Overview

overview

7

Static

static

3

99fd9702e5...77.exe

windows7-x64

7

99fd9702e5...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-05-2024 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77.exe

  • Size

    30KB

  • MD5

    ba188039aa9bfcae77e14a78d6eeeebd

  • SHA1

    7042ef3cf1869bab190d5daaa4de54fe9527d49f

  • SHA256

    99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77

  • SHA512

    3644cc7ae409612afe2aeb2aeb838fc09881c874a50617eaea99287fdaa77af9df43e61ee7bbd3f633d691686d46d631ffc41ffab4205d4ad65691cf9d8050f8

  • SSDEEP

    768:A1ODKAaDMG8H92RwZNQSwz1/WRFcwujg09n3:SfgLdQAQfR/WRRuRN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3240
      • C:\Users\Admin\AppData\Local\Temp\99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77.exe
        "C:\Users\Admin\AppData\Local\Temp\99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:844
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE7D0.bat
          3⤵
            PID:3716
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:656
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:1196
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:3740
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:2488

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\7-Zip\7z.exe
            Filesize

            570KB

            MD5

            2e701e64f1c914c238a776b2985a6d04

            SHA1

            6f45a0f4790798a0fe3b2c1a205bf77522cf0300

            SHA256

            f629a8b50ba2ddfa8a463796eb8e7198fe5794e5e7618b30a206c92305831fea

            SHA512

            0fa143207631b05c0aea34277413ef499c486a3b926f3dbd443d2683953a5f09909e8ba89902d28a6cfdd3e5bdb61f57b9b7a7e51e1e785db350d1cf9650dd0a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\$$aE7D0.bat
            Filesize

            722B

            MD5

            53aea8335aa462d5046cdb8376cbd2d9

            SHA1

            6acbc6b00a390fe22bb6680bfc41246f5a1368d2

            SHA256

            958ac33e3b38c1a25e02738e64bf65dd7be446b3a60b88abb689b092a958c095

            SHA512

            f9682988bf6917241b17c02521abeaa06a0530f9e90ff581a108ff6666c0f6d72981f0bb130a2108b481a866fbcd2f036457d069ba6874135c3b1b1f7499d655

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\99fd9702e5403bb06e8c9a95a60fa2484783355990ee4341bb42ac12131e7e77.exe.exe
            Filesize

            4KB

            MD5

            99b96f7f497e9e216da4b7c9979810e5

            SHA1

            2c424f82747581db2b35673eb22ba321d573944b

            SHA256

            7c3300179b3d9ab57042a5f026a69fac3b0e2e783e94853ff109a29d2d3f541b

            SHA512

            90a0b888f474fa5505f39ca7575635a7ea839e4e23cf9d573c99d7b3b226036fb0b82e17900012aed9fe1c8b4985488e22df0421ad66dbff9d4fcf4be0455212

            Download Submit

          • C:\Windows\Logo1_.exe
            Filesize

            26KB

            MD5

            82d57ca28fb9960aa11c257d642830b4

            SHA1

            1642ededc7cc1d6d3e851c126e2c853065c1a9f8

            SHA256

            35655e6994dad8fa107d3892a0ee4bc4b6017cb907f69d30a1e11bf45c7f707f

            SHA512

            5fee2d7ed18ea3d04f054c8ed63fd0dd5c0618445e87402adc86cf0d39158cd41d2e10d1d0bb8a48ffd97b4c5b7d02c05704c095eb1e9b29f62046e4ca3a22a1

            Download Submit

          • F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
            Filesize

            9B

            MD5

            4b2b75605a65a6762ec4715de0a70902

            SHA1

            3b85993ef06d2d814abc405188fdd19a1bffea0c

            SHA256

            77072cc5a7b394508cf5d819ff8cf4385a9b3cb15d8715a59845ccfa235ea34e

            SHA512

            888361e75afd4308bdad817af543704a42ffdf2d798acef619459e9978ac68f1cf4d468c6e0b146ab738b0109fdf331c4380471aa83f637b0f6ab06164840c65

            Download Submit

          • memory/656-19-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-8-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-37-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-42-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-26-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-32-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-70-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-312-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-1016-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-1017-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/656-1184-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/844-11-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/844-0-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download