Overview

overview

7

Static

static

3

2b00e68e20...00.exe

windows7-x64

7

2b00e68e20...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    102s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 19:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2b00e68e2008d557906e0a4f43aebbdd7d9ce649c9fc69416d62e02cfa183f00.exe

  • Size

    3.1MB

  • MD5

    43da24d1267639eac64824f187b857e2

  • SHA1

    fc0a70390564a556f4c0a3977a29ab4e15bc0265

  • SHA256

    2b00e68e2008d557906e0a4f43aebbdd7d9ce649c9fc69416d62e02cfa183f00

  • SHA512

    5612f92cd36690fa1e3fcadecdfda457590daf37d45090092a3409b62a0cf621c4d176369963b33400f53942826eb7da91ad705a099e24bfef6f940a883f39f5

  • SSDEEP

    49152:Wigy13TW4jFCs2pfRdO8u60N1xcdd9gVIkdqfvEAkqcPI:W3Ts21i8WN1igVIf6O

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b00e68e2008d557906e0a4f43aebbdd7d9ce649c9fc69416d62e02cfa183f00.exe
    "C:\Users\Admin\AppData\Local\Temp\2b00e68e2008d557906e0a4f43aebbdd7d9ce649c9fc69416d62e02cfa183f00.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a48D0.bat
      2⤵
        PID:1940
        • C:\Users\Admin\AppData\Local\Temp\2b00e68e2008d557906e0a4f43aebbdd7d9ce649c9fc69416d62e02cfa183f00.exe
          "C:\Users\Admin\AppData\Local\Temp\2b00e68e2008d557906e0a4f43aebbdd7d9ce649c9fc69416d62e02cfa183f00.exe"
          3⤵
          • Executes dropped EXE
          PID:4924
      • C:\Windows\Logo1_.exe
        C:\Windows\Logo1_.exe
        2⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:5092
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3992
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:3584

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\7-Zip\7zG.exe
              Filesize

              750KB

              MD5

              a7b3865ba649fd66cd830878dea6c5f2

              SHA1

              949f6d0eeff7efc6da7dc5bc1f4dd6e092bf2e2b

              SHA256

              9fbc11a841eb1249c8635be81ad70286c0db9bc84fb51e32e584c7fff33469f7

              SHA512

              1ebe25a263a61cf5156f1e7f835142fc9bc68563ca6857730c4675cbde26788b3b24378921476bfad6e8cd2c1f01f22b2de88ce901ab169e48536341c827f60a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\$$a48D0.bat
              Filesize

              722B

              MD5

              b5ae2dffe6513620b2868ab7e4d0bbe0

              SHA1

              8c2b879d2d100803a6f8aade24785bca393860e0

              SHA256

              c38c30ac1dac3cc15ca7b56944adc3addddb17e3227826d18ee34103b918e894

              SHA512

              8b83d0f8e14adf83dc4f6dc9ce3aa9f77508e4b9b59d80994baf2e751dac35f94f843bc68c3aa15203b822edc0f0e45672907c212b1d7119d97a4dc2a67d9e8e

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\2b00e68e2008d557906e0a4f43aebbdd7d9ce649c9fc69416d62e02cfa183f00.exe
              Filesize

              3.0MB

              MD5

              04e531df8ac0a7696570554ad87199da

              SHA1

              d6cf2a47536e08f1a27ed128a2d8f5288ec97e05

              SHA256

              f7aaad011fc7ed4d33e662641066e4808b42771b1228c352f3d68afa7fd0af44

              SHA512

              79e19742b537fff213b17b350b3b61c76a9ac8533707bed45224b6a72c02f9eebe351c4c8537cca1451060d8703ea2fe95da1b1a4c34fdb96b141b88237ce5b9

              Download Submit

            • C:\Windows\Logo1_.exe
              Filesize

              66KB

              MD5

              a81c8cb12d60acf8c759fa71889799c6

              SHA1

              797ea1fb6f2704e56448db6ff0992d5bc322b4ad

              SHA256

              c8d74f72173f6a12145368db4df2d22522e58e06973e4360293fb6d83375079e

              SHA512

              c8ddf074f4d467e170211fbcbca12fbec25b8ebcf40c0969bc9e9130c12337e633e5d8000803c1dfccb9edd34756c8beb2af66edeb1b39905b46534e1ea9bd67

              Download Submit

            • memory/2244-6-0x0000000000400000-0x0000000000424000-memory.dmp

              Filesize

              144KB

              Download

            • memory/5092-15-0x0000000000400000-0x0000000000424000-memory.dmp

              Filesize

              144KB

              Download

            • memory/5092-13-0x0000000000400000-0x0000000000424000-memory.dmp

              Filesize

              144KB

              Download

            • memory/5092-17-0x0000000000400000-0x0000000000424000-memory.dmp

              Filesize

              144KB

              Download

            • memory/5092-12-0x0000000000400000-0x0000000000424000-memory.dmp

              Filesize

              144KB

              Download

            • memory/5092-95-0x0000000000400000-0x0000000000424000-memory.dmp

              Filesize

              144KB

              Download

            • memory/5092-142-0x0000000000400000-0x0000000000424000-memory.dmp

              Filesize

              144KB

              Download

            • memory/5092-207-0x0000000000400000-0x0000000000424000-memory.dmp

              Filesize

              144KB

              Download

            • memory/5092-220-0x0000000000400000-0x0000000000424000-memory.dmp

              Filesize

              144KB

              Download