Overview

overview

7

Static

static

3

bf179a55ca...81.exe

windows7-x64

7

bf179a55ca...81.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf179a55cad583ac6887427794145aaee3c41a26b0d90cee13688f52ac76a981.exe

  • Size

    98KB

  • MD5

    a8d2f109200c5cf23b5cf8af89b1afb1

  • SHA1

    8d8a95477cd6de3e1c3ec0d3c524638a2d49206d

  • SHA256

    bf179a55cad583ac6887427794145aaee3c41a26b0d90cee13688f52ac76a981

  • SHA512

    975eeabaeb6b12e8289d3f597d67f53dbc64d2455885c3d8e0ba8d2daa23eaf86399119decd2de797cf9ecca7b55a0ef2686c4be397ac9871b3bb9d71298b699

  • SSDEEP

    3072:iftffjmNGZc+rcBwCCgtSDADeak7dJHB/AdIf:yVfjmNI1j8SsQLH5Aaf

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3424
      • C:\Users\Admin\AppData\Local\Temp\bf179a55cad583ac6887427794145aaee3c41a26b0d90cee13688f52ac76a981.exe
        "C:\Users\Admin\AppData\Local\Temp\bf179a55cad583ac6887427794145aaee3c41a26b0d90cee13688f52ac76a981.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2864
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5014.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2848
          • C:\Users\Admin\AppData\Local\Temp\bf179a55cad583ac6887427794145aaee3c41a26b0d90cee13688f52ac76a981.exe
            "C:\Users\Admin\AppData\Local\Temp\bf179a55cad583ac6887427794145aaee3c41a26b0d90cee13688f52ac76a981.exe"
            4⤵
            • Executes dropped EXE
            PID:1148
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1368
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1328
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1132

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        c79a16659c86cef3342d2f1ff2f25ff4

        SHA1

        ebc7bfba76e98fc995876c446fe54485b4fbcc1a

        SHA256

        a4bed974dcea68139338bfdfbcd7ea77f6ba7bc058a6f0c7c7a9b1afa6efa484

        SHA512

        3493b5a956acc7e0fad96215b601c6ba6f44f57e1dcac8542ebb0fb087b1f258dbd17abffedbed9cfb193f18c0af9b9809984a9c177214798c6bd3c7c4205621

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        f289ea1d0f5969c5c7e2c0b134bd3862

        SHA1

        c9659a4451313434fb1903033038dc32b2eb944e

        SHA256

        4fdb13f0a8261393b06493f725dbff89e853962b2adcfb8dfc7faf17f5f38d65

        SHA512

        d443339932d097332b6e7608433441b5940b7f8180858c6c425875c701380aa59776f8d8db2ab72b417376cf5b7c3e7d9166e9c5c3ceaa948cd74b14d1f86a0d

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        636KB

        MD5

        2500f702e2b9632127c14e4eaae5d424

        SHA1

        8726fef12958265214eeb58001c995629834b13a

        SHA256

        82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

        SHA512

        f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a5014.bat
        Filesize

        722B

        MD5

        ede9f22194a0118814b26dd08056dd45

        SHA1

        6862db81abc668371539e9b243120f27659990a2

        SHA256

        913ecf2c909eecba2e68827df01ad1f3d8b5b1d75837f89ed6e55db698a68326

        SHA512

        ac49ac32b5a063934a9c2debd49d7236c9e3edd18670463c344238c634194df5ef12be437774f3cb09c35da0bb76304faa9b9da5f2d7a9d81d166033da08ec2f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\bf179a55cad583ac6887427794145aaee3c41a26b0d90cee13688f52ac76a981.exe.exe
        Filesize

        72KB

        MD5

        8de1084b805b2128076ea32b9b3b2c90

        SHA1

        c7d8795c0e83232fb3222feaa343c0f91039ba92

        SHA256

        c766f215f595d3e34b8fd47aba828e349e9f7f49a6d819667a00b74bef827689

        SHA512

        1f67b1149bf17d5abbf312f16745e7114aa8759b79fd2ca1d773627d9399a49bd75b4786110199d73ba517d59aca898ac1a9cebcb14246c0f9bf26a88193a06d

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        c5882fc9ee8d623bfeb775d0a804082a

        SHA1

        1aeee98f122da7f26965c09ec7c5b35666de85e8

        SHA256

        d02841d9030e9af98709cf55ae1de201402d0646e479093e59fc93916c67ced3

        SHA512

        242d58868f9e30c927ac74e68840b80a99cb8963fdd7be7d6203a1dc3874d01aa9a4361827df990f3a3714d771a37422249ca2562ebbb1ac20300eeae5b508e2

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini
        Filesize

        9B

        MD5

        7619ead719f9163af9f64f79eeff7c36

        SHA1

        7b956c82fba1f4a0ea8b09ca2e39d89159e21b75

        SHA256

        da9af76d7e3938d1bd300436de0d394ef0453f260a69c94905084222eb3fbb45

        SHA512

        29dd3ef54766931036c2f0d755bb3fc89619e548c95658577930a5a748ac2b2855a9e5ee5601697ebbac8a7d435abd4c9e9e2255b0e455e267e0d95358fa86df

        Download Submit

      • memory/1148-19-0x0000000000400000-0x0000000000412000-memory.dmp

        Filesize

        72KB

        Download

      • memory/1368-34-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1368-28-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1368-38-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1368-13-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1368-1233-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1368-4798-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1368-21-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1368-5237-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2864-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2864-12-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download