Overview
overview
10Static
static
1058bfb9fa88...1f.exe
windows7-x64
58bfb9fa88...1f.exe
windows10-2004-x64
105d40615701...3d.exe
windows7-x64
105d40615701...3d.exe
windows10-2004-x64
10ae66e009e1...75.exe
windows7-x64
ae66e009e1...75.exe
windows10-2004-x64
c460fc0d4f...50.exe
windows7-x64
c460fc0d4f...50.exe
windows10-2004-x64
10Analysis
-
max time kernel
0s -
max time network
6s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
14-05-2024 17:47
Behavioral task
behavioral1
Sample
58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
5d40615701c48a122e44f831e7c8643d07765629a83b15d090587f469c77693d.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
5d40615701c48a122e44f831e7c8643d07765629a83b15d090587f469c77693d.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
ae66e009e16f0fad3b70ad20801f48f2edb904fa5341a89e126a26fd3fc80f75.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
ae66e009e16f0fad3b70ad20801f48f2edb904fa5341a89e126a26fd3fc80f75.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850.exe
Resource
win10v2004-20240508-en
Errors
General
-
Target
58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.exe
-
Size
82KB
-
MD5
e01e11dca5e8b08fc8231b1cb6e2048c
-
SHA1
4983d07f004436caa3f10b38adacbba6a4ede01a
-
SHA256
58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f
-
SHA512
298bfb9fe55ddd80f1c6671622d7e9e865899a855b5bb8e0d85d8520160cedca6fd8bc72c9881925477bcab883bf6e6f4c69f997b774b74fe992e023a81269de
-
SSDEEP
1536:PcW4lAJGGnzjoih/NDh/NDuk+XkGAK/hztXcag+PlbBfkWIyvZrw281r5XsmCZEe:UWNGszjoih/NDh/NDuk+XkGAK/hztXcQ
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource yara_rule behavioral1/memory/1636-1-0x00000000003E0000-0x00000000003FA000-memory.dmp disable_win_def -
Modifies boot configuration data using bcdedit 1 TTPs 1 IoCs
pid Process 2936 bcdedit.exe -
Modifies registry key 1 TTPs 1 IoCs
pid Process 2252 reg.exe -
Runs net.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.exe"C:\Users\Admin\AppData\Local\Temp\58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.exe"1⤵PID:1636
-
C:\Windows\system32\reg.exe"reg.exe" delete HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend /f2⤵
- Modifies registry key
PID:2252
-
-
C:\Windows\system32\bcdedit.exe"bcdedit.exe" /set {default} safeboot network2⤵
- Modifies boot configuration data using bcdedit
PID:2936
-
-
C:\Windows\system32\reg.exe"reg.exe" add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.exe","C:\Windows\system32\userinit.exe" /f2⤵PID:3000
-
-
C:\Windows\system32\net.exe"net.exe" user Admin ""2⤵PID:2500
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user Admin ""3⤵PID:2588
-
-
-
C:\Windows\system32\shutdown.exe"shutdown.exe" /r /t 02⤵PID:2536
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:2524
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵PID:836