Overview

overview

7

Static

static

3

7e5d4378ee...87.exe

windows7-x64

7

7e5d4378ee...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 00:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7e5d4378ee4f0ca9b51606e1fdc49308a5d966d4e56503bd5aa271c92b4eb787.exe

  • Size

    82KB

  • MD5

    e58efea183cdaaa34ce17681d2718dc4

  • SHA1

    93b3be577a51e66cc06365a8544a8ca544e064aa

  • SHA256

    7e5d4378ee4f0ca9b51606e1fdc49308a5d966d4e56503bd5aa271c92b4eb787

  • SHA512

    b06e26ae12fd8562afdf8357baa98d5b1593b8526d9184498d0bf244451454076b937020e957ef92252d7991a9ba9c08bdd7d129c03fc01961d75696720410c0

  • SSDEEP

    1536:gfgLdQAQfcfymNHjcrdfPeFV1fjbqnjgRYXJq1SmB7JxU:gftffjmNHjcrdE7fjOI1SSw

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3500
      • C:\Users\Admin\AppData\Local\Temp\7e5d4378ee4f0ca9b51606e1fdc49308a5d966d4e56503bd5aa271c92b4eb787.exe
        "C:\Users\Admin\AppData\Local\Temp\7e5d4378ee4f0ca9b51606e1fdc49308a5d966d4e56503bd5aa271c92b4eb787.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:6100
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2FAB.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3468
          • C:\Users\Admin\AppData\Local\Temp\7e5d4378ee4f0ca9b51606e1fdc49308a5d966d4e56503bd5aa271c92b4eb787.exe
            "C:\Users\Admin\AppData\Local\Temp\7e5d4378ee4f0ca9b51606e1fdc49308a5d966d4e56503bd5aa271c92b4eb787.exe"
            4⤵
            • Executes dropped EXE
            PID:2508
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4504
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:3808
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2656

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
              Filesize

              251KB

              MD5

              cc1433855d3007b8e23db2928fab3e8b

              SHA1

              b5bfab4aa8291161fb06da630817341d93cccd6a

              SHA256

              322e7846f65b2bf5b6a1df6d589c7a90d04407fa996fd1aa6af7f231f332356e

              SHA512

              6fc0f2b100380d8d8c3ace949c9804bdebef60353c803ed8b38b381c8533d598fc91f14cdfd24c30cc0a349e5549b9d34bc585758d6fcfa055242bb2c4d2b3b1

              Download Submit

            • C:\Program Files\WriteGet.exe
              Filesize

              885KB

              MD5

              47eff006922a8f63b1d804b7bb6aa9d9

              SHA1

              2e1cb28dd6db483b35e009c7c5b22cb18c0f6692

              SHA256

              3cde8e2789723d519f7a8e0d58aeae3d52bda987f59417745df181a78fbe8e33

              SHA512

              b99ae712f6c82493acc60e5d9d668623c538c74ad574c700180fca4e372473e51aec80d6d5ec7e5e8190f1fae00b39fcf1e13f40f4f5f804d42acb06872308df

              Download Submit

            • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
              Filesize

              636KB

              MD5

              2500f702e2b9632127c14e4eaae5d424

              SHA1

              8726fef12958265214eeb58001c995629834b13a

              SHA256

              82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

              SHA512

              f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\$$a2FAB.bat
              Filesize

              722B

              MD5

              42e12f45fdb336e356238d9a3511cc36

              SHA1

              90416e7344d33424f4bc47630dba743f5e0f457a

              SHA256

              28fef896a1b56ba192b646c0a0074163d483c124727bc7bca970f8c6ebae6eca

              SHA512

              e2d99fe2600da84395aba8f48213053b772aa039d3f8d02290d037a815ad75828a2b3e24ec2cc63f2642846bad534f06ba15012a4677cb5b79abab9e4cdfeb9f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\7e5d4378ee4f0ca9b51606e1fdc49308a5d966d4e56503bd5aa271c92b4eb787.exe.exe
              Filesize

              55KB

              MD5

              0c012649a1318b556959f741a40144bc

              SHA1

              e4c41494a7fdaf4bc1e3bed097fbfcfddff44994

              SHA256

              1672056a1802d470325e54de9e40b4ef50ae74767950cf37a5536b6c605fbddd

              SHA512

              d89641ab83774547bf93873e679366a9395a28b94f372236029bcccb9a046e65f5093ecfa6f872cbcf58e970945993797283d08d8a6f4b2834256a289397f412

              Download Submit

            • C:\Windows\Logo1_.exe
              Filesize

              26KB

              MD5

              8c1c53a89dbd4ed410752c8373d31d4d

              SHA1

              fffbcec8de5833946ef316bd404bac3f431a8200

              SHA256

              80f1db329507dc01cc19447634fd21e12779dcdf37e32c9b6d0e35fc2ff80f82

              SHA512

              4b42cd180f301a85d667bd02114ef4e3440df85241061e405fe4c7a481a8e90d675392e4597e505e176acecd1046aef8c8bf831092f4ab8f0d38836488cf0af9

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-3906287020-2915474608-1755617787-1000\_desktop.ini
              Filesize

              8B

              MD5

              1b16d2dbd4281ce4e4e5729c608dcb0b

              SHA1

              851e624080ba5598edb808d4b30fe2d74999ce18

              SHA256

              c9e46fb51d0588ca1e48ca66731e11992770b9b74a982f9bdbb6ce5b5b75d549

              SHA512

              cd1c4cf7c7871cb48ce735226b25f689b340037e6c992441e566161de7fca7410762d1a0c2670ee4b6546f7ee854d3219e0e2315c3e0387d9bbe3f08076b5a59

              Download Submit

            • memory/4504-27-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4504-33-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4504-37-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4504-20-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4504-1232-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4504-4798-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4504-13-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4504-5237-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/6100-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/6100-9-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download