Overview

overview

7

Static

static

3

d64ec18b2b...d4.exe

windows7-x64

7

d64ec18b2b...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d64ec18b2b044c690b88010aa18cbf5c7d0fac3842c13d87fb35d7f7773a3fd4.exe

  • Size

    189KB

  • MD5

    726630029c949f5fcab0c96fa45d7971

  • SHA1

    a4c35f19a43940bc7da3f23be1e6377caa0a34b4

  • SHA256

    d64ec18b2b044c690b88010aa18cbf5c7d0fac3842c13d87fb35d7f7773a3fd4

  • SHA512

    1594b0f2ea380c529a1dfef9e7cfa5d4a4332288fee28c6781931fd20b20b082f1efb73a70c8f261f90716b73337592f399edc394db599503d1930dd5c535b4e

  • SSDEEP

    3072:p3kuJVLvstYgr0rKBXQDqDLA7h+qfHLXrYUvZ5lDjKwnmrS:yuJKyyLA7gqHLbYUvcw

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3556
      • C:\Users\Admin\AppData\Local\Temp\d64ec18b2b044c690b88010aa18cbf5c7d0fac3842c13d87fb35d7f7773a3fd4.exe
        "C:\Users\Admin\AppData\Local\Temp\d64ec18b2b044c690b88010aa18cbf5c7d0fac3842c13d87fb35d7f7773a3fd4.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:432
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a72DE.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2900
          • C:\Users\Admin\AppData\Local\Temp\d64ec18b2b044c690b88010aa18cbf5c7d0fac3842c13d87fb35d7f7773a3fd4.exe
            "C:\Users\Admin\AppData\Local\Temp\d64ec18b2b044c690b88010aa18cbf5c7d0fac3842c13d87fb35d7f7773a3fd4.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:4068
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:60
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:752
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:392

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        8efc189ef409d8fc9b50ecd9b5ac8eeb

        SHA1

        698cf1463a88a901d5fb092a826b483dba5da96c

        SHA256

        7fbb24dc8ac6a35893df0c9e0a152aea520f1c2a366e725b7cf91a4820b3f92a

        SHA512

        b0a2cb442dd494480cebd656a60a9f64764d10448c8912302a5abef35dffd43b4209620d90c46cba202a9cdfd033010b55f9fc24b3d07466fe6f8a912c00efe2

        Download Submit

      • C:\Program Files\UnlockStop.exe
        Filesize

        384KB

        MD5

        011c58655cce7d7bbbe9a233b3caed34

        SHA1

        33b56f9896f0044204a11e8b1c389eee45f2416d

        SHA256

        49ed4a83e67b9d7f5bd57087688dba1c0d658832f516455b3213739978e9fc69

        SHA512

        24057085f902ab3d65e60a89fed4937c717ee1ce2565002006638bcb63a1cb08ac3db32579cd211d082b7acd4949af5275501aabf9d72a9607e535df0a2304bc

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        8e20cd4ac13828acae9e458cea8e8c56

        SHA1

        794cb8e8b5519214c4d4c89e9d5ff0967e224d72

        SHA256

        ed2019032918ac1a2a246a501166a13f7f2bda2f2ca354ad2db584c41c774e5c

        SHA512

        e5e6d2147fb76a7c11e738fbfacbe0b189862cdb35b7de75c82b4ed5784b90953cfda3d1052fceecf3f76a9f873b7ed052c70a4847669b7657bfce522ff907d4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a72DE.bat
        Filesize

        722B

        MD5

        749d325447032934b1adccd8a6566e81

        SHA1

        23e6144eeb859540521a6c5b20c8004e6d17ef36

        SHA256

        d6fe44a486bf6ada4bf91dbe10457c3b177d1c4d1a98ad4c382701504779eaeb

        SHA512

        fb06bca8b1a8a33c1187a7ae82721cfce9623b1b05593010105e3d5c0200c922748da87df6e73026dcdf829c9a9c2f9ef162b15049b2413661b9071fc0e53663

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\d64ec18b2b044c690b88010aa18cbf5c7d0fac3842c13d87fb35d7f7773a3fd4.exe.exe
        Filesize

        160KB

        MD5

        7d9201c6666fab8edbb2af3e4ca4ee47

        SHA1

        b6122bccb8aba048598c4aa8c52e53e65a9c3c66

        SHA256

        75b3552c152c03bde2fc97d67a0c8fb015c424c0c76e29f9014e3ecc6d202ebf

        SHA512

        e4f45fa94bf7ebacb6d9e7acebacf8c4211119159fd2c38dba27c3a9887f9259b62302f4e0c08c9ce71bd5c5d2c94ed4c1ac0ede4ff9da212fb638f900ec0baa

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        51635d48424440d252fdfcde10d87426

        SHA1

        926e15c42bdc1522844412c904f45ea47e788bb7

        SHA256

        faaf266ad8bf9a599e0fead8ddaf21c909ccfcc48daccc2349375b323364f156

        SHA512

        19f6db5d3f4ac35ad77ff06df3d15b33590cd65d9791620de95f97cf5cff7ec4860d99bef22e3c583111185455028ce712ed58f53dbec56897b48d88bdb2508d

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3642458265-1901903390-453309326-1000\_desktop.ini
        Filesize

        8B

        MD5

        ee8c783242e20d39ed0878caba7b4548

        SHA1

        1556ec263d4ec9c198a44ea2ecc3c4141ef4509b

        SHA256

        83855d38f6399f8cd40257a5d87a328d41c21e0e50ad4c91de11897e03ad4532

        SHA512

        427491089ca5aecb5f365d6adf2e5c9d18a7acf93d471a425364dc504f581f29908df9abfa0fb721e768004737d6c250804dbf27b3c9e4b87532052810318f2a

        Download Submit

      • memory/60-29-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/60-35-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/60-39-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/60-22-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/60-1230-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/60-11-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/60-4799-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/60-5252-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/432-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/432-10-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download