Overview

overview

7

Static

static

3

feb281475f...95.exe

windows7-x64

7

feb281475f...95.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 03:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    feb281475fd98aa8948f39311c98dbd870d64dc86dac00244431580078e13f95.exe

  • Size

    111KB

  • MD5

    1cc6153ea8be60bd8d9df6183aac722f

  • SHA1

    82fe1abde1638fa5018aae1562e7678c43392f0f

  • SHA256

    feb281475fd98aa8948f39311c98dbd870d64dc86dac00244431580078e13f95

  • SHA512

    d474f927439fb18a974b2c3425d0b3bfecc6fdc647f1c11f594ed44f4b01651a9c2015b4895ba4bc414ba94caa106cbfa0d0636dc4d066afedf1107d0d5a211f

  • SSDEEP

    1536:JLz3SHmLKarIpYj3ijlzxgOj5SybeFPly2HYaX9i+RbqcW/G57OfxIfU4+bcy5:VkF3pgyjZx5dRuPlziybqcW/G57Opz

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3500
      • C:\Users\Admin\AppData\Local\Temp\feb281475fd98aa8948f39311c98dbd870d64dc86dac00244431580078e13f95.exe
        "C:\Users\Admin\AppData\Local\Temp\feb281475fd98aa8948f39311c98dbd870d64dc86dac00244431580078e13f95.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2600
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a44AA.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3440
          • C:\Users\Admin\AppData\Local\Temp\feb281475fd98aa8948f39311c98dbd870d64dc86dac00244431580078e13f95.exe
            "C:\Users\Admin\AppData\Local\Temp\feb281475fd98aa8948f39311c98dbd870d64dc86dac00244431580078e13f95.exe"
            4⤵
            • Executes dropped EXE
            PID:4852
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3472
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:348
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1724

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        e51b1ea24d8739a33beec03e98ea799d

        SHA1

        359852502dbf1c0e6a5b42f9bd279e3a164c5059

        SHA256

        bfee2fff789c9b51161e79e8d91a226773e5dfb5deb5f8bd2eb94d6cae2d9a61

        SHA512

        04659e8f2d599e4bc36589034ca1b8639e831f2a440ff2dc3c109b73a4d5372b34a43e1a09985623e4f7fac6fd3a4fd1255b591e88cadf234cc20c18c198c10a

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        32a47ed29c8398c458d2413fad7cb02d

        SHA1

        cf8314cd4dadc50e498eaf6ee5d647a5d59ddee7

        SHA256

        3721fc1c7ffe62d4a98152134f3a299de34ff6d53748d82cab90bf3c12518abd

        SHA512

        03c34989b1f269c7d9f8106be683f208c29f42397122994e0aab13f5537ec860e8ab07a5169056cdd2e24fc55a8ca7fd2b2c90e48135e9d75dbd67a33f0812e8

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a44AA.bat
        Filesize

        722B

        MD5

        510dd7386e5f435e9d8dcf99b54b5fc3

        SHA1

        2acc468b4d07d178f02c481bda5b5ed4cc59720e

        SHA256

        bdccebb27d15b54f5550402ccbab9aeb6e8b2519ee03234b871d7d7e130c7ab5

        SHA512

        f5f3f41b8185a36872c79f3da5422fcebdc9ae89b3ce4e6005f4fd6397c8a436532172ebb6c530fbc4fc1230ecd8fec157cb0605557475e464501aab8fd446e6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\feb281475fd98aa8948f39311c98dbd870d64dc86dac00244431580078e13f95.exe.exe
        Filesize

        84KB

        MD5

        924b077cc14f879a66b377c4d6c6ae37

        SHA1

        24d45a394496277b0f927fb6ef59fb09574ed4a6

        SHA256

        37581add2e06cadb4d128f33db4e1552d5b54ddf7f8d8e7095a0a0b95a66ce31

        SHA512

        739ba3d40eb36cf64e07a923fff779c78db50aa44439d3842b02930e741a5429f48323fd176fe3abfb7e16ec9d01ba27055f429646adbd1fd53f2cf026805220

        Download Submit

      • C:\Windows\rundl132.exe
        Filesize

        27KB

        MD5

        e64ef364d16ee5080d92a0ce29745a57

        SHA1

        7cad20f8448225d876c51f447fce237435653013

        SHA256

        5bf21661082873e033505e0da51c119acaba12a6d18df121d44e6665a5a065bc

        SHA512

        f483b17532fb65a90952fc4a14492ee29109c1a69b34cfdbde19059438d14d3e42ce7e893f0c4fd794979a5055cc48613cf64486f8e27103b469100f8d1b1ff3

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-4124900551-4068476067-3491212533-1000\_desktop.ini
        Filesize

        9B

        MD5

        7905486656bdf3fb568c8ea7abf7bda1

        SHA1

        49bd27ff3dcc248ecab0f726abb60ca35dc0e78c

        SHA256

        238153572e1dcd784aa47b53eba4a41558719a908862c7b3d186928fb0237b09

        SHA512

        b981b1fd177812b877c92b63b7261d2951b98871da87c20232cb70317a68694d7f7b24cf2f01bc3db01f192b2b8b84c7569a2472204ec4e66226d1efd14c9c14

        Download Submit

      • memory/2600-13-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2600-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3472-27-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3472-37-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3472-33-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3472-1231-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3472-20-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3472-4797-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3472-12-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3472-5236-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download