Overview

overview

7

Static

static

3

68003325a2...0N.exe

windows7-x64

7

68003325a2...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 02:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    68003325a255254edf94d093e7461720N.exe

  • Size

    411KB

  • MD5

    68003325a255254edf94d093e7461720

  • SHA1

    21675fffcbdd7442c2be581225f65cf77ad66db6

  • SHA256

    58bcc976fe54852e2cfdb309cb0facdb8779151fd2228add5765df2fdd662742

  • SHA512

    f033d7ea3b4d77eadb5a836acbfdc6911c8585332d38b69455ac9c3ada9dcbbb9155f5c4a9c9141b31d2fb15aea4e80123951f806c614b69e360d877f4aa494c

  • SSDEEP

    6144:XLZ/Jdur0RsrJ3n0dK2NP0RHx8D98WTBPW8fF8oABm1nKE:1/J8AqwKhHSDeWTRW8fdebE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68003325a255254edf94d093e7461720N.exe
    "C:\Users\Admin\AppData\Local\Temp\68003325a255254edf94d093e7461720N.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4868
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD7B3.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4520
      • C:\Users\Admin\AppData\Local\Temp\68003325a255254edf94d093e7461720N.exe
        "C:\Users\Admin\AppData\Local\Temp\68003325a255254edf94d093e7461720N.exe"
        3⤵
        • Executes dropped EXE
        PID:4948
    • C:\Windows\Logo1_.exe
      C:\Windows\Logo1_.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Windows\SysWOW64\net.exe
        net stop "Kingsoft AntiVirus Service"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4908
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
          4⤵
            PID:4932

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\7-Zip\7zG.exe
            Filesize

            750KB

            MD5

            b072e7e1e595a0e344cf35c208536f60

            SHA1

            b302bd8a085947c3ff47769904ed8503353bcd3d

            SHA256

            db7f13b6cd724b504b5ede8a9f7378ae2b5ba7008369c0cac2652019f94067dc

            SHA512

            03abf09ee51e7f7f8283869efdb1da10a088e74b62d070a5b9ed06f92003a67e037c7bfdb28bc5435e2ac4cd0a23b981b1a332da64f37f45c2b2564293221126

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\$$aD7B3.bat
            Filesize

            536B

            MD5

            87faec2b4146578076803ec900b34368

            SHA1

            10dcaa6f063281a8abe9301b197ee50d6722c5db

            SHA256

            8d7c2f54a1c1748308809c593b07174ed62e1001430600cfdf8b35f20ba9a0c3

            SHA512

            54300c9731e3685b47d722301b8dbd25ec2c65f472b72ea7247fb20fffca26576d6ed278848423537cdd1692056f7afac3e367f76ba67349c302703fcadf26a9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\68003325a255254edf94d093e7461720N.exe.exe
            Filesize

            345KB

            MD5

            6623abd95d6ca5b4e9d78570d1e531ad

            SHA1

            dd734ce4057e98af82197af22a436b3ae05e1af9

            SHA256

            db197e4e2d60b8161a5cf5c41a9d3d1d5cc694c19fe96d71e33747dd20c1d4b3

            SHA512

            77624baf530a198eeb708b5d28cd536a8314101a23e8b9570699f35d4d962f47e1537ee283efb09eabaef4cf5c0523a9388d37a64f9e926c580028454d65d45f

            Download Submit

          • C:\Windows\Logo1_.exe
            Filesize

            66KB

            MD5

            789b642be64ab66b08b88301d09cda72

            SHA1

            faf718e30daa13bdfee80744d68a271dacec136c

            SHA256

            0c96edb27bc3201ea674867fc420352106b22839445e30298f84dc0c23c344d7

            SHA512

            20fc7f6a029c0510c4e7c7a62dba25eb88b17526c6cf0c0fca4894208c8ca7f34fc92be91e23b249b861842936727a55f727ff89c4ba652aea67327210576968

            Download Submit

          • memory/2524-23-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2524-24-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2524-26-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2524-28-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2524-152-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2524-215-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/4868-6-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download