Overview

overview

7

Static

static

3

c5a6d1cb67...77.exe

windows7-x64

7

c5a6d1cb67...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2024 05:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5a6d1cb6730e76af46379821a8ea6f5e6c938f2fd7bdc17868b7947033ac777.exe

  • Size

    573KB

  • MD5

    2218d19e8ec1f08a6dd16bcc416fd56c

  • SHA1

    ab18c5f5fac1f808eec1f9be8d8547319b6bb260

  • SHA256

    c5a6d1cb6730e76af46379821a8ea6f5e6c938f2fd7bdc17868b7947033ac777

  • SHA512

    d1cacf456c9b145e73149f49316cb86309f4df52e21389ca3e3023b0fe89fe7d8b851e71720b09a5bea5c49e3c00a3735f2c113042047c07e096f868ade3a113

  • SSDEEP

    6144:GuJpE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHQQfu:e7a3iwbihym2g7XO3LWUQfh4Co

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3472
      • C:\Users\Admin\AppData\Local\Temp\c5a6d1cb6730e76af46379821a8ea6f5e6c938f2fd7bdc17868b7947033ac777.exe
        "C:\Users\Admin\AppData\Local\Temp\c5a6d1cb6730e76af46379821a8ea6f5e6c938f2fd7bdc17868b7947033ac777.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2784
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2B46.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1328
          • C:\Users\Admin\AppData\Local\Temp\c5a6d1cb6730e76af46379821a8ea6f5e6c938f2fd7bdc17868b7947033ac777.exe
            "C:\Users\Admin\AppData\Local\Temp\c5a6d1cb6730e76af46379821a8ea6f5e6c938f2fd7bdc17868b7947033ac777.exe"
            4⤵
            • Executes dropped EXE
            PID:3828
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3908
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:736
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4684

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        05b7be2270654a597799cbfbdd0d6df1

        SHA1

        c8a70adcf5f3973d2a897c7aab919563bab51bb4

        SHA256

        78dae7d51f5d08f5831305d07b274757e9a574e0d61e28134303066ad66d49a4

        SHA512

        1e9ee5b55d94b5ef0521f34a949056f3798d133a47b698d32d14371a5eba61e4b963b747adf57c0bd3cceea45da0d780775c5040fff7bbe8cd2b89f94871fecb

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        2218d19e8ec1f08a6dd16bcc416fd56c

        SHA1

        ab18c5f5fac1f808eec1f9be8d8547319b6bb260

        SHA256

        c5a6d1cb6730e76af46379821a8ea6f5e6c938f2fd7bdc17868b7947033ac777

        SHA512

        d1cacf456c9b145e73149f49316cb86309f4df52e21389ca3e3023b0fe89fe7d8b851e71720b09a5bea5c49e3c00a3735f2c113042047c07e096f868ade3a113

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        ad5a7e5eb1a1cdd791957e07c93748ae

        SHA1

        6e4f8c5f4d791327e11d0d68ca6f514554af8481

        SHA256

        cfee92d916fbbb95d8282c3264d3708ad1ddfdd9db4daaf00e0c96a22854c4dc

        SHA512

        a8acd191aec48dac8d5808a93ee973ea52793140e318b4d870fb10e4e8ba0756fe95654134dd1c175168375a0f7caebfd8a7d46a9b3dc71006f830b53dd9fefe

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a2B46.bat
        Filesize

        722B

        MD5

        0dc5a280b8a7ac16337bd4ee0c39f514

        SHA1

        ba19324396ed35a9d62cf6543132f79d7516d796

        SHA256

        3ee53bebc7457a8d26ef4ef438e4a0e08206ea9fbd27f3b1e39ced003eb30001

        SHA512

        1544a1f641880b92de1ff80495c7767b1600f1d6342673f4a585610097dc3001c38b6d28fa06351b7cb36b3f89f8d61ccfddf6970ba1a71d545d0b4044890dd3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\c5a6d1cb6730e76af46379821a8ea6f5e6c938f2fd7bdc17868b7947033ac777.exe.exe
        Filesize

        544KB

        MD5

        9a1dd1d96481d61934dcc2d568971d06

        SHA1

        f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

        SHA256

        8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

        SHA512

        7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        22c7dea1a191e91ba501f697394825b4

        SHA1

        1d8d251fdf060da100a1c3af90c3fa9649d6b4e0

        SHA256

        0edc5bf1d66d1927de7251028f5265b1e9195b137e9f2f309b1916476fe998d1

        SHA512

        613c45bbadd103fd8a92c6d2160dd3552d551a0123266377015ac604fac5ef985481e2b9bfb7b3108afddc16ff101d5e8b488cbe943d04fa835fc93eaf320ad2

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3906287020-2915474608-1755617787-1000\_desktop.ini
        Filesize

        8B

        MD5

        9bf5ad0e8bbf0ba1630c244358e5c6dd

        SHA1

        25918532222a7063195beeb76980b6ec9e59e19a

        SHA256

        551cc5b618f0fa78108dd2388d9136893adb10499e4836e9728f4e96530bf02f

        SHA512

        7fdce76bb191d4988d92e3d97ce8db4cae1b5c1f93198bffc4e863d324d814246353200d32ea730f83345fcb7ad82213c2bcd31351e905e473d9596bc7b43ad3

        Download Submit

      • memory/2784-13-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2784-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3908-27-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3908-37-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3908-33-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3908-1231-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3908-20-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3908-4797-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3908-8-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3908-5236-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download