Overview

overview

8

Static

static

3

dccb86908d...24.exe

windows7-x64

8

dccb86908d...24.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    37s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 06:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dccb86908dcab8820066cdb26cf5753339e951bb79e20f006e1d41ef6e1b0c24.exe

  • Size

    717KB

  • MD5

    9d919498b79e410af4417a8952d03edb

  • SHA1

    8738f2a69414956a45225b025caa765533a116f8

  • SHA256

    dccb86908dcab8820066cdb26cf5753339e951bb79e20f006e1d41ef6e1b0c24

  • SHA512

    db0d94bc80a079d996d4e7164300c72f7d730f9f4d9f90a6db2ef7f6990c8ec51de45ac08ffd2ab249fd3046641cc4663ab6c6099f848a3cd42e79e087c8ad83

  • SSDEEP

    12288:s3WFjJfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:s3M9LOS2opPIXV

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3380
      • C:\Users\Admin\AppData\Local\Temp\dccb86908dcab8820066cdb26cf5753339e951bb79e20f006e1d41ef6e1b0c24.exe
        "C:\Users\Admin\AppData\Local\Temp\dccb86908dcab8820066cdb26cf5753339e951bb79e20f006e1d41ef6e1b0c24.exe"
        2⤵
        • Drops file in Drivers directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2836
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1168
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:2460
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a46AE.bat
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1880
            • C:\Users\Admin\AppData\Local\Temp\dccb86908dcab8820066cdb26cf5753339e951bb79e20f006e1d41ef6e1b0c24.exe
              "C:\Users\Admin\AppData\Local\Temp\dccb86908dcab8820066cdb26cf5753339e951bb79e20f006e1d41ef6e1b0c24.exe"
              4⤵
              • Executes dropped EXE
              PID:5000
          • C:\Windows\Logo1_.exe
            C:\Windows\Logo1_.exe
            3⤵
            • Drops file in Drivers directory
            • Executes dropped EXE
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3692
            • C:\Windows\SysWOW64\net.exe
              net stop "Kingsoft AntiVirus Service"
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:3612
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                5⤵
                  PID:4908
              • C:\Windows\SysWOW64\net.exe
                net stop "Kingsoft AntiVirus Service"
                4⤵
                • Suspicious use of WriteProcessMemory
                PID:1776
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                  5⤵
                    PID:1652

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Program Files\7-Zip\7z.exe
                  Filesize

                  577KB

                  MD5

                  24a54e5a8b08de768006bb3f5732c1b1

                  SHA1

                  634cd65e9c79dd7de31507fe09a534aa4f56a629

                  SHA256

                  0f9db79f6407c41ac763b1ad49f656521ac63d4868b474e2d54e597e0eac2698

                  SHA512

                  a9972f7cb7009ea2fa9730c5dfe19ceea6489b0fb950e31f1463629e01c6f1d0ba7105629b90f2c6e47a57739825045e1716a6d8097093db132199834f67d48f

                  Download Submit

                • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
                  Filesize

                  644KB

                  MD5

                  5f3e0c481a5b3ae08bd3f68d796e57c5

                  SHA1

                  0500e07056a4780b8ab1ad5ae7b302d73176e7b9

                  SHA256

                  c29e1871d4cdc7c671f96eee5a2961346f30617603e4eef7323f2fe4761fd38d

                  SHA512

                  2a747c3369608e0f61c79605449c250d4a4e48848a7249ecc42eb32ca7a82141cbcb51ca8de75ee739eb4ce54232759834f2225c4e0a9ecd7dd5bf721649f48d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\$$a46AE.bat
                  Filesize

                  722B

                  MD5

                  d9beedd3cdaf04770d3900d55dc06917

                  SHA1

                  fe93692cacb4a117f51f54a8ebb92d95d9195e62

                  SHA256

                  b62e7be836b0b8524bfe720901960cbb2d83adfa09a7d9c820392dfdbfd9b593

                  SHA512

                  5fdf8ba036654d1fed6dfabaac208b9eb9f41c9ad444adb21934871169de3e5f1fa8f59afe48a47ba1395f764f5d3416d07fc22c1f560c4ba7ffebaf751bf667

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\dccb86908dcab8820066cdb26cf5753339e951bb79e20f006e1d41ef6e1b0c24.exe.exe
                  Filesize

                  684KB

                  MD5

                  50f289df0c19484e970849aac4e6f977

                  SHA1

                  3dc77c8830836ab844975eb002149b66da2e10be

                  SHA256

                  b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305

                  SHA512

                  877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

                  Download Submit

                • C:\Windows\Logo1_.exe
                  Filesize

                  33KB

                  MD5

                  55782128cddbab93c461e1c6a96653f2

                  SHA1

                  8ba0b5f7c214717008142f72cfb00938fb920cbb

                  SHA256

                  d68b13c074cc5af552fa4e6ca95c9dd951da66bb83ff154766fe48df60807c5d

                  SHA512

                  83978dff5fc337edfaa0b0fd37a805d06c7864b25414e1ae200c326992451706933e50adbde042daaca75d64f4bcb7e2e17623650fdcef80e10bb8070bd2eaa3

                  Download Submit

                • C:\Windows\system32\drivers\etc\hosts
                  Filesize

                  842B

                  MD5

                  6f4adf207ef402d9ef40c6aa52ffd245

                  SHA1

                  4b05b495619c643f02e278dede8f5b1392555a57

                  SHA256

                  d9704dab05e988be3e5e7b7c020bb9814906d11bb9c31ad80d4ed1316f6bc94e

                  SHA512

                  a6306bd200a26ea78192ae5b00cc49cfab3fba025fe7233709a4e62db0f9ed60030dce22b34afe57aad86a098c9a8c44e080cedc43227cb87ef4690baec35b47

                  Download Submit

                • F:\$RECYCLE.BIN\S-1-5-21-1162180587-977231257-2194346871-1000\_desktop.ini
                  Filesize

                  8B

                  MD5

                  5db3a6182cd872eaab6e2e7df1096b6c

                  SHA1

                  3e324dd00c5b4aa1e4bc5176310a642cefbc8c2a

                  SHA256

                  734417b13fb0508f286fe107625febab857319f967d8c512786c7a45f8c575bf

                  SHA512

                  2216f82eee3214ae8bcca36317dada5873b818cd0fb23ebab360998fe0a1d1108172a7ea274bd56606f632cea033f347c0913dff9f0538e99edb4641c92d8149

                  Download Submit

                • memory/2836-9-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/2836-0-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/3692-20-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/3692-12-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/3692-4685-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download

                • memory/3692-8660-0x0000000000400000-0x000000000043E000-memory.dmp

                  Filesize

                  248KB

                  Download