Overview

overview

6

Static

static

3

f1f5e8ce01...69.exe

windows7-x64

6

f1f5e8ce01...69.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-05-2024 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1f5e8ce0164a726bf1a38b5a1789aa1c770044184a4e4f0951165453737ef69.exe

  • Size

    26KB

  • MD5

    1faf8a2a4d36e938fa4e838c59e51757

  • SHA1

    aed13b0baca7f476c5aae8c4406ab620c04be678

  • SHA256

    f1f5e8ce0164a726bf1a38b5a1789aa1c770044184a4e4f0951165453737ef69

  • SHA512

    491e49baf52a6e0eefecc277b0a3fe682185cbf7f41c2074547edf74a5d2124689504173463f89ac19b22301c3255a886736aa9254f618ba01b92354d53eb228

  • SSDEEP

    768:3Q1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:3CfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1364
      • C:\Users\Admin\AppData\Local\Temp\f1f5e8ce0164a726bf1a38b5a1789aa1c770044184a4e4f0951165453737ef69.exe
        "C:\Users\Admin\AppData\Local\Temp\f1f5e8ce0164a726bf1a38b5a1789aa1c770044184a4e4f0951165453737ef69.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2256
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1880
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2932

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        eeae59d1c57142ae240e072102f91165

        SHA1

        3a43ce71aa133811d298bd195e0328820e20ad4d

        SHA256

        5e2feb20c62873c5269090055705666eb83d0e95da8f1b019a8bd110d0802dff

        SHA512

        3d4c3494f74328e99ff7d5d940a102c1c836fb3745643e10c0a487ff2df2f518241851ed4eeed45d8f6213fdb7c9dc878b4ccbd219635f8caf1d337469bfe681

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        956KB

        MD5

        445e47485788513ce22834aa5d506fcd

        SHA1

        320807f2d26342871498dbbee9c3b8345da8621c

        SHA256

        e6fa7ae2401d3abd2c05e851a8f003b57b2fe0b98dee29766166a34ec06a7977

        SHA512

        c502a32ffdd104f77f8f2c35b530801956a57aa6bc90b716cde69487a1864b3860130a1ba16f420fc10bc65a0aebb67bd6086bc21c73ef74a64f4d5a29f22bbf

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        471KB

        MD5

        4cfdb20b04aa239d6f9e83084d5d0a77

        SHA1

        f22863e04cc1fd4435f785993ede165bd8245ac6

        SHA256

        30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

        SHA512

        35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\_desktop.ini
        Filesize

        8B

        MD5

        5979a5ab5d6ce7068aff133101a79c52

        SHA1

        8ec7729d3782fc978cc50f9b3217fc8309ae7733

        SHA256

        6b009cde89047fc55503dc0b3649d341e98320a0438d044bc8fb068d0c919ef1

        SHA512

        213c10a6b5b394b2736619ed0418ba715e643dfa08b5827757dd64b1718ddec6a44822ff4b192bd594997cc13bc2027d03c029537ed2f12591b370ec1f242f2d

        Download Submit

      • memory/1364-5-0x00000000025C0000-0x00000000025C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2256-66-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2256-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2256-72-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2256-20-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2256-154-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2256-1825-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2256-14-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2256-3285-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2256-7-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download