Overview

overview

6

Static

static

3

7fbae18fef...87.exe

windows7-x64

6

7fbae18fef...87.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 23:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7fbae18fef5a61c7a2baaef16525a2e0e585018b92802ef0fcd0a23720009087.exe

  • Size

    26KB

  • MD5

    3d153dcacff504f7b5e164da6832ddf9

  • SHA1

    c404f0efda88c7591ede4c2d70fd148cc331a5b1

  • SHA256

    7fbae18fef5a61c7a2baaef16525a2e0e585018b92802ef0fcd0a23720009087

  • SHA512

    1fdcae0ad2560165b38623c5f22ec3d1d4754506f3f41f2017bbdc1e93180abc30e52e18e559e4963442655ad39981f64efee64e81dc5dc392cc69087a212068

  • SSDEEP

    768:1b7oa1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:JFfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3484
      • C:\Users\Admin\AppData\Local\Temp\7fbae18fef5a61c7a2baaef16525a2e0e585018b92802ef0fcd0a23720009087.exe
        "C:\Users\Admin\AppData\Local\Temp\7fbae18fef5a61c7a2baaef16525a2e0e585018b92802ef0fcd0a23720009087.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4388
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1616
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:4852

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
              Filesize

              244KB

              MD5

              79cd7056da6e7321c681a1d9b9317ac3

              SHA1

              37fc38b9642cc7992df7a4e5cf84a28f98f1c834

              SHA256

              aabbf665f2f0796d26cfa422d948970b1a7447001df3688f0faa022330123ded

              SHA512

              b3c8fc79c7ae9f324339d34a354a4364bfad7b060d21e7f1c8205bd4af6bcea98fa27074719641e35c47d42b251055e996ba47018360c6d21e2e9eaebfa508ae

              Download Submit

            • C:\Program Files\dotnet\dotnet.exe
              Filesize

              170KB

              MD5

              6d48f0b001917db36c5a94900043a01f

              SHA1

              54a2cc4ffb10c1cdeac74f6bbaf7c56ba969a015

              SHA256

              8642ab4417607cb31d4588fcda4dc442bf4ba4d9a59265bbdc65eab47f6445c9

              SHA512

              b8caf44b3e9b343f3bfdea9ede06a93a9f926d5e4cf5c95a5580c14690a02f652cfe36e1e48c55e415f959e46b0eef861021a562f7c35e03ac98395ff0bd8de0

              Download Submit

            • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
              Filesize

              636KB

              MD5

              2500f702e2b9632127c14e4eaae5d424

              SHA1

              8726fef12958265214eeb58001c995629834b13a

              SHA256

              82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

              SHA512

              f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-3726321484-1950364574-433157660-1000\_desktop.ini
              Filesize

              9B

              MD5

              3441ca64b7a268fd1abb0c149aa9e827

              SHA1

              977a6be7624a5ff4ea1de4f422b44b4974c17827

              SHA256

              fafa54a384b4b9bfe970b0e803afe0c0284021acca503892961170d49985dd99

              SHA512

              84d8adce555267049d33544c4402eaa9bb3ff2022fd76cd619e4cb1fd544c5825cd7769065dd525b58e3befd579d3dd11ec2e0032907ff7dd36f83975b5b5848

              Download Submit

            • memory/4388-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4388-5-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4388-12-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4388-18-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4388-22-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4388-1222-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4388-4786-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4388-5249-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download