Analysis

  • max time kernel
    146s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 07:34

General

  • Target

    fda0d2a43e6cee9b4d650d7fed0a284473af5e7aa994907600889a92caf2da90.exe

  • Size

    26KB

  • MD5

    d880c45f5fdc437b2171ca08b6fe4bd7

  • SHA1

    32e2fe3f1dec04977e99f4703ec91ace6ddeb92e

  • SHA256

    fda0d2a43e6cee9b4d650d7fed0a284473af5e7aa994907600889a92caf2da90

  • SHA512

    420537ed44be11fa1364a9ade913e4e2adb5e90a8c18ad24a41159b9aefdbd246daf8f1abb562a07a44091336034a0f680bb0e444e0315b5bd853b2c6d43a9b5

  • SSDEEP

    768:B1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:XfgLdQAQfcfymN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1208
      • C:\Users\Admin\AppData\Local\Temp\fda0d2a43e6cee9b4d650d7fed0a284473af5e7aa994907600889a92caf2da90.exe
        "C:\Users\Admin\AppData\Local\Temp\fda0d2a43e6cee9b4d650d7fed0a284473af5e7aa994907600889a92caf2da90.exe"
        2⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2764
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2812
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:3064

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

        Filesize

        251KB

        MD5

        1739f92ac794136b7b005e3a65d03e22

        SHA1

        3aff88b7c7601941cba191ce2817c3bea01b834a

        SHA256

        e263b8c0eab9cbdf8a0fa5360727bdf6ed892097a0990e688de929195f63508f

        SHA512

        35d8a8b579241000bd7cca8c3ec80e3a02d4ae569c08b7fcd2b9d9c028e60954678825c2b26c0efe7fe17f2f46cc00fc839b0d542100296f71201b261a69bb85

      • C:\Program Files\7-Zip\7z.exe

        Filesize

        570KB

        MD5

        fa2dba38d9ef2621c476499e2d6c2059

        SHA1

        44f8276acbe2bd08af17506877a48e062f15a3e0

        SHA256

        62ff963fc1385639976f600a4b511b390d98fac0e3c80059f17bad8740f8208c

        SHA512

        e451a00d976d3e7b9dc88ce77baea59a4263fe124d61caa8acedaa470c69b4a5f63414f0f2f0e35d0cb77023bd513fb7a706a278bc57e9e9f9b7f8489e2286b9

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

        Filesize

        471KB

        MD5

        4cfdb20b04aa239d6f9e83084d5d0a77

        SHA1

        f22863e04cc1fd4435f785993ede165bd8245ac6

        SHA256

        30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

        SHA512

        35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

      • F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\_desktop.ini

        Filesize

        8B

        MD5

        9bf5ad0e8bbf0ba1630c244358e5c6dd

        SHA1

        25918532222a7063195beeb76980b6ec9e59e19a

        SHA256

        551cc5b618f0fa78108dd2388d9136893adb10499e4836e9728f4e96530bf02f

        SHA512

        7fdce76bb191d4988d92e3d97ce8db4cae1b5c1f93198bffc4e863d324d814246353200d32ea730f83345fcb7ad82213c2bcd31351e905e473d9596bc7b43ad3

      • memory/1208-5-0x0000000001C80000-0x0000000001C81000-memory.dmp

        Filesize

        4KB

      • memory/2764-66-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

      • memory/2764-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

      • memory/2764-72-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

      • memory/2764-20-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

      • memory/2764-155-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

      • memory/2764-1826-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

      • memory/2764-14-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

      • memory/2764-3286-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

      • memory/2764-7-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB