Overview

overview

7

Static

static

3

8ac8f9e48f...49.exe

windows7-x64

7

8ac8f9e48f...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ac8f9e48f98220388d6b1c8adb0a3ddc4ebc48d685051477017a1ee37a38149.exe

  • Size

    481KB

  • MD5

    47fc7aa6caac37c5ed30c157c148c311

  • SHA1

    4588d0f736d617a190f7c945923d843f2eb91772

  • SHA256

    8ac8f9e48f98220388d6b1c8adb0a3ddc4ebc48d685051477017a1ee37a38149

  • SHA512

    0e7ba3c770c217c844913bac1613b9f95f6ed704e89d8a3be701db68564f25565f1ae34fcf6d6df1a975260cc96c22f094261520c5b68e393b4f44e2eea15f32

  • SSDEEP

    6144:OuJ6WdC+v3cpQvYJvKPSwv2nPEuJ1fHbIop44Sm5FpxyN90vEbsN7:9EpQQJvKPSwvY1fHTHy90w67

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3448
      • C:\Users\Admin\AppData\Local\Temp\8ac8f9e48f98220388d6b1c8adb0a3ddc4ebc48d685051477017a1ee37a38149.exe
        "C:\Users\Admin\AppData\Local\Temp\8ac8f9e48f98220388d6b1c8adb0a3ddc4ebc48d685051477017a1ee37a38149.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3392
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a326A.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4992
          • C:\Users\Admin\AppData\Local\Temp\8ac8f9e48f98220388d6b1c8adb0a3ddc4ebc48d685051477017a1ee37a38149.exe
            "C:\Users\Admin\AppData\Local\Temp\8ac8f9e48f98220388d6b1c8adb0a3ddc4ebc48d685051477017a1ee37a38149.exe"
            4⤵
            • Executes dropped EXE
            PID:988
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2780
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1388
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4844

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        6dbfa871d18aa4c685e00f03cc40e191

        SHA1

        ef9dba44feb63da5dcc1859ea9705622b2cee7bc

        SHA256

        33d8e5692cce3bda96d8788ed5fb77cec05be84e18c511df639e13cd6062d6a8

        SHA512

        cacf2c539ef66fa01408d568a35c9b556e2e4fc7687e0e8371d5a3906722603f2853792cf3468e4fca1432e809569dfd80b21edb54ac2c747a78e454c67e45c1

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        89e33c39bc576ce1475c2b77dfbd26ab

        SHA1

        141426cc4624a52ab9903dd59c964d9e2b96f591

        SHA256

        ea5263d89b8b9492c89bfd163417001f5237576e2ec7c5bead195a396a0184a5

        SHA512

        873cf261ef4ece65c1f8f2084d6a9571f736d39e0f63de64beaeb8a3f1c583308872dbad450e3ca404416f882c8b8a705bb89194eba9a2c157f7bdf97fb7e138

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        9fdceacc59188df6bcccdf4c6987820a

        SHA1

        f492a0cb2db22317746eb136e56621e5801c97ab

        SHA256

        a3752dc6d1984857f3fa949c4ce20b2847d009f865216f4c7e31d3f01183938c

        SHA512

        3c81e2d7915868a2e88a97fbdf67d5fae8924f52ae497598333607367e642630c3b4c6085a3b8110814d997a9a13c341b2c5c5d336951484b3cbaa68479ad5c9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a326A.bat
        Filesize

        722B

        MD5

        8d97cc5f3ac832eec94f7c03d5588754

        SHA1

        56b0a4a3764932f076daf4d9c5b9eb820ef8d46f

        SHA256

        ace95c927386f951c825bb58072b5e33acb98b10aeb256935944e7ef7f29fd99

        SHA512

        3c1b73b9b2d0b63996716afd36755b3bbd738bbf8776d44c85e62950f7a674f95e28bc38ef44745c1cc3b020f333b6552fff5f33cc3997dd1b531da4e42b9b34

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\8ac8f9e48f98220388d6b1c8adb0a3ddc4ebc48d685051477017a1ee37a38149.exe.exe
        Filesize

        452KB

        MD5

        95b8a4245a6cd37d36e56fae5a23e2b1

        SHA1

        139e0223e64a2d4f7ae94e347c657bdb86dfd5ff

        SHA256

        e69c4abcc4d2f130e66560fc27829b4fe62a2b1f66933790a3060bd7f4fcd878

        SHA512

        9114af555b9d97c87834982c80d9a4a7cc97b8678ed55d96a1a02999b551e9e018d376b404d0925bbb87dcd2aa8e0fa8bf7745f60096a7df01cd918002fb0bf1

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        693e6f028a3f9f068a0b5e7250537d55

        SHA1

        2c79b8c2a6f4ebac7bf248a36d561fdc2b3532ff

        SHA256

        862b4192b217938a0a759e4ff19510ba65521b62927794e45a13b666ac90be72

        SHA512

        3645bc60a4185bc11f698608b757bd8d1181c7bba3b0ff801df0c40b9c721acab28352c947a4f93647fec238616af0b43f1f1d7a066617ddbe1c1eed858d5d4a

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-4018855536-2201274732-320770143-1000\_desktop.ini
        Filesize

        8B

        MD5

        d970a2bfcaa076939c06270d1a48dec8

        SHA1

        7a558f4d64c3e98bcfd2af83f28e6fbd207a39e1

        SHA256

        bdc6872f9a0a011a670907f0fedad9b88e283c5af545cf9f6bd73c3709967d44

        SHA512

        ea4c16930628455852ce343f8ae248b6df869b8da10b10928ebb802129f73d9761971811de317c7d3121b815340027782ec15d385d1d2d7df8fd0a46b62974c2

        Download Submit

      • memory/2780-28-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2780-34-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2780-38-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2780-21-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2780-1232-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2780-4798-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2780-13-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2780-5237-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3392-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3392-12-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download