449fa4c3c21300183acfc7b33e6ab69c11435542e2862cb9e896bbfdedaeb97ec6edac8ed68220507a302d1ed2217624c97f6e9a83c0d3a285

        Download Submit

      • memory/4268-26-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4268-32-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4268-36-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4268-19-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4268-251-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4268-1231-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4268-10-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4268-4796-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4268-5235-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4948-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4948-8-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download