Overview

overview

7

Static

static

3

024079b841...31.exe

windows7-x64

7

024079b841...31.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    024079b841aa555ce8e9a77277dc6b3b1c662d33eef662466627181274064b31.exe

  • Size

    225KB

  • MD5

    178b90dba22e60c09c0d7895414bddc8

  • SHA1

    1b36e576f9f9a3965c796602072efce9217413d7

  • SHA256

    024079b841aa555ce8e9a77277dc6b3b1c662d33eef662466627181274064b31

  • SHA512

    6cfa2c6eaabeabdf4249f2c3aae6ee0616ad479a418a2e229207e190c82ae200eb29e94c7b96582a5c83a45c6deb9530dd6799c6997daddb39f03c5f197eb0dd

  • SSDEEP

    3072:6kF3pkdeKzC/lzMPySe8DnpeIPipoHbKvXWXz9LRnsaJUS+6wPXD3fxNW7gq5yGP:vFpkdeKzC/leySe8AIqpoHbnDns1ND9m

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3536
      • C:\Users\Admin\AppData\Local\Temp\024079b841aa555ce8e9a77277dc6b3b1c662d33eef662466627181274064b31.exe
        "C:\Users\Admin\AppData\Local\Temp\024079b841aa555ce8e9a77277dc6b3b1c662d33eef662466627181274064b31.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3524
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCB3F.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2184
          • C:\Users\Admin\AppData\Local\Temp\024079b841aa555ce8e9a77277dc6b3b1c662d33eef662466627181274064b31.exe
            "C:\Users\Admin\AppData\Local\Temp\024079b841aa555ce8e9a77277dc6b3b1c662d33eef662466627181274064b31.exe"
            4⤵
            • Executes dropped EXE
            PID:2216
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:684
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4324
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2980

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        244KB

        MD5

        eaec23493749a5df2ec712eb712207f6

        SHA1

        33931eda21605b00e93252101d2980dcb1ff1c89

        SHA256

        e1b95473fc90db49074b8e3882832b71c2f82a5bdace5d7a6553139f15d5ad05

        SHA512

        e5a07dff13d1fce1754324180df5a4afec9fb9be1e04e7fd8e7e134bbfdf6a2d005c4780dce437e52764049bd406ba203b18a4b9508a19b3f1cd141915f7943c

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        a0605a6c1809cbfa47152ada585a2952

        SHA1

        b445b8e8c82392d5b25fef0e786ac5bd527dbcca

        SHA256

        d59125c4b1a2d8a48a6f777eb7f2c462c3c922f67f69a8db89f26c9527bcf38b

        SHA512

        0d4e9feef762f6caa050c97547cfa551d81154641bb4636017abfb6a86b4f11400c6c3eed7fc9e0ee07237fc9bde3ca1476236f767b6b25b147683a298e7c5f3

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$aCB3F.bat
        Filesize

        722B

        MD5

        e143a98aa2bcbccf1b13a4d3ba56b2e1

        SHA1

        bdfcddf20239f2aae26593f5c31db4cbe2dd304e

        SHA256

        f675b33dfae6d8f2de191d899a95434f575399b331162198405bd259742c9ec1

        SHA512

        9b76a5f5fb2174ab7354c25522190479431b8a3f910f66f0ac1edf42d3c00c9849285c9607f2bfa0c3e1eb601a9b34b7097c2a6b0bbe1d0ba6cbf67470d32422

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\024079b841aa555ce8e9a77277dc6b3b1c662d33eef662466627181274064b31.exe.exe
        Filesize

        198KB

        MD5

        e133c2d85cff4edd7fe8e8f0f8be6cdb

        SHA1

        b8269209ebb6fe44bc50dab35f97b0ae244701b4

        SHA256

        6c5e7d9c81a409e67c143cd3aed33bddc3967fa4c9ab3b98560b7d3bf57d093d

        SHA512

        701b7d1c7e154519d77043f7de09d60c1ff76c95f820fc1c9afca19724efb0847d646686053354156fd4e8a9dab1f29a79d3223f939a3ff1b3613770dc8603b1

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        726f6d72b00ca9473a4f8c401dc37b13

        SHA1

        ad68b653a5b92edef5e28b571413e442e6cdfa70

        SHA256

        0da42491468018cfeb62f12554ab2562e1116e086880e5afd9480c65cb4c50ea

        SHA512

        a21ff8e3d1232183ab94bace5f228ee853583832c205c4feb97eaa546dfd115158f3e29d8d7e9dc6670a9917f6d792f847d69b4d58ea8856968de772034d6af7

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1705699165-553239100-4129523827-1000\_desktop.ini
        Filesize

        9B

        MD5

        1368e4d784ef82633de86fa6bc6e37f9

        SHA1

        77c7384e886b27647bb4f2fd364e7947e7b6abc6

        SHA256

        57507bed6cf91d70e66bd4cc287634889ef30b648cb7c44a4edec0e2cb68b772

        SHA512

        3cb7168e776eb564768e30eba43174014a85108ab306a7c07a1522fb42173c381a5bff9ac10944fd345dd5308061cbe2878c60d1e878f8768281c1adcf5dd85b

        Download Submit

      • memory/684-27-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/684-33-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/684-37-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/684-20-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/684-1233-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/684-4785-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/684-13-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/684-5230-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3524-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3524-9-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download