Overview

overview

7

Static

static

3

cc9799e73e...e2.exe

windows7-x64

7

cc9799e73e...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-06-2024 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cc9799e73e7d7378868610ead47bd9fcc8e0b7b2114fa972128f49df70c864e2.exe

  • Size

    959KB

  • MD5

    5d2d3f8ac618ff5e41745aa8493c8cf4

  • SHA1

    7b47ba7124b23f4012a94cc11e5c7b712dd85b6f

  • SHA256

    cc9799e73e7d7378868610ead47bd9fcc8e0b7b2114fa972128f49df70c864e2

  • SHA512

    2fb22c6556fd74e37ddfc49971625b46e2ad33c5857b9ded9ad74d817cac96630a6b2a1b0d4ab5ad29c1ff20da5e46a0f9c600e5c18ddc5dad0b0d3c3852f013

  • SSDEEP

    12288:kRKcv8Nh7py6Rmi78gkPH3aPI9vyVg/0paQuj3IdD02fKBjtp/:JBpDRmi78gkPXlyo0G/jr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3460
      • C:\Users\Admin\AppData\Local\Temp\cc9799e73e7d7378868610ead47bd9fcc8e0b7b2114fa972128f49df70c864e2.exe
        "C:\Users\Admin\AppData\Local\Temp\cc9799e73e7d7378868610ead47bd9fcc8e0b7b2114fa972128f49df70c864e2.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4332
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a35C5.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4808
          • C:\Users\Admin\AppData\Local\Temp\cc9799e73e7d7378868610ead47bd9fcc8e0b7b2114fa972128f49df70c864e2.exe
            "C:\Users\Admin\AppData\Local\Temp\cc9799e73e7d7378868610ead47bd9fcc8e0b7b2114fa972128f49df70c864e2.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:3568
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1040
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1292
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1620

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        1c6550eaee43182bf9e35c8b58e53ea1

        SHA1

        dcc4f985c8317236e6c80f955711ac9610e65b01

        SHA256

        5cbb1c5a14d9efec6356239f432c3771815ec861034153a4a01ddd64197362e9

        SHA512

        e2022d7d803dc67b79e245a83d011352c295f9c43b7b4fb382c8d68cbc2a729345789d08b4c91e4239a523518c53ec6a28514cd9033cdf7008083d4f329ce9f3

        Download Submit

      • C:\Program Files\FindComplete.exe
        Filesize

        256KB

        MD5

        b39776fba4b71497a74e8ff7d52e5b7b

        SHA1

        26cc92bc381c17fcd4ade9fa264c1f5ca96e2702

        SHA256

        079a96b833a83632872292eabeff8a8348fc89e9ad037f4944c783aec66b14cd

        SHA512

        d339e8d68165c7a0ec7cf5a5f7b5cc8d48db0fc83f43e9f1cdaa558ae2a9077f022aca2e3cc479b69919b7a6df18387eb70de8fccb9196dcefc5f03df1c6c57d

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        101120e6cf9fd094f14d80bad4a6dc48

        SHA1

        ee0021a8c05d9e8e70cdc35162a4b9d7d8a7bda5

        SHA256

        9594d63c4d42c1cda0de3f76c6d74d28a2fa2e0e489c59e94ce82f9b2d235ed5

        SHA512

        1b94af438081fe5d1501f5636c53405e5b0d3849b7cd4764711e62b3628ca93638e78d5097d9d81d396303ce5ceae8851ddad15cf856507a2d7796f124f49995

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a35C5.bat
        Filesize

        722B

        MD5

        05eff7ac38020b74f719e00e6f304ad5

        SHA1

        ed305869798b20f59ffd0b7297105648115b3378

        SHA256

        70d095be9821f66225e69844b351fc8d9abc2772875fa6855db39d1700294f70

        SHA512

        9d2ae4d72dc4581fd6a6ce4e974a5277671e4becbca5b31b237ecbd3504ac48ee2b32d9154740ed54929160d94c3276952ccfd814a54ad2969c4edca4c8e1085

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\cc9799e73e7d7378868610ead47bd9fcc8e0b7b2114fa972128f49df70c864e2.exe.exe
        Filesize

        930KB

        MD5

        30ac0b832d75598fb3ec37b6f2a8c86a

        SHA1

        6f47dbfd6ff36df7ba581a4cef024da527dc3046

        SHA256

        1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

        SHA512

        505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        3e905af44525ae41bac2cd0c768ff3fd

        SHA1

        5541cb5ea4e36123be9d93a63c6374ca532c3b36

        SHA256

        12ac2567f5a9c10e10d4ae42305278d2a342629a943109978ae14dc90ce8fef3

        SHA512

        e8c203087dfbdb6648ac683622940a2507735a723bc13c450ed3130704537116dc9a762a732c1daaa4d880439ce2c29b1987181a1007ff665892865194e21d93

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2080292272-204036150-2159171770-1000\_desktop.ini
        Filesize

        9B

        MD5

        f0a92d08416cb87dc153ea387c708411

        SHA1

        37c1e98506bdb3d5ea2e7fcb62bb91c9bf5b4fb1

        SHA256

        478ccf01e44e5bd446e37007b199568a73c0452e34ce917945fd820710107464

        SHA512

        1dd7d96307c01abb2985ed1d39617787563174f5b90df9786106259ea12a08bdf39662c440bdc4b3ac4f6bb499a4aaf058ed18e06ef72be5f82f01b7150ec9a5

        Download Submit

      • memory/1040-26-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1040-32-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1040-36-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1040-19-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1040-1231-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1040-10-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1040-4787-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1040-5226-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4332-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4332-8-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download