Overview

overview

7

Static

static

3

99fd9702e5...77.exe

windows7-x64

7

99fd9702e5...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 14:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77.exe

  • Size

    30KB

  • MD5

    ba188039aa9bfcae77e14a78d6eeeebd

  • SHA1

    7042ef3cf1869bab190d5daaa4de54fe9527d49f

  • SHA256

    99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77

  • SHA512

    3644cc7ae409612afe2aeb2aeb838fc09881c874a50617eaea99287fdaa77af9df43e61ee7bbd3f633d691686d46d631ffc41ffab4205d4ad65691cf9d8050f8

  • SSDEEP

    768:A1ODKAaDMG8H92RwZNQSwz1/WRFcwujg09n3:SfgLdQAQfR/WRRuRN

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1188
      • C:\Users\Admin\AppData\Local\Temp\99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77.exe
        "C:\Users\Admin\AppData\Local\Temp\99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2416
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1F15.bat
          3⤵
          • Deletes itself
          PID:2820
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1824
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2744
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2300

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
              Filesize

              471KB

              MD5

              23badfb2cfea8ed0b62e1cf4e6901195

              SHA1

              91c2d39b8401c1a6768d81e1321f6d35317440ab

              SHA256

              d8df5a52093d81bdd5ec1d1daddce338eaa8d714d73c9e9d5595ce546effa42f

              SHA512

              1ac44eb7c5ae734146967af1f1e6635eabd393cd5d5c0c37724faaefea847331ee5174087865895e8afa9d2087a97d369e877ead908aa3f0a14339975f8dfde7

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\$$a1F15.bat
              Filesize

              722B

              MD5

              97a4df07a6666d55bb7f2f4646a0ce09

              SHA1

              143187bf474f0c432e0b02f461eebd1247fed3ad

              SHA256

              ba3a0d9dbce3818937a81d11dcb9f9634b47998ff3cb1ddb925ce730cef587c8

              SHA512

              42cddf0960e2f09de403d721bcc2fa6ce4dd5e7a0b2a7caf766428a2f9ea40910c3c68779eb768eb85e8583d66dac390c7bc5a6ebc2f156c013b7d30d96de742

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77.exe.exe
              Filesize

              4KB

              MD5

              99b96f7f497e9e216da4b7c9979810e5

              SHA1

              2c424f82747581db2b35673eb22ba321d573944b

              SHA256

              7c3300179b3d9ab57042a5f026a69fac3b0e2e783e94853ff109a29d2d3f541b

              SHA512

              90a0b888f474fa5505f39ca7575635a7ea839e4e23cf9d573c99d7b3b226036fb0b82e17900012aed9fe1c8b4985488e22df0421ad66dbff9d4fcf4be0455212

              Download Submit

            • C:\Windows\Logo1_.exe
              Filesize

              26KB

              MD5

              82d57ca28fb9960aa11c257d642830b4

              SHA1

              1642ededc7cc1d6d3e851c126e2c853065c1a9f8

              SHA256

              35655e6994dad8fa107d3892a0ee4bc4b6017cb907f69d30a1e11bf45c7f707f

              SHA512

              5fee2d7ed18ea3d04f054c8ed63fd0dd5c0618445e87402adc86cf0d39158cd41d2e10d1d0bb8a48ffd97b4c5b7d02c05704c095eb1e9b29f62046e4ca3a22a1

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-3691908287-3775019229-3534252667-1000\_desktop.ini
              Filesize

              9B

              MD5

              4b2b75605a65a6762ec4715de0a70902

              SHA1

              3b85993ef06d2d814abc405188fdd19a1bffea0c

              SHA256

              77072cc5a7b394508cf5d819ff8cf4385a9b3cb15d8715a59845ccfa235ea34e

              SHA512

              888361e75afd4308bdad817af543704a42ffdf2d798acef619459e9978ac68f1cf4d468c6e0b146ab738b0109fdf331c4380471aa83f637b0f6ab06164840c65

              Download Submit

            • memory/1188-28-0x0000000002E40000-0x0000000002E41000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1824-89-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1824-30-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1824-37-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1824-43-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1824-95-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1824-574-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1824-1872-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1824-1936-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/1824-3332-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2416-17-0x0000000000220000-0x0000000000254000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2416-15-0x0000000000220000-0x0000000000254000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2416-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2416-18-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download