Overview

overview

7

Static

static

3

f7208dcc2a...2b.exe

windows7-x64

7

f7208dcc2a...2b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 00:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7208dcc2a1781b4f96afb35ef53832c1caddff62f4057d22e978653f66a302b.exe

  • Size

    1.6MB

  • MD5

    884c0ead1c815acf853a62b95dfbcec0

  • SHA1

    1d6c935625965f1b817c427a3d3d1a6994d44220

  • SHA256

    f7208dcc2a1781b4f96afb35ef53832c1caddff62f4057d22e978653f66a302b

  • SHA512

    145decf83b5cc35c52f5629f4b25d594544b95c2ba703ca0064a31e604864706e5db6a304784f619b92a6a83655bb447566111499833b9c5944110a1a067abcb

  • SSDEEP

    49152:YKGI+vq2O0VTeBLrkhS4tYO+CRYLwzGtsv:hD+vq2O0Vg4kOOs

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3420
      • C:\Users\Admin\AppData\Local\Temp\f7208dcc2a1781b4f96afb35ef53832c1caddff62f4057d22e978653f66a302b.exe
        "C:\Users\Admin\AppData\Local\Temp\f7208dcc2a1781b4f96afb35ef53832c1caddff62f4057d22e978653f66a302b.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:552
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a349D.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1116
          • C:\Users\Admin\AppData\Local\Temp\f7208dcc2a1781b4f96afb35ef53832c1caddff62f4057d22e978653f66a302b.exe
            "C:\Users\Admin\AppData\Local\Temp\f7208dcc2a1781b4f96afb35ef53832c1caddff62f4057d22e978653f66a302b.exe"
            4⤵
            • Executes dropped EXE
            PID:612
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3364
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1156
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1900

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        8011b267fe09a0f278d728504004ebee

        SHA1

        d31cdea2d988fb6311a1aa14d7475b09e292123d

        SHA256

        7a051922d98a11c13535024ddbd6de98a596f64054925d845c96b92b0ee0bbb6

        SHA512

        4ce17a875d3f48650e1e304607886dff288a2ff0705d1a12bd2c2bb3738cf73248b27d110dd94c9f801c14529914263422b649db8bada41f386423b3f06e5233

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        2cc45aadd812f10d4b24987afd5127ec

        SHA1

        63b2a999adc0db584c63a2d8e2d28db647018542

        SHA256

        b5d9724e2ce48ef1aeee88f7d7d56c27003282aac83718510ef9d70bbc3fd416

        SHA512

        81b81cd547909c20b03e2b8b25a7b9fe1eefbdb52dd0a7c1c42d1c698f3ede1b152b0d71d3c6933ab901e0023d8bd983b3bf6a263ac2b9d5fa3f3073a1d53fbd

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        f1a31b2ce27caa12b0c83698d2266dbe

        SHA1

        41d0f0731185588db910853ce965e677bd2e53e5

        SHA256

        c013780783b3c6105da7ffd4b46452fadec0336c22a310fc20a3b67778855105

        SHA512

        a12d12be843f39c38bc6e596c08760744bf07f4a06636a592a883989ec4467b76b9ca6b859bfd997a9d6cb85e3abbac82729e71ea989df9d3ba065e740e12206

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a349D.bat
        Filesize

        722B

        MD5

        cebb44a926989ac518aee7e39b20b01c

        SHA1

        ec17a0f9e7fe0b091a2f36dcfa2fcf174fd1c1b4

        SHA256

        b3176183383a7515aac3e2430ffc5da69f5735cfcdb5f75bbd8e7c4c0766a2d2

        SHA512

        84a62b5c21cd1a9ca692ca477e245a273f5ae0eb25d7d4bde2b7655b067daedbc3cc01d21edcf2937cd6c870c7ea30879cc60cfda84ee35bf9255a460186caff

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\f7208dcc2a1781b4f96afb35ef53832c1caddff62f4057d22e978653f66a302b.exe.exe
        Filesize

        1.5MB

        MD5

        b2b5b6682dd5150cb57d31db870eef3b

        SHA1

        7f44ed3f081152a3f04a477e110efa78e9ade696

        SHA256

        c43fb747dfec79ac87b051c7ece996bdb5ecfb2b7b9c9e07f8bcc0e3dd491dff

        SHA512

        2bd23181199659e7c719238b87502d7937d9ffc5043b04b4994a300488040dffaa886fe16468e8a8f6073aaa63a3c24c10f15f333794412d2ac965569de6f50a

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        88cfadddb80942ffda91f38ea73566cd

        SHA1

        6b48836f549c73aa2951d183289d375bcf62ed86

        SHA256

        df77ecc6b413be28d481ddb8ab55679be93772fe8e25f0b06ce7737a2d8ab5e6

        SHA512

        a3e0cfd7f3e2f1c1c2fedf3a17d93cfbe75d159fa8a4121d70473b215e4aa2091ee5fc3f2bba6ea68179bf881b5a4e0bc4523fcbf5ba935f5349a1b9ee5977a4

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2080292272-204036150-2159171770-1000\_desktop.ini
        Filesize

        9B

        MD5

        4f2460b507685f7d7bfe6393f335f1c9

        SHA1

        378d42f114b1515872e58de6662373af31ab8c7b

        SHA256

        47a22297ce31d17b0f37251ce63cf2eb146700451caab6dd0aa710d2526c8e42

        SHA512

        75dcca6b81ac47511b847a5c35be4bddbee425436f7bfd1347115e18b84f52a16a5c517bda0a5f5d0a1f2541aab80d764932d8018538cb112fa3b6c9977e95eb

        Download Submit

      • memory/552-9-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/552-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3364-27-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3364-37-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3364-33-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3364-1231-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3364-20-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3364-4787-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3364-10-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3364-5226-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download