Overview

overview

7

Static

static

3

725a1c0a79...cb.exe

windows7-x64

7

725a1c0a79...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 15:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    725a1c0a79b3b26672c06766ed0fb426a5a540123af9a13b5736316bdac240cb.exe

  • Size

    5.7MB

  • MD5

    ec534b18b77be3f61296098eeeb5c518

  • SHA1

    3819b1709e3887bc6afc5f2d9163ea54ec651d23

  • SHA256

    725a1c0a79b3b26672c06766ed0fb426a5a540123af9a13b5736316bdac240cb

  • SHA512

    8737da60ffa15e30c0757f2e234822c88b1eff11b15e0923bf50e41b9d87a94a0cb9c8ba9af73323609ea4ca3d62a304e7fa09e8dcf2b4e8b1ac0fd606d18931

  • SSDEEP

    49152:zPv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dTPBJ:bKUgTH2M2m9UMpu1QfLczqssnKSk

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3424
      • C:\Users\Admin\AppData\Local\Temp\725a1c0a79b3b26672c06766ed0fb426a5a540123af9a13b5736316bdac240cb.exe
        "C:\Users\Admin\AppData\Local\Temp\725a1c0a79b3b26672c06766ed0fb426a5a540123af9a13b5736316bdac240cb.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:988
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3066.bat
          3⤵
            PID:3808
            • C:\Users\Admin\AppData\Local\Temp\725a1c0a79b3b26672c06766ed0fb426a5a540123af9a13b5736316bdac240cb.exe
              "C:\Users\Admin\AppData\Local\Temp\725a1c0a79b3b26672c06766ed0fb426a5a540123af9a13b5736316bdac240cb.exe"
              4⤵
              • Executes dropped EXE
              PID:3528
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3120
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:2708
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:3984

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          Filesize

          254KB

          MD5

          d86e00fdec23784005bc452f437fedb8

          SHA1

          5c8d5c4952600659f2177262c2b0554e5dcebd64

          SHA256

          aa56ba1e1b10017ed23bccf1d5ba69dede6dc8dfa40ea585bce45dfd8ae3f0c3

          SHA512

          648667cbdbf62b8ca75fc0091f9313a0a0d76bb2b2f3c1db4464bb8f3299562bcd247a7443dc55af7a05090a6e3acc98d8af10fd33ffad543f841152a1ccef77

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          573KB

          MD5

          46f674790e080bc872bd61ccbd493eae

          SHA1

          5c0110253ee7fe3b18df4382a7ba4ff6362d5137

          SHA256

          1c057673e0540ffb1698aa4850c1610a71175b751957dbeb9e067624cb0a7248

          SHA512

          57e051229b3fb2920fcc4a62d9092d1d4a47cd8123faa4faac6e5897a3a6fa55ab52b8933e287ae518f0b535587d4d6879117fdbc0663062c8def0c308659eb6

          Download Submit

        • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
          Filesize

          639KB

          MD5

          a3605b51d03ea8bc68b35024e3706893

          SHA1

          6c38dddfa42e9a668cdc457a931799ed35e2db9b

          SHA256

          351fb1ee45499709bec5874e2bedd85b14730aad55d91a1f31a28a23c83ae903

          SHA512

          4d7e3f4704132ef680054c46f06879f8028e103b36a6c9d640ea155b8ee660402efd31469cc3857b1fc10f904ac9e41d2e85f88c18ad5d5c841d30b93de30533

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$a3066.bat
          Filesize

          722B

          MD5

          8ca271014a9fdafb4bd7c610db9caee6

          SHA1

          0303deb0a4ac6fa1bec47982a3f0f9105c94bcf6

          SHA256

          e96f6b2fac26b5eea11a7395b55d13d9d5bd95b6fc2c0ec21f9615a6d39395f7

          SHA512

          3059aa76c901d3d3529a805603f05a9dd1bf2ce299c1d820bce064cb715f2314d9dfa8a74e8d9f0b7f567dd8ddec11aac0865535da3a840f62f7ecee62fc085e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\725a1c0a79b3b26672c06766ed0fb426a5a540123af9a13b5736316bdac240cb.exe.exe
          Filesize

          5.7MB

          MD5

          ba18e99b3e17adb5b029eaebc457dd89

          SHA1

          ec0458f3c00d35b323f08d4e1cc2e72899429c38

          SHA256

          f5ee36de8edf9be2ac2752b219cfdcb7ca1677071b8e116cb876306e9f1b6628

          SHA512

          1f41929e6f5b555b60c411c7810cbf14e3af26100df5ac4533ec3739a278c1b925687284660efb4868e3741305098e2737836229efc9fe46c97a6057c10e677c

          Download Submit

        • C:\Windows\Logo1_.exe
          Filesize

          29KB

          MD5

          4f5d22667d150fcb87a131ecf4f18373

          SHA1

          ea6b17b4d068f007f17dcc1d2af587a5969ae213

          SHA256

          8aaa8b892b24ec2f7f914fca94a3e72952178ab6e732a8342f18e737060ed1a0

          SHA512

          cbce12b897e11aab465fc244a7442f89ea5eac1a0e3bea595eae4951a454a51e065063a68771ee96588ed0b9674777f25776221bed1829075540541a9e28f6e1

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\_desktop.ini
          Filesize

          9B

          MD5

          4b2b75605a65a6762ec4715de0a70902

          SHA1

          3b85993ef06d2d814abc405188fdd19a1bffea0c

          SHA256

          77072cc5a7b394508cf5d819ff8cf4385a9b3cb15d8715a59845ccfa235ea34e

          SHA512

          888361e75afd4308bdad817af543704a42ffdf2d798acef619459e9978ac68f1cf4d468c6e0b146ab738b0109fdf331c4380471aa83f637b0f6ab06164840c65

          Download Submit

        • memory/988-10-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/988-0-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3120-27-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3120-37-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3120-33-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3120-1231-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3120-20-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3120-4799-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3120-13-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3120-5238-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download