Overview

overview

7

Static

static

3

680de1c9f6...89.exe

windows7-x64

7

680de1c9f6...89.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    680de1c9f63ebf23044b8d7ab982c192bbea8a6c3c3cab9c672aa2f20030eb89.exe

  • Size

    41KB

  • MD5

    5ffdc82dae83ac12b2475a963b09d563

  • SHA1

    cedec18c3a1aef6b0ddb36849ced7d53c4b351c5

  • SHA256

    680de1c9f63ebf23044b8d7ab982c192bbea8a6c3c3cab9c672aa2f20030eb89

  • SHA512

    667168634b1ab4e36bde2288cb56bd9d1e8a44287e6029d9949e59392164531f1ec3d9e688fae1a3af475cad121f3889dcdecb59b2beb80035c485188bc512fb

  • SSDEEP

    768:59m216GVRu1yK9fMFLKaTxsujCT7pZpYIWQ3655Kv1X/qY1MSd:yw3SHmLKarIpYIHqaNrFd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3444
      • C:\Users\Admin\AppData\Local\Temp\680de1c9f63ebf23044b8d7ab982c192bbea8a6c3c3cab9c672aa2f20030eb89.exe
        "C:\Users\Admin\AppData\Local\Temp\680de1c9f63ebf23044b8d7ab982c192bbea8a6c3c3cab9c672aa2f20030eb89.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1648
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4FC6.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2548
          • C:\Users\Admin\AppData\Local\Temp\680de1c9f63ebf23044b8d7ab982c192bbea8a6c3c3cab9c672aa2f20030eb89.exe
            "C:\Users\Admin\AppData\Local\Temp\680de1c9f63ebf23044b8d7ab982c192bbea8a6c3c3cab9c672aa2f20030eb89.exe"
            4⤵
            • Executes dropped EXE
            PID:4104
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4664
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4696
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4328

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        8d0bfb85554753d93e3f43fa8c348316

        SHA1

        c5c96d9bfadbe04dbdf264e8febf26e6f06d3a8f

        SHA256

        135a3e38a38266f018936e3e15e609147aec5d4df839113c6aa56ecf02c5a391

        SHA512

        06d02a540927206ca8d52f563efe1fc89f40d38fe7e411b12b4a92bbb9c330275f8787ec9d8a2e615ee110651a6f38d353548f8d0b3e28c5d0d1e7ebeebfc273

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        324ce661b339a9bd8f8dbe4d66305f6a

        SHA1

        87a6d228365f419fc488aa090a42167e5bcfaae1

        SHA256

        09ff83d7cd81693efa15a23b149116416f849677a3d368c3ae72f2414aa18f9e

        SHA512

        20692c4cd35058a23427f7dadc816ed0a7cd10c3648ab843d406a315ac9fdf6498848226574343183364de3c4ccf8bee2d70d260f3abbc5291d2e69996a84e15

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a4FC6.bat
        Filesize

        722B

        MD5

        ed764b74a7e402c34c4d2834ab0c0eca

        SHA1

        49c54529e2c452844d8d599a2809eb3b8c10f085

        SHA256

        75983c30e2c85534a8cefe055a167ea609dca99b417ccf44da64949dd012f1d7

        SHA512

        e3a37dfeba29f6c9ee127f645356ce718c03d4302b39deb372460ae17d31df9eae255607de833c5d4db98d1bc452582e1cf091d0850f1606f19a03ddbc0b4fda

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\680de1c9f63ebf23044b8d7ab982c192bbea8a6c3c3cab9c672aa2f20030eb89.exe
        Filesize

        14KB

        MD5

        ad782ffac62e14e2269bf1379bccbaae

        SHA1

        9539773b550e902a35764574a2be2d05bc0d8afc

        SHA256

        1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

        SHA512

        a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

        Download Submit

      • C:\Windows\rundl132.exe
        Filesize

        27KB

        MD5

        452dc122926f718d5eff28db8c13b873

        SHA1

        5105726d0ed51fd22fbfbb455de7e8d7407796f0

        SHA256

        84bca73a7f4ce6b978f07073a6db9cf897b3bb7267fe484f9565a31e1751dc40

        SHA512

        42b28dcbf7b14466f803ad975ba3a30a24d8d4e0090d9e12bdd3124832986bed0daf4fd002b30360624c296d2323bcdec97c75de0b4aa9094766bafddbc250f7

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3571316656-3665257725-2415531812-1000\_desktop.ini
        Filesize

        9B

        MD5

        4d28283e4d415600ffc2f8fda6d8c91e

        SHA1

        053dcb8d5d84b75459bc82d8740ee4684d680016

        SHA256

        b855effeaf01610130d3f38de35bc7f98bfc6643d98d4198af18534f048e8df7

        SHA512

        73a758cd5e5ac48d62dd89719be604214895e0cc9a10ff7464a6cf9161a37fd27d15dd2d2565f18198b381ac6442bcb36f38614df7b1176061a83616517a7edb

        Download Submit

      • memory/1648-9-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/1648-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4664-27-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4664-37-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4664-34-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4664-1232-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4664-20-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4664-4810-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4664-11-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4664-5249-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download