Overview

overview

7

Static

static

3

81c5a335fb...7d.exe

windows7-x64

7

81c5a335fb...7d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 14:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    81c5a335fb05d4fba0ed441bca406ae2900cf4233215078d13e11c4991a60d7d.exe

  • Size

    484KB

  • MD5

    a784392ecae166171efce2be580994b9

  • SHA1

    356aab42ddc2c39ac8b6d97bd1cd6cc51454a1fd

  • SHA256

    81c5a335fb05d4fba0ed441bca406ae2900cf4233215078d13e11c4991a60d7d

  • SHA512

    75080dfd2ed3309d661c05aec90cc198fe7b143e83e29784659b6abadc078f7a9e21d7d59fb5ad1d0f7293e99bef2a7498e20ee3b85f95b3c2278b15dd1b69b4

  • SSDEEP

    6144:NVfjmNzz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fay7:r7+n1gL5pRTcAkS/3hzN8qE43fm78V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3556
      • C:\Users\Admin\AppData\Local\Temp\81c5a335fb05d4fba0ed441bca406ae2900cf4233215078d13e11c4991a60d7d.exe
        "C:\Users\Admin\AppData\Local\Temp\81c5a335fb05d4fba0ed441bca406ae2900cf4233215078d13e11c4991a60d7d.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4900
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a50EF.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1792
          • C:\Users\Admin\AppData\Local\Temp\81c5a335fb05d4fba0ed441bca406ae2900cf4233215078d13e11c4991a60d7d.exe
            "C:\Users\Admin\AppData\Local\Temp\81c5a335fb05d4fba0ed441bca406ae2900cf4233215078d13e11c4991a60d7d.exe"
            4⤵
            • Executes dropped EXE
            PID:2564
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3120
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1424
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1912

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
              Filesize

              251KB

              MD5

              e770780fe152866f3711e052f4fafe5c

              SHA1

              fed6ef9bc0d201409fbe1bb3cf763d0d1e8b9fbc

              SHA256

              c01618597a276e1296490c6ccd0c53620aadd4a76834a40ae291fecded00e015

              SHA512

              f065fd7eb89bef83034da67827730c26d622964b03af5365fa8996c4ffb1e5ebbeb1781dc2c883a839bbb8e9143c79579ea21c07d1081903cafa9f2679479f06

              Download Submit

            • C:\Program Files\7-Zip\7z.exe
              Filesize

              570KB

              MD5

              97bc52929799b5d95007b4c8a8e57458

              SHA1

              58eda14ec7075737102def770e67c6767143567d

              SHA256

              ae6a019685e60240430a6e30fe7bdb609a006e821c0ade792af0623095e4c45e

              SHA512

              39bce5fd58ea31c2c8614a4458b24520062b85bc119733d0d9b79beaf5c6564ba49bb9a43a8eb9404fb268deeecd3dcea721d5491c841039bf3a475f38674f9e

              Download Submit

            • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
              Filesize

              636KB

              MD5

              2500f702e2b9632127c14e4eaae5d424

              SHA1

              8726fef12958265214eeb58001c995629834b13a

              SHA256

              82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

              SHA512

              f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\$$a50EF.bat
              Filesize

              722B

              MD5

              bc10b9fae636bae2812af1383cd4225a

              SHA1

              fb9255b29de7d8701a8e76f64b527d24782caad2

              SHA256

              6c049dc05d91b30a8a8bf40884fa106ba71b3cfd623c77533f1fd48693998617

              SHA512

              1e2e4b4bd1f79e277fe2ee50f10dd78f554c38b31b5cc425b4d37bcdb47c0898715abd51b0f9b0ed497cbe3a3c6b6107b821225225a9e3eab81867a9028c965a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\81c5a335fb05d4fba0ed441bca406ae2900cf4233215078d13e11c4991a60d7d.exe.exe
              Filesize

              458KB

              MD5

              619f7135621b50fd1900ff24aade1524

              SHA1

              6c7ea8bbd435163ae3945cbef30ef6b9872a4591

              SHA256

              344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

              SHA512

              2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

              Download Submit

            • C:\Windows\Logo1_.exe
              Filesize

              26KB

              MD5

              c47e77df5617b781f89a265b25baca8a

              SHA1

              c9434690012fb690d27ef7106b37919f8e01000b

              SHA256

              f1434168c853f1ed262ed2df41ad3a0ae537dc1eb3f675e108d89729cb3d84ab

              SHA512

              d2f30b8e66490df789f8b92ff25dfe9ce242f96fbe8431d6959b845d56eb04f32044f09003cf58130bec64da46f26ceb82a1dc5f219bb891b68264868ace5000

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-4124900551-4068476067-3491212533-1000\_desktop.ini
              Filesize

              8B

              MD5

              a6f28952c332969f9e6d9f7d1a449737

              SHA1

              31c0826adb63cc03162fb9e88781f4b50da8f11b

              SHA256

              d9d875805581110dafdfb2ceb34c5e60f50fe720963f9813c287e4845248d208

              SHA512

              8187572ee8fbb9a42af34a3444be3a4309c5a798e7b1f27fce5b28b7168b72d015b1c10e611ccd3a9361af2aaeab831d2734017f77adff341c3fdb876c296eac

              Download Submit

            • memory/3120-26-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3120-32-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3120-36-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3120-19-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3120-1230-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3120-12-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3120-4796-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3120-5235-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4900-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4900-8-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download