Overview

overview

7

Static

static

3

3452839f96...b9.exe

windows7-x64

7

3452839f96...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 10:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3452839f96bfa8ec491ed9b48f4152ac4298a4b19f25e0850c7b91331d55c9b9.exe

  • Size

    66KB

  • MD5

    cd3489676b080a379cec3bf6858db36d

  • SHA1

    18dcb017c7742e3fb57c19c8aeb534fe8c972287

  • SHA256

    3452839f96bfa8ec491ed9b48f4152ac4298a4b19f25e0850c7b91331d55c9b9

  • SHA512

    ef5aaf8845fc05fd1a307d60751acffd75e4b05cb1ea1dd7900563f73169509e10f04af55f5f97251cfad20400eb1d23ab7cc93359685342258aeed895ed9348

  • SSDEEP

    1536:p133SHuJV9NBriw+d9bHrkT5gUHz7FxtJ:p13kuJVLBrBkfkT5xHzD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3500
      • C:\Users\Admin\AppData\Local\Temp\3452839f96bfa8ec491ed9b48f4152ac4298a4b19f25e0850c7b91331d55c9b9.exe
        "C:\Users\Admin\AppData\Local\Temp\3452839f96bfa8ec491ed9b48f4152ac4298a4b19f25e0850c7b91331d55c9b9.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1248
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA894.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1600
          • C:\Users\Admin\AppData\Local\Temp\3452839f96bfa8ec491ed9b48f4152ac4298a4b19f25e0850c7b91331d55c9b9.exe
            "C:\Users\Admin\AppData\Local\Temp\3452839f96bfa8ec491ed9b48f4152ac4298a4b19f25e0850c7b91331d55c9b9.exe"
            4⤵
            • Executes dropped EXE
            PID:4208
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:5088
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1988
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:208

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        247KB

        MD5

        63456ffdbc855be46cc9e8e226f9d50f

        SHA1

        b1753d670867fa0df69200b7b7a9458bc6c3f655

        SHA256

        d20d3c0b9d09cbce790525e9f8f1c5216edbe25ea481ef832fa9e26ec7ccd1eb

        SHA512

        69f98232745dd8241082925de6b11fefa9ea4b7d8c8011911a1fbf7de52070b502ce156333089005dd3ac90aca5a6f596a7423ee672cca9afb8ae7604a4646c0

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        52ed43afa07ae10a1ac6822ee3ca2c7d

        SHA1

        9e024747ea74f2ea73ac4cb56f0d26bc5152fa9b

        SHA256

        c57a8878a2458598ff8ebb9177e7651b070efee68ef2e42698cbeb69f1d5e585

        SHA512

        cd049c3007f3ea04b76b606deae3729b020b6fbea959719ebe8f0e5d1884567ed0af3d049a8e2ad28042583e5e3264ee8d7f728031d052fb75cf5d017134d12b

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        2a6a0566abaed25978364ba95a3f0f40

        SHA1

        5a7dfdab4c220482cdb9b4d9c3e723c4d50bd968

        SHA256

        3f6115ae7cd7c951805144c72601e3b3d9919aef99b25536784ec12968092643

        SHA512

        bb56744e286a98cb1c60d27cab644c0b4c6c1cee7f15dda485a1992eac08e31930bb1bd260c64a20dbe64b2d31be5af56b6c5268b285a564703dfc5bcec27bc9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$aA894.bat
        Filesize

        722B

        MD5

        e8e2c44c25eab16ecc5378e5a9fae19b

        SHA1

        28fdb614a88432b2413145cbbe7ae290e14de48a

        SHA256

        12240ce4ea769c903fb4a622f4ae2de53f0fc245d156c0a9ad8e0ca677cd3ed4

        SHA512

        bb621535b8e556ae14c485be9571d5b9b43a8196d2486cbe43f2d6a25bf77154d38f23b933f34a1cfe4e9d4191838597a5b12a56b70b05dd281aa0dec21e002d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\3452839f96bfa8ec491ed9b48f4152ac4298a4b19f25e0850c7b91331d55c9b9.exe.exe
        Filesize

        36KB

        MD5

        9f498971cbe636662f3d210747d619e1

        SHA1

        44b8e2732fa1e2f204fc70eaa1cb406616250085

        SHA256

        8adf6748981c3e7b62f5dbca992be6675574fffbce7673743f2d7fe787d56a41

        SHA512

        b73083c2f7b028d2946cb8f7b4fe2289fedaa4175364a2aac37db0aeff4602aede772ccc9eba7e6dcfcb7276e52604ca45d8021952201b5834485b48bca3dc93

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        2bc53fb2d52f602de7e4ec6914cdfffe

        SHA1

        fadb9859e7d69263578800e3f0731d9041e9f9ca

        SHA256

        5678bdfeea8944eef09836062eb5c91d30a04c1f129e27dc4b2d7c584fde0c46

        SHA512

        4e7f191ef905cd6cda9e262470f47d56e1bc52cfda9de984e9d97b94773294d3a644d67cef3ccccc1b1a6f64602cd639b636d62a18e68185f4d2f3ba52473d44

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2636447293-1148739154-93880854-1000\_desktop.ini
        Filesize

        9B

        MD5

        1368e4d784ef82633de86fa6bc6e37f9

        SHA1

        77c7384e886b27647bb4f2fd364e7947e7b6abc6

        SHA256

        57507bed6cf91d70e66bd4cc287634889ef30b648cb7c44a4edec0e2cb68b772

        SHA512

        3cb7168e776eb564768e30eba43174014a85108ab306a7c07a1522fb42173c381a5bff9ac10944fd345dd5308061cbe2878c60d1e878f8768281c1adcf5dd85b

        Download Submit

      • memory/1248-9-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1248-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-27-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-37-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-33-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-188-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-1234-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-1266-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-20-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-4798-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-11-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5088-5243-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download