Overview

overview

7

Static

static

3

c24130e1c5...0c.exe

windows7-x64

7

c24130e1c5...0c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-05-2024 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c24130e1c57cbd6fceac9dd12f7d6be7dcacfcea9c507a26f7774ebb7b1e2f0c.exe

  • Size

    448KB

  • MD5

    1a5cb516d1067544c27b5437c759de90

  • SHA1

    2b01ae5852cdfb04c36ccba771c0d03cbd384a7d

  • SHA256

    c24130e1c57cbd6fceac9dd12f7d6be7dcacfcea9c507a26f7774ebb7b1e2f0c

  • SHA512

    e385bb3395fc484d8dc86748b8ac721c2b6fd32cac7d23d8f58cb4186482fc3660e4d934a32d24922de120dd34641141d17c819b3554d0e04f63c328d77da52e

  • SSDEEP

    6144:IVfjmNeI7O1dVeLjP1HMCnVGtwqkIDRRuuuRLaopCUXdEpfBm2/T3JQu0I:y7+e8OTVsjdBnYmGiVpD2fR/T3yI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3424
      • C:\Users\Admin\AppData\Local\Temp\c24130e1c57cbd6fceac9dd12f7d6be7dcacfcea9c507a26f7774ebb7b1e2f0c.exe
        "C:\Users\Admin\AppData\Local\Temp\c24130e1c57cbd6fceac9dd12f7d6be7dcacfcea9c507a26f7774ebb7b1e2f0c.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4356
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a326A.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2708
          • C:\Users\Admin\AppData\Local\Temp\c24130e1c57cbd6fceac9dd12f7d6be7dcacfcea9c507a26f7774ebb7b1e2f0c.exe
            "C:\Users\Admin\AppData\Local\Temp\c24130e1c57cbd6fceac9dd12f7d6be7dcacfcea9c507a26f7774ebb7b1e2f0c.exe"
            4⤵
            • Executes dropped EXE
            PID:3296
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1424
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:880
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1528

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        29671a4fad613b8d982b993243965a37

        SHA1

        a8f2f053b0b90ef9ee901a21f423c995bc21c736

        SHA256

        82bd4e119f80b12ee895179ca25b7a5c0d835c9a66f574e8cfcd31a79776c168

        SHA512

        f4485f95e3981c2ea8513ffe56916ba656c8bda9af452b5de1606c74d6b96dd0564af6b7251255f012654fadbac06bf03387bc7efe4e4b4de0e8d6736d5d5a49

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        ae5a0ac788b989fefe6aa89f158e23c3

        SHA1

        14f780a526ccb490507a9a615e1b1405ade220a4

        SHA256

        e822de91af998dbeac088695e216f8bb0445bc929f4f69ecd086d237d16035dc

        SHA512

        168305f2a4aa1b12a1ecb8895ed682f74cd4d086a16860f055ea4c1dce80f2ba3f94ae21cf975d85421e0732adbd0b7d0276c66276a5d601f98ae014a550b6a7

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        636KB

        MD5

        2500f702e2b9632127c14e4eaae5d424

        SHA1

        8726fef12958265214eeb58001c995629834b13a

        SHA256

        82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

        SHA512

        f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a326A.bat
        Filesize

        722B

        MD5

        f6df4fb27cd080f6df19374aec9ec093

        SHA1

        172b8f9f3b8860614404983d9f7bafde9fcbe540

        SHA256

        3748939ed21126630780d79d191ea33f9c7360a54dcba01c7f632da2a32db5b7

        SHA512

        9406ea444a2d8f638a9f84cec8c401f9423014357a48c9d13ba5a47322886b85aa7c4f4210461a5247c411558148c7eb35ee012ac24e2ea08027f82da2d0a66a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\c24130e1c57cbd6fceac9dd12f7d6be7dcacfcea9c507a26f7774ebb7b1e2f0c.exe.exe
        Filesize

        422KB

        MD5

        787867fe9d0b7eb804c120667c046f79

        SHA1

        be17b9fd53527f6069ed4cfc7431f3ef3eb2a742

        SHA256

        86b4bc327ad0e3bd5ee4fd927cdbee65ffccd75e84d8678f7802d54aa2cf8574

        SHA512

        ee3f9594eb6fa03da41baa9f178177edf2eb4cfb60ffd11d26302dd0c07411680394b23837f08d97b10f39ffbb0ea1f3aa5909b6eabece083b49f943b8deb5bb

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        49ed3e230aa53cf4655435949f8f50c9

        SHA1

        d2a2f332fdadd62f660b214bb00eab359a641315

        SHA256

        245a55e61c46ff6f144b44322f1cde9d6ca794cbc9649dfdaa4116862563af83

        SHA512

        53c9d6b09f0d224983beff3d3988b007f6446f8309fe7bf21207b60c49064d0d41734712e59186203ca2bcd8ae3d12eefb613c4cac0e13a1ed0e2c44f3d6983f

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\_desktop.ini
        Filesize

        9B

        MD5

        917c6bf65db2dfa12e70e5aa6a061a01

        SHA1

        bd0d9f217fd74efd784ad4a1b41f330b36e64edf

        SHA256

        8ad43ce062fe590809844ebdf64f2eb0f7d32357c89baac5640ff132dfcfdd19

        SHA512

        21a71205a9abfafcf7fef2a1697ae78a6fe14591bef85f86137d5355b5d40e1b8ca810e351256e0dc2973677e9b4452014126d3e5e81b0c3f1fcbd1a087481cb

        Download Submit

      • memory/1424-22-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1424-29-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1424-35-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1424-39-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1424-1234-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1424-13-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1424-4801-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1424-5240-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3296-21-0x0000000000400000-0x0000000000475000-memory.dmp

        Filesize

        468KB

        Download

      • memory/3296-19-0x0000000000400000-0x0000000000475000-memory.dmp

        Filesize

        468KB

        Download

      • memory/4356-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4356-10-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download