Overview

overview

7

Static

static

3

2db04c2fa1...ec.exe

windows7-x64

7

2db04c2fa1...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2db04c2fa15f26fa9d6d43168484af7deb240f093b54edcae827b80258869aec.exe

  • Size

    114KB

  • MD5

    ec25055db153254964643cc6ba1e2e3b

  • SHA1

    8538b9d2255ea5af392daa8aebae620c09d192be

  • SHA256

    2db04c2fa15f26fa9d6d43168484af7deb240f093b54edcae827b80258869aec

  • SHA512

    196855101d95bd5cb18bff821abe37833d29187b3d23727dfbc1094d629193650b2b496e322f7afde0a9df1c19afac3da62795898777cc78d3875b1488a05c48

  • SSDEEP

    1536:NfgLdQAQfcfymNkIahPNxOpRh1XvgaJcyHeQqGwNu/xHtBKikpiLjBPxe:NftffjmNla5CRhNvg2pP8NCKiPRxe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3572
      • C:\Users\Admin\AppData\Local\Temp\2db04c2fa15f26fa9d6d43168484af7deb240f093b54edcae827b80258869aec.exe
        "C:\Users\Admin\AppData\Local\Temp\2db04c2fa15f26fa9d6d43168484af7deb240f093b54edcae827b80258869aec.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4276
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2D1B.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3192
          • C:\Users\Admin\AppData\Local\Temp\2db04c2fa15f26fa9d6d43168484af7deb240f093b54edcae827b80258869aec.exe
            "C:\Users\Admin\AppData\Local\Temp\2db04c2fa15f26fa9d6d43168484af7deb240f093b54edcae827b80258869aec.exe"
            4⤵
            • Executes dropped EXE
            PID:1816
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:5004
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4460
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2936

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        a3482d38fb05ed4551015ce2eaaa84ea

        SHA1

        50529e4b2da222e5f52e8f93bf9a7a4d240664b2

        SHA256

        7a87ec80697f5f137b7a163573a85294a0730702b57956053a0bdc19350397bc

        SHA512

        a776433be08b39ac207a911f3beb73d9a0f9ca40556aa0593f2b59d43fd60f928f4430c91037b2a64097ff4abc7aa562117096eaea827eb43851c88edeee37b6

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        6fc7e8d248e6f5aee09dcbe5b051b1f4

        SHA1

        9b790ebfaf6dfa44ae9795bc7930186ed35cdb99

        SHA256

        5729543393820f4b90309dd5c4b56199e25671cb8b181837190375028bfd8d3b

        SHA512

        ea3fcbf73d7d44cb30d44a82015fad0bf3ebb46a7c0cec9312909ab0751868c30b0b58e35622b5c3d45bf7251f91cd2afcc802ad85b484b21e2d1fb3f553fe36

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        636KB

        MD5

        53ee62011469b286a2a1b5658c86b9bf

        SHA1

        9bdac0b23b0a965947c780c6a6b48fc7122f9ade

        SHA256

        7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

        SHA512

        c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a2D1B.bat
        Filesize

        722B

        MD5

        480738c69b2594d520fcfb6f535a09d5

        SHA1

        39b34b83be8801b775f2f026e18b40d3adae898c

        SHA256

        5ee21edc44d97531892122bf8f8999bdd6bf2e0c53bac31c54573471c6d6ac38

        SHA512

        8e26348ad500d6dc400a4eaa5eab092428e80490f7a4c119edb3f62f45b4b10d4aa81afa4a9782a84add7833a52e680c8aa873e16a8b36f29e936d78d92c128f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\2db04c2fa15f26fa9d6d43168484af7deb240f093b54edcae827b80258869aec.exe.exe
        Filesize

        87KB

        MD5

        16824de171d58bb89d04e105bf42fe2e

        SHA1

        9c278223aae74b37524e6201f8be60d980e19ab2

        SHA256

        1d35159401e2ae06cb131063737ca3485d1fe9eccef89a2304a9d6f0cb6a3f21

        SHA512

        b9b57ba916328e3cedcaaac8f2e344f0a94b209d1cfe86cf265bad219c9818defdc116ff376e15d8d26d522ae32ea0c9dbd79cfa95dd156b56cb752a22877778

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        7efbd2fe00598632f908c56af9fa85ba

        SHA1

        af7c0515e544a6b2532b527325064fbabe937eae

        SHA256

        a605256d75cfcd8a6ac740f8f08303ba8519be9b924a3d74ad32af93f1b570d8

        SHA512

        1288dc3056685167e795de758565f7f8f41d2c2b301a35c8d84f63fbba8d46cd4ef28d8fb9b00cd9177260df50111c66829dec6cb7759f15cd87280624487679

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1162180587-977231257-2194346871-1000\_desktop.ini
        Filesize

        9B

        MD5

        304501c003da3bc5756aa53a757c30cc

        SHA1

        94dfcea0ef17f89b3a60a85a07edb4c00170cc1c

        SHA256

        9f4b03cbd52378f329bfc7088f8242bbc1a0a2754bc2f8a40e3b74e0dedecd6e

        SHA512

        78cd3c2cb4cb66e41d8947e1231256c2043d71c77f97e92915e938a6c1d9a8c003512027d98bc71bf582875d269e5fbe6e134f57b25f5f79fe16f9a412387dc8

        Download Submit

      • memory/4276-9-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4276-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/5004-27-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/5004-37-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/5004-33-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/5004-1231-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/5004-20-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/5004-4797-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/5004-13-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/5004-5236-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download