Overview

overview

7

Static

static

3

1167428da7...0e.exe

windows7-x64

7

1167428da7...0e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1167428da7737fa1ef44c859244790b792ffcca57d5c29339f9e09aec050440e.exe

  • Size

    571KB

  • MD5

    3cce8fed97fd06f67c286ee9485e6688

  • SHA1

    7799069fa05a242fbac2ca1c6478590dc91819a3

  • SHA256

    1167428da7737fa1ef44c859244790b792ffcca57d5c29339f9e09aec050440e

  • SHA512

    aa431209d4e610dc985b0e14f5af185bb7ba5d87e51049936ac21c52c6ef4f7647a86c5354bb5c4059021a00e9a289960a18fdbf201921cf29091edf9c572bfd

  • SSDEEP

    6144:AFpnE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHQQfu:mpE7a3iwbihym2g7XO3LWUQfh4Co

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3396
      • C:\Users\Admin\AppData\Local\Temp\1167428da7737fa1ef44c859244790b792ffcca57d5c29339f9e09aec050440e.exe
        "C:\Users\Admin\AppData\Local\Temp\1167428da7737fa1ef44c859244790b792ffcca57d5c29339f9e09aec050440e.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3524
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8647.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:672
          • C:\Users\Admin\AppData\Local\Temp\1167428da7737fa1ef44c859244790b792ffcca57d5c29339f9e09aec050440e.exe
            "C:\Users\Admin\AppData\Local\Temp\1167428da7737fa1ef44c859244790b792ffcca57d5c29339f9e09aec050440e.exe"
            4⤵
            • Executes dropped EXE
            PID:3568
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4788
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1848
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:5020

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        244KB

        MD5

        ba3e211c28bb09d4f8565a5d9ad570c6

        SHA1

        47a4ccfd8eaa7e1b1016d79bd4c84a09b45aefd5

        SHA256

        3ffdf5b0f2981093c203388f8be2580d88acbed353f31ce704dbc26b0cfc7379

        SHA512

        0889a67350f92316067fe550fe41e84c0ff8fb8c6d1dc99bb9c5221c9f5f3ba59c739a1dc31be27e411455dae2218b247c32b005c052dd77b3df92b9caa71adf

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        3cce8fed97fd06f67c286ee9485e6688

        SHA1

        7799069fa05a242fbac2ca1c6478590dc91819a3

        SHA256

        1167428da7737fa1ef44c859244790b792ffcca57d5c29339f9e09aec050440e

        SHA512

        aa431209d4e610dc985b0e14f5af185bb7ba5d87e51049936ac21c52c6ef4f7647a86c5354bb5c4059021a00e9a289960a18fdbf201921cf29091edf9c572bfd

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a8647.bat
        Filesize

        722B

        MD5

        03ea1948145647985f2be20e520e64f4

        SHA1

        ab1ac3b7b047663742e1103dfe3e279570cba5a1

        SHA256

        56b391e99bbb2f69a56a2606863b57fea60dd01bc71bf0d4a77050610864c681

        SHA512

        e1ad586fa3869a54f3ddd13e305d60c5c37e08787199edbcba5721bb26ee18191441261503868a607bc4248279aa1f8024d7492ac83836d4b03505a0aa91cf18

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\1167428da7737fa1ef44c859244790b792ffcca57d5c29339f9e09aec050440e.exe.exe
        Filesize

        544KB

        MD5

        9a1dd1d96481d61934dcc2d568971d06

        SHA1

        f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

        SHA256

        8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

        SHA512

        7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        8e4e73ea27f43df84faaf0158c4e52a8

        SHA1

        4d116c437c9e3a6a8edd87d5e2dae44b20bc0a91

        SHA256

        db4e8a11d53294a8a04b522eda29921771f39c302c861e678d18cb20340d4b44

        SHA512

        52431e5e036fb8e1f85223a0ae12522e8c1e9212ea4bf3b0e4cad17a7ff1b03f82c111e7ddbabb191e8a1b9d575a37ba1360ef5963875343a8034359dd4b2518

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2636447293-1148739154-93880854-1000\_desktop.ini
        Filesize

        9B

        MD5

        76853822695e9314b90b205b5517a435

        SHA1

        de6e48d84826cfcd19abbaa1ff3daddc8d825fbf

        SHA256

        477608616359abe01b8ca52b48468a243766d1cc1569a285e6060139e5cd91d7

        SHA512

        74fec6d54ce20fe2ae6ccf59b4fdf8b36d7e03b0576e7c6633c34ae3ceb7d2a0e0e36204cb76956e306ae263a779431df59aeb175a0a56750832c71a8fe98783

        Download Submit

      • memory/3524-10-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3524-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4788-27-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4788-37-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4788-33-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4788-1234-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4788-20-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4788-4798-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4788-11-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4788-5243-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download