Overview

overview

7

Static

static

3

7038d95750...34.exe

windows7-x64

7

7038d95750...34.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 23:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe

  • Size

    2.1MB

  • MD5

    4a7c5dd30a160b6db881e48e322799a0

  • SHA1

    f0425f4952ef4a80828f99e33398d02b968d8dbb

  • SHA256

    7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434

  • SHA512

    ff192e69d45e1a1192d8d8054e2f66f1a73f4800498e24775e219643b553a36237c0a491c740b2d0244f1d7d14eeed27ea114486cbfeaeaaf232f788f8eca420

  • SSDEEP

    24576:1/0WSW6GDtO0JEKdPX0//TYJzSgXQqRNKRkZ8prUti2QwhNXqOxcS0eUK9VyxjGP:CW7Q0AWzFQqRNGpIti6XVyxCC8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe
    "C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAA59.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:440
      • C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe
        "C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe"
        3⤵
        • Executes dropped EXE
        PID:1872
    • C:\Windows\Logo1_.exe
      C:\Windows\Logo1_.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3952
      • C:\Windows\SysWOW64\net.exe
        net stop "Kingsoft AntiVirus Service"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3532
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
          4⤵
            PID:1264

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7zFM.exe
      Filesize

      996KB

      MD5

      06b5415a34c6c66d99d5180d4818528e

      SHA1

      dbf4063458d1ef2fa55d8e4b6aeb7aacdd463c77

      SHA256

      42652ac809dc625f2832587499bc5fa4ddb41260bd2a221d8b4d07d656df66a9

      SHA512

      d23ac48e52bb5972d4b848a28ecd873726674924a5508a43a8030947787c17fb7737571624b762c830a3c112a0a623e43b00c22c6341df13b5838ee785a9b97b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aAA59.bat
      Filesize

      722B

      MD5

      93984bc58cb8bf3ab1b551f4f384d858

      SHA1

      99dc9d45b74f08ca6e21fa23570e7c9430601979

      SHA256

      a57d3a0cdee4fdca0165aaeea5362790197d31f37bda148a5891b11eaeafb7b0

      SHA512

      ed054fa670448d0d4bbd2413e2961aa32d34dd804cbc0ab431238b1d9976488fe80438c64690f224e2cfb550c72eb45fb7309315305f6fd116c36beb210c5672

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7038d95750239551d425d3a164392b1c1f64472aed433a7637804b0a70064434.exe.exe
      Filesize

      2.1MB

      MD5

      402390d994e77de56911e140161252c9

      SHA1

      ca0b8ea615c6b4397ca92d45345279ea985b503a

      SHA256

      880df0a0158b3c6077526cafca5fe9ae96a0f82b23b936fdee6e2f88a30b3e63

      SHA512

      4a8c23bb1131255c060f1be54b788971881f72225aad1fe9a3b8019298d14bf75db3fd98b7906f8a0ccb4f83ae0b6e5679915260c7b1d51491b5385d9ad96c40

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      66KB

      MD5

      a81c8cb12d60acf8c759fa71889799c6

      SHA1

      797ea1fb6f2704e56448db6ff0992d5bc322b4ad

      SHA256

      c8d74f72173f6a12145368db4df2d22522e58e06973e4360293fb6d83375079e

      SHA512

      c8ddf074f4d467e170211fbcbca12fbec25b8ebcf40c0969bc9e9130c12337e633e5d8000803c1dfccb9edd34756c8beb2af66edeb1b39905b46534e1ea9bd67

      Download Submit

    • memory/1404-6-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3952-12-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3952-13-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3952-15-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3952-17-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3952-142-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3952-205-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3952-217-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download