Overview

overview

7

Static

static

3

a5e26b70c4...85.exe

windows7-x64

7

a5e26b70c4...85.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/05/2024, 18:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe

  • Size

    1.1MB

  • MD5

    30c0a764471a246655fa01d60414a085

  • SHA1

    2b63d23e45069b5196e9bc48fda8b749c1567818

  • SHA256

    a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085

  • SHA512

    023d9bac40dfa2913e9f9eb47c90059bb9e6aa6d961aef4209c1a41396341716d70af444d218b60e68dc36ab52119e518d80e8e20110e412281bba1b49b0b4f9

  • SSDEEP

    24576:+71uJmqiy9WWgdJKAJjCtG1j6/Ql55yinxSj:+71qiyXgdZJjWG1m4l55NK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1352
      • C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe
        "C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1084
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a935A.bat
          3⤵
          • Deletes itself
          PID:2280
          • C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe
            "C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe"
            4⤵
            • Executes dropped EXE
            PID:2848
          • C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe
            "C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe"
            4⤵
            • Executes dropped EXE
            PID:2512
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2256
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2604
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1744

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
              Filesize

              251KB

              MD5

              017b5ff3fe0c3468438be2ec74cebc30

              SHA1

              6c3d43933b458fc53062a5d51b8d9570be6d3e2d

              SHA256

              f23e73059d7cbbe7cc9f6a50932f5aa26d25feaf6e1a32c35cd01fa49183a619

              SHA512

              cb317a0becd259af4982ae63e97a1205c250a9cf09b47fbb0460eb2bcbe93421014f49f72c33b51dcd7517034be9b95b09ab7c0312cd79bf5b41b4fd8df6ac77

              Download Submit

            • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
              Filesize

              471KB

              MD5

              99ea9b604a7a734d3087fa6159684c42

              SHA1

              709fa1068ad4d560fe03e05b68056f1b0bedbfc8

              SHA256

              3f733f9e6fec7c4165ca8ba41eb23f604a248babe794c4ad2c6c3ce8032aab1c

              SHA512

              7af8008c7e187f925c62efc97e1891a7a38d089302dba39fbde137fb895e0592847ed0982c824c2075be8e6b95b6ce165ecb848ab85adf53779ebef613410fbb

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\$$a935A.bat
              Filesize

              722B

              MD5

              35a6c638022ee5eb32e8845405caf75b

              SHA1

              4801c3b322df5299e556e4430eca7beb3a081423

              SHA256

              de9040341ade70ef6c0edd8525ee8711e9b63073359f7db3c716faf8ae6d0161

              SHA512

              d3c979d447abd714f41729f60f92feb2fe059f3b92b425364ef37f623d8a9057cf0c821b211d31804b5884d9c65326561aafc69922d036f2a39d679a51248985

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe.exe
              Filesize

              1.0MB

              MD5

              cececf542dbb4d973ef7db4a67766443

              SHA1

              51dad032de6fa604c4591d7e25f1db5dc6705782

              SHA256

              41efdd1d6119a45e327e66a7be188d6957ce1c5c0cd55023e1edb16c8975b190

              SHA512

              32ecc50e291332805c775183795b7f0af9c8c7126c7b0cf358cc1853e11957e9417b502f94f13e539dd7ee46c3918ce2ac4b19c36ab16bfc17e6c04e471b08db

              Download Submit

            • C:\Windows\Logo1_.exe
              Filesize

              26KB

              MD5

              d375bd04f866e1b3276ba3b9779966ad

              SHA1

              1da9855e29a5384522563e0c4bdac786712d8b12

              SHA256

              a540c3c24ac2e3e353f3e0376889b61d7c11c926b29c8f0b8c768aea37daf7be

              SHA512

              78aa0651eeebb8475328fb7090ef3bdc8984ea22c888365727fd7c09533d59873599fc172d291fbadc55e04034fa62e7be405cd501df063105b0c03d7638de10

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\_desktop.ini
              Filesize

              9B

              MD5

              ef2876ec14bdb3dc085fc3af9311b015

              SHA1

              68b64b46b1ff0fdc9f009d8fffb8ee87c597fa56

              SHA256

              ac2a34b4f2d44d19ca4269caf9f4e71cdb0b95ba8eb89ed52c5bc56eeeb1971c

              SHA512

              c9998caa062ad5b1da853fabb80e88e41d9f96109af89df0309be20469ca8f5be9dd1c08f3c97030e3a487732e82304f60ee2627462e017579da4204bc163c8f

              Download Submit

            • memory/1084-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1084-17-0x0000000001B90000-0x0000000001BC4000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1084-16-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1352-65-0x0000000002A30000-0x0000000002A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2256-129-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2256-83-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2256-77-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2256-136-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2256-515-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2256-1889-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2256-70-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2256-3349-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2280-59-0x0000000002320000-0x0000000002321000-memory.dmp

              Filesize

              4KB

              Download