Overview

overview

7

Static

static

3

7038d95750...34.exe

windows7-x64

7

7038d95750...34.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 23:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe

  • Size

    2.1MB

  • MD5

    4a7c5dd30a160b6db881e48e322799a0

  • SHA1

    f0425f4952ef4a80828f99e33398d02b968d8dbb

  • SHA256

    7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434

  • SHA512

    ff192e69d45e1a1192d8d8054e2f66f1a73f4800498e24775e219643b553a36237c0a491c740b2d0244f1d7d14eeed27ea114486cbfeaeaaf232f788f8eca420

  • SSDEEP

    24576:1/0WSW6GDtO0JEKdPX0//TYJzSgXQqRNKRkZ8prUti2QwhNXqOxcS0eUK9VyxjGP:CW7Q0AWzFQqRNGpIti6XVyxCC8

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe
    "C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\$$a4C4C.bat
      2⤵
      • Deletes itself
      PID:2484
      • C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe
        "C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe"
        3⤵
        • Executes dropped EXE
        PID:2212
      • C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe
        "C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe"
        3⤵
        • Executes dropped EXE
        PID:1336
    • C:\Windows\Logo1_.exe
      C:\Windows\Logo1_.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Windows\SysWOW64\net.exe
        net stop "Kingsoft AntiVirus Service"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2360
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
          4⤵
            PID:3064

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\$$a4C4C.bat
      Filesize

      722B

      MD5

      6fc34dadaf7f969306c4244401fad334

      SHA1

      5c516d26dd0f97679b7b366aa0b453779857c2d7

      SHA256

      7f69177405d6353d200dfd150ed5069f66e3391d4ef6f0703ea6af5304d686a5

      SHA512

      a1b5799df7a237e50cc9339b5756a411f3f65266e2c91abd1fc1adc6e19ffaeb8add54aa85440955050b21442a6251526800ad0946866297f31e839295818df0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe.exe
      Filesize

      2.1MB

      MD5

      402390d994e77de56911e140161252c9

      SHA1

      ca0b8ea615c6b4397ca92d45345279ea985b503a

      SHA256

      880df0a0158b3c6077526cafca5fe9ae96a0f82b23b936fdee6e2f88a30b3e63

      SHA512

      4a8c23bb1131255c060f1be54b788971881f72225aad1fe9a3b8019298d14bf75db3fd98b7906f8a0ccb4f83ae0b6e5679915260c7b1d51491b5385d9ad96c40

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      66KB

      MD5

      a81c8cb12d60acf8c759fa71889799c6

      SHA1

      797ea1fb6f2704e56448db6ff0992d5bc322b4ad

      SHA256

      c8d74f72173f6a12145368db4df2d22522e58e06973e4360293fb6d83375079e

      SHA512

      c8ddf074f4d467e170211fbcbca12fbec25b8ebcf40c0969bc9e9130c12337e633e5d8000803c1dfccb9edd34756c8beb2af66edeb1b39905b46534e1ea9bd67

      Download Submit

    • memory/2300-60-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2300-61-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2300-63-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2300-69-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2300-71-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2300-201-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2300-278-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2484-51-0x0000000002420000-0x0000000002421000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-13-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download