Overview

overview

7

Static

static

3

ce69f7ebec...82.exe

windows7-x64

7

ce69f7ebec...82.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 22:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe

  • Size

    85KB

  • MD5

    6e59fd3c3952e47c18275508e8c3a7ca

  • SHA1

    87874346dbd3aa0eea3ca6c9a12ed1e8fcc96f52

  • SHA256

    ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382

  • SHA512

    1b910c73da7f2f2b82bfd17aa75ef3ea9cb795a6db93340bb67de9181f34fbb38628a0e6d576336f4ace0ee96a3ba6b001f71db1f76425e5eda454890dcec43c

  • SSDEEP

    768:pBfc16GVRu1yK9fMnJG2V9dHS8EMapdwIT+lCCWxGuq8KsD5L6sKbAp3c4VvMyhC:pQ3SHuJV9N4BXguNKCOsLM4H5uw/a+q

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Program crash 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3552
      • C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe
        "C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4400
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3F2C.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4752
          • C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe
            "C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe"
            4⤵
            • Executes dropped EXE
            PID:2812
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 796
              5⤵
              • Program crash
              PID:3200
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1296
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4656
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:64
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2812 -ip 2812
        1⤵
          PID:3316

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
                Filesize

                254KB

                MD5

                e542b339816098a38ee16a176deaa93b

                SHA1

                de2fc07c7b251538956beb23b9a9ec238efd91a0

                SHA256

                2bdc58a31e8b85897d78c00f3dbe9ce524cc41481894cfa89d5c9f41f035e9b6

                SHA512

                711c2cb92dadad406fda87d71a634b9ee7fcc96d09a2e169b963e6b19cee6f6a21a07a1b517c62177fd9784cfb7aabe32f8d549172b092879a5ee1189954a377

                Download Submit

              • C:\Program Files\7-Zip\7z.exe
                Filesize

                573KB

                MD5

                6e483dbc5df277343876fe8fdfc6920a

                SHA1

                6523400cd4509cc32e10cf51878a2c2961a7d436

                SHA256

                2f0d4f2ad229e33e046cafb636c7da1065f594c238fcde892d2943e430af211d

                SHA512

                03e8f57c94b973aaa22d31fdf86b0a190e7a936a742561de6579a8fb31b67e92a6ae113a97da6f9d7c2685189b027bc64291cecbbfcd552ea78a4c1cf4cdc786

                Download Submit

              • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
                Filesize

                639KB

                MD5

                c8d281da4c32df16eef470c27c8cb459

                SHA1

                00efc9f6844bfaa37c264b6452c6a7356638ab10

                SHA256

                058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

                SHA512

                e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\$$a3F2C.bat
                Filesize

                722B

                MD5

                5c77213972c8616e06e7df69755feab1

                SHA1

                1d9f5573661773491a0d9dac40b3c55207bf98fb

                SHA256

                16c6047a055cda1a811203c6354904c3b5d401906ee3e42302dccfe43e865330

                SHA512

                9517979ac4a45e1f9be9c03e23e41199a2292ae6dcc2bfea63e7a5538e755a165c08a0677095e6a72ab64d4bfab4bee16eb0093ae4f1a503059c3c40398871ed

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe.exe
                Filesize

                56KB

                MD5

                c463b700818ce76280712996e0e76cb2

                SHA1

                8d326ff84883861b94b1695f293bcb35545b7514

                SHA256

                01281dc3fd2aa9b95e9c8af2f485365ee4ee042305216366cd3ba30dde048a99

                SHA512

                93481218c4e87b2ee99c3ed3177e07886d537c0fada4fd1b40f59afc3010812beeee9ebeb37d77cfb6b9cb4242188461b4ba9991bcb6b90db28e77a8d94e4bc6

                Download Submit

              • C:\Windows\Logo1_.exe
                Filesize

                29KB

                MD5

                523fd6c3e8adc537e86e5cba904beec7

                SHA1

                78f409b465ead7c142c1ba953f2e2ee672db3c46

                SHA256

                1e71cf4efa0319f39447c3b4de4ac944873f4fbf45e1a3a645625c95e23188b9

                SHA512

                49ef33615976771df5be42adf10651ff12b56b939d6bfbc7e0a4cf7d9896f8cd4d43071f39b399590519478c673a767e217c6ccb921a08689742be85744fe557

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-4204450073-1267028356-951339405-1000\_desktop.ini
                Filesize

                9B

                MD5

                03c36dbecb7f35761f80ba5fc5566da6

                SHA1

                159b7733006187467bda251a1bbb278c141dceb6

                SHA256

                85a53f5b976fb1c26ce14c31e93c1f68997d2d8b09ab9aa2b7e0d32b8e50ec3b

                SHA512

                fe573085d2abef34adcede2f89b1c2810875ab00ef9ba27a1d95ed1dbe93e182fc53d981901a0b8048dd4eb5fdc852b8f0e0c3a0e1a404cbbe70e13a7a14104a

                Download Submit

              • memory/1296-10-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1296-22-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1296-29-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1296-35-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1296-39-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1296-1240-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1296-4968-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/1296-5407-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2812-20-0x0000000005230000-0x00000000057D4000-memory.dmp

                Filesize

                5.6MB

                Download

              • memory/2812-18-0x000000007433E000-0x000000007433F000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2812-19-0x00000000001C0000-0x00000000001D4000-memory.dmp

                Filesize

                80KB

                Download

              • memory/4400-0-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4400-9-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download