Overview

overview

7

Static

static

3

5db8f82fe7...e2.exe

windows7-x64

7

5db8f82fe7...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    155s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 02:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5db8f82fe70f253ee38a5e3eadaae54b84c870d742b4fd485f24ee9abfe393e2.exe

  • Size

    710KB

  • MD5

    26429c6d21c656747e6bfb417c359661

  • SHA1

    05fd0dabf6b9fc863031d13dacc51bd444694194

  • SHA256

    5db8f82fe70f253ee38a5e3eadaae54b84c870d742b4fd485f24ee9abfe393e2

  • SHA512

    3873fb3e72003cd520e39754785e650be4c3b94a00dc1652e95ed9c0acefce61e36696cb16bf2b32c6895e81c7dbe791c3f906801c58f19c30b2c6560b73f2cc

  • SSDEEP

    12288:77+IF7M9RCOr5HS2q9SelLrRsPx64XYH519ZJJn2rYTdY/mx:77ReRt4blvOBqrZuYJR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3332
      • C:\Users\Admin\AppData\Local\Temp\5db8f82fe70f253ee38a5e3eadaae54b84c870d742b4fd485f24ee9abfe393e2.exe
        "C:\Users\Admin\AppData\Local\Temp\5db8f82fe70f253ee38a5e3eadaae54b84c870d742b4fd485f24ee9abfe393e2.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3484
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8BA1.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4572
          • C:\Users\Admin\AppData\Local\Temp\5db8f82fe70f253ee38a5e3eadaae54b84c870d742b4fd485f24ee9abfe393e2.exe
            "C:\Users\Admin\AppData\Local\Temp\5db8f82fe70f253ee38a5e3eadaae54b84c870d742b4fd485f24ee9abfe393e2.exe"
            4⤵
            • Executes dropped EXE
            PID:2296
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4796
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1400
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3828
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4252 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:3648

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files\7-Zip\7z.exe
                Filesize

                570KB

                MD5

                6fc7e8d248e6f5aee09dcbe5b051b1f4

                SHA1

                9b790ebfaf6dfa44ae9795bc7930186ed35cdb99

                SHA256

                5729543393820f4b90309dd5c4b56199e25671cb8b181837190375028bfd8d3b

                SHA512

                ea3fcbf73d7d44cb30d44a82015fad0bf3ebb46a7c0cec9312909ab0751868c30b0b58e35622b5c3d45bf7251f91cd2afcc802ad85b484b21e2d1fb3f553fe36

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\$$a8BA1.bat
                Filesize

                722B

                MD5

                b3d9530c5eed8bb55239f6559f9c3da7

                SHA1

                c02b9d9c1f4160a0f0bd2565049f4a0eb6f15b7f

                SHA256

                1b23e9351864874a7441dd56bf87420f0c68e0a0469e4c0692c517961d00a4d9

                SHA512

                86907b35760a2ebdb62077678e242dd305a5c1e5a960e86c711642ab88b5e2df28b68367f91fb9f13b584844b71414e4a513ac166b23593fd71f074f2417374f

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\5db8f82fe70f253ee38a5e3eadaae54b84c870d742b4fd485f24ee9abfe393e2.exe.exe
                Filesize

                684KB

                MD5

                ed0293bc477e35dda89125b49bb84910

                SHA1

                7201fff9aaf0a437c948b8320488cdacdd9da1ee

                SHA256

                89d561f1f606b3dc7e8bbe1341fdd4eb359443885b1ab0d55f9528a9464d1a96

                SHA512

                fcd103ce684e015609bce13b4f718f5de52f2ab202da3ee69d14303205b05d790140df6e4e62087460700809bd42842b30218c94b71ce656916174d2a5eedb97

                Download Submit

              • C:\Windows\Logo1_.exe
                Filesize

                26KB

                MD5

                7efbd2fe00598632f908c56af9fa85ba

                SHA1

                af7c0515e544a6b2532b527325064fbabe937eae

                SHA256

                a605256d75cfcd8a6ac740f8f08303ba8519be9b924a3d74ad32af93f1b570d8

                SHA512

                1288dc3056685167e795de758565f7f8f41d2c2b301a35c8d84f63fbba8d46cd4ef28d8fb9b00cd9177260df50111c66829dec6cb7759f15cd87280624487679

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
                Filesize

                9B

                MD5

                60b1ffe4d5892b7ae054738eec1fd425

                SHA1

                80d4e944617f4132b1c6917345b158f3693f35c8

                SHA256

                5e9944cc48c7ec641cf7b1b0125f47f26102c371a973612f0583f604bc3900d4

                SHA512

                7f5c200924dbb5531df997e6a35cb94f36b54f5651284b0d6404f0576301125ef72b410a170fca889d46c033063663cfc7791f9e4c3c30695af069053eee66cc

                Download Submit

              • memory/2296-20-0x0000000000770000-0x0000000000771000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2296-23-0x0000000000400000-0x00000000004B1000-memory.dmp

                Filesize

                708KB

                Download

              • memory/2296-32-0x0000000000770000-0x0000000000771000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3484-10-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/3484-1-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/3484-0-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/4796-30-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/4796-22-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/4796-39-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/4796-46-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/4796-52-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/4796-11-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/4796-81-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/4796-485-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download

              • memory/4796-1031-0x0000000000400000-0x0000000000434000-memory.dmp

                Filesize

                208KB

                Download