Overview

overview

7

Static

static

3

96a87e5a59...6f.exe

windows7-x64

7

96a87e5a59...6f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 09:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96a87e5a59471878c9393aaee41492e0a3f24e916ea69a91a040d85b547a7d6f.exe

  • Size

    1.9MB

  • MD5

    bc52023341f5ed2c75a79d7124732755

  • SHA1

    e5d12d654b2e1970cddeb481044acda4cd1aa05a

  • SHA256

    96a87e5a59471878c9393aaee41492e0a3f24e916ea69a91a040d85b547a7d6f

  • SHA512

    d55813fe1c665f05346410c2cbe82b029754fec2f1f0e1c6e716c7fd2b6f79eff513429e7b8e0eba1e023299868f9675d0023dc25f4f4ed4019822b816fb050e

  • SSDEEP

    49152:e7CykF8G2QX7Pn5s3pq4zLqhaQcH+SKNkfogHObHBh:pPPXPGpq4z3Jowm

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3464
      • C:\Users\Admin\AppData\Local\Temp\96a87e5a59471878c9393aaee41492e0a3f24e916ea69a91a040d85b547a7d6f.exe
        "C:\Users\Admin\AppData\Local\Temp\96a87e5a59471878c9393aaee41492e0a3f24e916ea69a91a040d85b547a7d6f.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4368
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA95F.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4240
          • C:\Users\Admin\AppData\Local\Temp\96a87e5a59471878c9393aaee41492e0a3f24e916ea69a91a040d85b547a7d6f.exe
            "C:\Users\Admin\AppData\Local\Temp\96a87e5a59471878c9393aaee41492e0a3f24e916ea69a91a040d85b547a7d6f.exe"
            4⤵
            • Executes dropped EXE
            PID:3356
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:860
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:956
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1404

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        244KB

        MD5

        9ed1ccd53a2f8e9848fce321a3cb53b7

        SHA1

        ad77810c007ed871918cb3003860b3d7a68ca6c7

        SHA256

        4ede9a6e59db87d0b3906c9823b934efcbcce49647eba70fda373fcf5dad655d

        SHA512

        9b70ee018029338b11164d84ed03326425c95968d2004a12f9642fb6bc66a7cc71a5770724c300ca512f64473c49cf188aae31766ecadb9163d1819f190c083e

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        570KB

        MD5

        f5e9f7c0128b7bfac99570cb050adb18

        SHA1

        32d302103d0f6a0738c1a94b92259d8e1d1be83f

        SHA256

        df9edd39a64fd1368e586845605b0e5f609345d560f554786be68d5ed2c33c24

        SHA512

        b2f3e312fef4832ac746209eec01f0f8b3d22eefa2a5af454d66205ff43ed1030cda2681a84a3752801eec07d4894a663deccdd56fb1601c168dbe7ee913b1cc

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        636KB

        MD5

        2500f702e2b9632127c14e4eaae5d424

        SHA1

        8726fef12958265214eeb58001c995629834b13a

        SHA256

        82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

        SHA512

        f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$aA95F.bat
        Filesize

        722B

        MD5

        693cf8064a9489dc28fc2e10b53598aa

        SHA1

        49876543a020cdfe16b5dfa9ae6fd715e30f4443

        SHA256

        06843567e3bda8f9e3e8da74cd53af1b7a892441074d1419c1fd985102e1ceba

        SHA512

        6778043d236e283da8abd6bd1f3de55568ef26f94a106018c927a45d30d15e1077fe1064f12c5f48f7ecb51a13fc32dd217e9cc0567e7d6f84e05d89561fa8dc

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\96a87e5a59471878c9393aaee41492e0a3f24e916ea69a91a040d85b547a7d6f.exe.exe
        Filesize

        1.9MB

        MD5

        e7e595a4fcd9497e31f5b3b135d7dd26

        SHA1

        1bc4f303be1162dddd41e1afdb56ed3198231b41

        SHA256

        fa1d1214ed911fbc14b20f105dc55a645f609fe079692f387837fecb67b38809

        SHA512

        0cf7462f70a4afc41f6335918d3dcc5f417f2de2441ceb24fc1a67ebd95d9441422db337d1731681ca950ce176c9b1f45d18997d58d8f0a024ed59129cb5da6f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\FEAC1E.tmp
        Filesize

        226B

        MD5

        fd7cf2bf9f0325f6612a029a49d61b6d

        SHA1

        82a2057e0c900b2e676934e11266fb592cb2e910

        SHA256

        6cf1713125461643cf6e8db0cae4cbeda7a588729823b9e9e6443a72947cbe45

        SHA512

        c569c547a5b69cd869f0f5a564aa6b112d4a815c35f5c81a3a9e5d7ce2d8765ef588eedfa177e8cb9bf4fadb653777281b08df152d286902a2344f5fbdf0da96

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        26KB

        MD5

        0b6cf88ce61714693670682b1f57024c

        SHA1

        b5b27f593b709b4f997bc0ba1fd60c6bf84fd4f9

        SHA256

        e55deb2f60014f01c2995d33d4b3e5f2049147c19d617ff2ae16b66ed281b4fa

        SHA512

        d88e7676961dccf99206dd57a97d4dff62b9081b42d57f6014f52754f795091ce74ccfe2d14ad5ca991fc98682ab4ad687b50f2d7e1dbca627bf523ffd578b73

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2990742725-2267136959-192470804-1000\_desktop.ini
        Filesize

        9B

        MD5

        1368e4d784ef82633de86fa6bc6e37f9

        SHA1

        77c7384e886b27647bb4f2fd364e7947e7b6abc6

        SHA256

        57507bed6cf91d70e66bd4cc287634889ef30b648cb7c44a4edec0e2cb68b772

        SHA512

        3cb7168e776eb564768e30eba43174014a85108ab306a7c07a1522fb42173c381a5bff9ac10944fd345dd5308061cbe2878c60d1e878f8768281c1adcf5dd85b

        Download Submit

      • memory/860-4828-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/860-5275-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/860-9-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/860-44-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/860-52-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/860-58-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/860-36-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/860-146-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/860-1258-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3356-19-0x0000000000400000-0x000000000041B000-memory.dmp

        Filesize

        108KB

        Download

      • memory/3356-37-0x0000000000400000-0x000000000041B000-memory.dmp

        Filesize

        108KB

        Download

      • memory/4368-11-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4368-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download