Overview

overview

7

Static

static

3

3dbb03f079...fd.exe

windows7-x64

7

3dbb03f079...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 00:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3dbb03f079de0968ed7b9fc588f87723c100d0b46f01086665d44ce8c3fe0cfd.exe

  • Size

    2.8MB

  • MD5

    b2b308a12162eb799117f00ea8a49a61

  • SHA1

    eac813e2fc0dfb4f14eb73e8b9b6bd8b66952533

  • SHA256

    3dbb03f079de0968ed7b9fc588f87723c100d0b46f01086665d44ce8c3fe0cfd

  • SHA512

    33b96b137544c77d5c42d3b52600feaab4d47b24d8ce7e493e67f2930c8edb26ec53e2df3e00bed0ddebba6605ddd4064b5d67a0a2456af8b2064c9f3f3849ed

  • SSDEEP

    49152:t6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:gd1XdhBiiMa7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3480
      • C:\Users\Admin\AppData\Local\Temp\3dbb03f079de0968ed7b9fc588f87723c100d0b46f01086665d44ce8c3fe0cfd.exe
        "C:\Users\Admin\AppData\Local\Temp\3dbb03f079de0968ed7b9fc588f87723c100d0b46f01086665d44ce8c3fe0cfd.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2784
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3A98.bat
          3⤵
            PID:4644
            • C:\Users\Admin\AppData\Local\Temp\3dbb03f079de0968ed7b9fc588f87723c100d0b46f01086665d44ce8c3fe0cfd.exe
              "C:\Users\Admin\AppData\Local\Temp\3dbb03f079de0968ed7b9fc588f87723c100d0b46f01086665d44ce8c3fe0cfd.exe"
              4⤵
              • Executes dropped EXE
              PID:4676
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:552
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:4684
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:4732

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
          Filesize

          247KB

          MD5

          b611236664f228f87f5605656b22c94e

          SHA1

          577f88b5708d114c50801323bea7ccf2aa1f572c

          SHA256

          c1ddc72e6a9125169721af39379a8312f12c14855067fc0a50b6c95f8b159bb2

          SHA512

          7e4608529275bb7906ff821ed2d439c29db22373b81558a4b1ae9c0cc5ff43fc1b6384378aa9d7e965ad7a2921b4fba57b4c6e47c98f77210b82d6b79a3371c7

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          573KB

          MD5

          df2ea083f9bf31bbd8f3644e90e2b4e7

          SHA1

          70a8690904eb5a5da503f43759b5cb80d2838a6d

          SHA256

          554486c45097e6aad0e2f63f05c018d6e19a91fcedf6c56ae3b4e1b7ffdf46db

          SHA512

          d99a22e3d2909826b2381043fb23bb7dcc02348cda0022c7356dbf958c97ed6aff1e1571f2c0c334415b1e376b149eca674c1ff7d0a426d017c3071eea810afa

          Download Submit

        • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
          Filesize

          639KB

          MD5

          ff7ce6c4ffc92d1beca4883dfcfde0af

          SHA1

          4a52e320cd88765f13e2799a4980a12f788c98a4

          SHA256

          5a4e150d03f1cfadccd40a407a3ae8ec5ffbb5d28ea95dca136d67cac24fd8b5

          SHA512

          99056bcbb382e545304a33002a6cfbb7a57df663feca5a3842bf077d1126931ba78d5e04a93cbd72a7c6d9eb09005750e5cff1030d8586e26838e7634d7ad583

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$a3A98.bat
          Filesize

          722B

          MD5

          5617b9fc5c318e4f388ebd97283aefce

          SHA1

          d7ee8bfa84b0f8c5679e5401759de88d31bfbd79

          SHA256

          d4ec950ae54bd090d71bdc4497ef0660a54b425f4b6b144fd496320d468668c7

          SHA512

          f926c899f4fa5e521e57dd434d45b2300dc0f80c1ac0a547d6419cc11f704ce7795d53b210034ef6e41af2f07f96e2bac6b4c37b2eed76297bd5917702df64d9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\3dbb03f079de0968ed7b9fc588f87723c100d0b46f01086665d44ce8c3fe0cfd.exe.exe
          Filesize

          2.8MB

          MD5

          095092f4e746810c5829038d48afd55a

          SHA1

          246eb3d41194dddc826049bbafeb6fc522ec044a

          SHA256

          2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588

          SHA512

          7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          29KB

          MD5

          34b640fa0177319ac442b6f3bbdaac54

          SHA1

          174c06017aeaceaab18228ca8eead4f7e94e58a2

          SHA256

          e0520317e9229269c4ab52b7690e1c289c2d3f9284f651c3f9d7d6abd1e49207

          SHA512

          2cbe13eff0bb3b532c33efc8aa781951adfc256ad96a0e32ffdb37f4eded8d474a0b3a143d50a9a4ca1f3938eb8f0a09a1333278eb211b5cc2c0466173244d9a

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-2818691465-3043947619-2475182763-1000\_desktop.ini
          Filesize

          9B

          MD5

          3441ca64b7a268fd1abb0c149aa9e827

          SHA1

          977a6be7624a5ff4ea1de4f422b44b4974c17827

          SHA256

          fafa54a384b4b9bfe970b0e803afe0c0284021acca503892961170d49985dd99

          SHA512

          84d8adce555267049d33544c4402eaa9bb3ff2022fd76cd619e4cb1fd544c5825cd7769065dd525b58e3befd579d3dd11ec2e0032907ff7dd36f83975b5b5848

          Download Submit

        • memory/552-26-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/552-33-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/552-36-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/552-19-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/552-1236-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/552-10-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/552-4802-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/552-5265-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2784-0-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2784-8-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download