Overview

overview

7

Static

static

3

cc4120d513...7e.exe

windows7-x64

7

cc4120d513...7e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-06-2024 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cc4120d513204e06bdbf98a27708f2b29c4a21b9cd1e271d56cf0c928fa6b47e.exe

  • Size

    41KB

  • MD5

    50b14eec56a0583d14fc28bb8cd22617

  • SHA1

    fc933f1b398d6d38b728f53faa65753f4c308e25

  • SHA256

    cc4120d513204e06bdbf98a27708f2b29c4a21b9cd1e271d56cf0c928fa6b47e

  • SHA512

    6301617157cb8b1277bf186a44a5b03cd8135a077434709da33dac171d4f0fe16c5127d32bff1af13b988eb6d815f36a6b6066d375534086979b65d8f38516b5

  • SSDEEP

    768:o16GVRu1yK9fMFLKaTxsujCT7pZpYIWQ3655Kv1X/qY1MSd:63SHmLKarIpYIHqaNrFd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3440
      • C:\Users\Admin\AppData\Local\Temp\cc4120d513204e06bdbf98a27708f2b29c4a21b9cd1e271d56cf0c928fa6b47e.exe
        "C:\Users\Admin\AppData\Local\Temp\cc4120d513204e06bdbf98a27708f2b29c4a21b9cd1e271d56cf0c928fa6b47e.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:708
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a50B0.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2984
          • C:\Users\Admin\AppData\Local\Temp\cc4120d513204e06bdbf98a27708f2b29c4a21b9cd1e271d56cf0c928fa6b47e.exe
            "C:\Users\Admin\AppData\Local\Temp\cc4120d513204e06bdbf98a27708f2b29c4a21b9cd1e271d56cf0c928fa6b47e.exe"
            4⤵
            • Executes dropped EXE
            PID:2776
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:372
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1380
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4372

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        766213568f0906c6e5c54b0192729e32

        SHA1

        a5521d5631cee25d1887e3b48ed1701a95e1acc4

        SHA256

        0aeb982534932cc30d4e1e205c9c8feb8d5ed1b1bbed30efef2e853fe16441d5

        SHA512

        4396605241c7f44e7192dd6077908dc575ebd62f6b02ffd7f7eef04ee908c54777a1d2e3a4e657c1bfe5cdac4d8718bc2b1244ca3a8d85f77db4fd4a60f91bbe

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        17c055fc43d16f9fe3584412dba3a94b

        SHA1

        5afe4ff7e1e1cd8b58b4fb7d6af2b4bbe5981706

        SHA256

        4850f22db0e02a363166ff5096eeb04be5fdc0895a54c0196c2c456d629601f5

        SHA512

        68753e853069602f5bd989ec1994e0ce7a765cc09bfe336fd777d2729f8b3234fb79ce07e3c07eba7dc5c45a65663a1c7eb61b3a3241b610ae6a6c12a89ea69a

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a50B0.bat
        Filesize

        722B

        MD5

        2478b6c69f818340cf8c72632b1a3e94

        SHA1

        54d6bd2c707df51c42a669c22f6da557fe3e1eb3

        SHA256

        5d61d7267954c9ad077a0f921ffec98f507ac828fa3eb550ca3effa72c33fd42

        SHA512

        7f53d418ac586ab7fb8459c66d8c2edb69008a4c6f50f1ceeafad2427b5b4343dcf8b5472f757cc2ab2b77a7a3d8bbcf36dc0dce4a1f3675a8dfd70d145806f6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\cc4120d513204e06bdbf98a27708f2b29c4a21b9cd1e271d56cf0c928fa6b47e.exe.exe
        Filesize

        14KB

        MD5

        ad782ffac62e14e2269bf1379bccbaae

        SHA1

        9539773b550e902a35764574a2be2d05bc0d8afc

        SHA256

        1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

        SHA512

        a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        c1437d8f190ee9fc118320c92f5e2110

        SHA1

        8e6dba1e7e6924669a71dc343d77bf0b3d618975

        SHA256

        58ee4de0f7c1838b8d24f47ed0611afbbf2e7026e7586b14b16291dd13df0373

        SHA512

        af658441f05633700442badbdce0c593f410c933c59b3ad82b3ee9faabf1810e1632877b69e7f03c270fd967e57dbde952fca34cbd9cb028bfb54d23f0cf2e32

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3169499791-3545231813-3156325206-1000\_desktop.ini
        Filesize

        9B

        MD5

        874f697d7c26bf1b6cc8a502b53db25d

        SHA1

        fee5430622f05615e68fd229e48f2846796c0795

        SHA256

        d9d05459bc11d078b148543de9eb14643747fbf996790dcf04d2725361251798

        SHA512

        51a722a09c79ef1d6c4a08b3a696b1ca7e34f0e1b0798edb7ebc6c9f596740d9d95c6f4228b9d5012b2472bab03b7998b751a4cbfb6c259229dd853c7fcebb2e

        Download Submit

      • memory/372-27-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/372-33-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/372-37-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/372-20-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/372-1159-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/372-1232-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/372-10-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/372-4800-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/372-5239-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/708-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/708-9-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download