Overview

overview

7

Static

static

3

acaa70b42a...b6.exe

windows7-x64

7

acaa70b42a...b6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 20:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    acaa70b42a9ebf427eca692ee41975a3f2d6d79ce8e71d21d27f18de6f0547b6.exe

  • Size

    487KB

  • MD5

    53c0b44c4428fe84fef965589e0e02e2

  • SHA1

    e94d4fa831efb3d1fd028fd30267115e027072f4

  • SHA256

    acaa70b42a9ebf427eca692ee41975a3f2d6d79ce8e71d21d27f18de6f0547b6

  • SHA512

    0eab0e276c539747c87f0aee184929b6d005fef401e8c1acf68d6974f17782ee2dceab5b4160152965d1b56332cf7eb64d2f9b6ef5e25369ff8187d0a63b6106

  • SSDEEP

    6144:MtuJoz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV4:g1gL5pRTcAkS/3hzN8qE43fm78V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3500
      • C:\Users\Admin\AppData\Local\Temp\acaa70b42a9ebf427eca692ee41975a3f2d6d79ce8e71d21d27f18de6f0547b6.exe
        "C:\Users\Admin\AppData\Local\Temp\acaa70b42a9ebf427eca692ee41975a3f2d6d79ce8e71d21d27f18de6f0547b6.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:5072
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2FE9.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4132
          • C:\Users\Admin\AppData\Local\Temp\acaa70b42a9ebf427eca692ee41975a3f2d6d79ce8e71d21d27f18de6f0547b6.exe
            "C:\Users\Admin\AppData\Local\Temp\acaa70b42a9ebf427eca692ee41975a3f2d6d79ce8e71d21d27f18de6f0547b6.exe"
            4⤵
            • Executes dropped EXE
            PID:4376
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3324
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1480
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3616

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        f134d58f0c72c193a05ff5819d09f8d6

        SHA1

        85c6d5b8cb938c5b8b7437693a4f6e97caa94fdf

        SHA256

        0b329835e955ce06b673448b91b9bea022bc741cd855123dd5f8988d4385b031

        SHA512

        27c84f45bacb5c95ca340b6a8da7a81ece4cdb3adf2c3f85726f79c7a35cf7b6eb37c6703b6c275d5861ea0585c43c2bbc95f5331aec240ee234fceb72ed33c6

        Download Submit

      • C:\Program Files\WriteGet.exe
        Filesize

        888KB

        MD5

        bd822d878d4990bf23acac69f000252a

        SHA1

        c855fbfdd3a6807a7937062e787542736b9e9ecc

        SHA256

        da8beb06463a1963da0c603a1384539c12621832556bdc268c3ecfd3dd29267c

        SHA512

        f72369afe3fc52586b59c340745e1bfce8b2e9f11fb8ae5f70a90f3a8b167f781e83054c96a979e49f1c20b8aea4f1e0077c63c80eb25a5fa528a5530c0a627e

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        c15cc0560a1f2ab80b80767643b0c1c5

        SHA1

        351e72917155ff3e811334fd55a35be7c7cdf6ea

        SHA256

        c17ea05f90a728f32aa972ff92de25f799ce043ba5a3db5f10b5557f31916858

        SHA512

        11bb18446a38b70dd24c9877ef95d5764d001a8c936cfcb9a5a15275942226cdbb74a1c331d423ccf05b27ea68259e6306dba5ab0ad85b17ec41a15fcdcd4289

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a2FE9.bat
        Filesize

        722B

        MD5

        a1bac495b51353a28c24f89b9a6e728c

        SHA1

        7755cfc3425e8aae167e1a1107a791973a5fd145

        SHA256

        5ebd302c05d09525d639469caf9648bcc6cd093aae6c29eceba24d664a657006

        SHA512

        4735aed1a82983b8f40a121541def9167675747f3ad7a93823cb8d767fd106158d6e1fb6ef72a7ea435d2d38b03b33184b947f4fe6268f715b49e71fbeae749f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\acaa70b42a9ebf427eca692ee41975a3f2d6d79ce8e71d21d27f18de6f0547b6.exe.exe
        Filesize

        458KB

        MD5

        619f7135621b50fd1900ff24aade1524

        SHA1

        6c7ea8bbd435163ae3945cbef30ef6b9872a4591

        SHA256

        344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

        SHA512

        2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        af29fb6a5adf025d9127df13f942d7d2

        SHA1

        72d13969443440eb123cfb43f924c4959eae7638

        SHA256

        d83088ef692a221a033bfb31d7178f7f04182df4480ac946b53807fda9cdd040

        SHA512

        10c6c2a56386b35f52e8b220def9cace7a57a70672a97aeb3c95df14d832416d6057fabccd86c4f473e354a87e378ff0ac3cf0e503ee3db9f909897ef7776079

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3906287020-2915474608-1755617787-1000\_desktop.ini
        Filesize

        9B

        MD5

        392ab9dcf5a9daf53626ea1f2e61d0b9

        SHA1

        0a2cdc7f8f9edf33f9fde3f8b90e0020190c8fb7

        SHA256

        9bbc94aad502d7d7a7f502ddb9cbd93b1c89eff13e445971c94ac09215ada67d

        SHA512

        5d1fea63a7793a65dc63c32cfe3ab2e1af941ded8e760f08fbe991e5b30433f86f920d717235a635020740c8f6f7996b4b8e8147e331b29141fcbb7bdc68144d

        Download Submit

      • memory/3324-26-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3324-32-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3324-36-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3324-19-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3324-1231-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3324-4797-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3324-12-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3324-5236-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5072-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5072-9-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download