Overview

overview

7

Static

static

3

223c293d86...32.exe

windows7-x64

7

223c293d86...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    223c293d86ae93865814e4d9039dad00de0f7a6fc7b69987bc873519055ae132.exe

  • Size

    362KB

  • MD5

    0020bf32989a2ab878e6a005c0f9332a

  • SHA1

    990b71fa6e483fdf11c9db653293b4ea7999a5ea

  • SHA256

    223c293d86ae93865814e4d9039dad00de0f7a6fc7b69987bc873519055ae132

  • SHA512

    cfe3169127a2e3328a868189fb316282fe096964d8c1edf73e6c497ef52e15ac9df7382afd0b27e66bb7905710f3c06a87dd52b395e2a3aa5a27c5f2505d05e1

  • SSDEEP

    6144:nFp9zU66bkWmchVySqkvAH3qo0wWJC6G/SMT4FWqC:FpRU66b5zhVymA/XSRh

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3500
      • C:\Users\Admin\AppData\Local\Temp\223c293d86ae93865814e4d9039dad00de0f7a6fc7b69987bc873519055ae132.exe
        "C:\Users\Admin\AppData\Local\Temp\223c293d86ae93865814e4d9039dad00de0f7a6fc7b69987bc873519055ae132.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4080
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a884A.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2452
          • C:\Users\Admin\AppData\Local\Temp\223c293d86ae93865814e4d9039dad00de0f7a6fc7b69987bc873519055ae132.exe
            "C:\Users\Admin\AppData\Local\Temp\223c293d86ae93865814e4d9039dad00de0f7a6fc7b69987bc873519055ae132.exe"
            4⤵
            • Executes dropped EXE
            PID:4248
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4184
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:464
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:3840

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        244KB

        MD5

        61e3c8f1c9b03519456eb8a9e1a317cd

        SHA1

        7253ebbd1eda58ab9a5e6165bc4e9de582168dc9

        SHA256

        8f0f3167ef2ac1be327fe22e68f35f48e80563564cf06740da10119019885b42

        SHA512

        30fdbfef7ae623274c8bf68bd0f4295cb7d7c39c14311507b8fda68cad0410c5b014b37d74aca9c2e69a7d4da32a2103a113f3aff381b35738f0dbacd8e976dd

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        da021525debe289603e5ebd4fb2f3906

        SHA1

        9576eecd1e3a3a9a87d0dc2a6487f27a5348ed72

        SHA256

        4d920c6821edbe2fe61a5c4b414638216439d547521cd517baf38012621ee4e5

        SHA512

        a0f1b8abc4fc71feff3f532933744c74dd9171d5e5c68c0b8f16b31a1924f866eef7ff1465dbdbfa87f48276c540b73ef6f34770be77d1ec4c59d9a6fe252a75

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a884A.bat
        Filesize

        722B

        MD5

        b402d69cc85a6fb588b833ea800fb382

        SHA1

        084dc9eba098166e9c8da60fa0da6d83d8adadf4

        SHA256

        df85e6d33a38f1b0df46a612713b154744c7cce58fe3053626f3225869871c6b

        SHA512

        0225c5799e79234ecf70e014c39fedfa0bdf6293e4b640efc2e9dc2638a604e3f78aa6b73e7ee8ea5d5f7a2752fa0be9b859ed7f8e07550c89605407d884fa18

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\223c293d86ae93865814e4d9039dad00de0f7a6fc7b69987bc873519055ae132.exe.exe
        Filesize

        335KB

        MD5

        40ac62c087648ccc2c58dae066d34c98

        SHA1

        0e87efb6ddfe59e534ea9e829cad35be8563e5f7

        SHA256

        482c4c1562490e164d5f17990253373691aa5eab55a81c7f890fe9583a9ea916

        SHA512

        0c1ff13ff88409d54fee2ceb07fe65135ce2a9aa6f8da51ac0158abb2cfbb3a898ef26f476931986f1367622f21a7c0b0e742d0f4de8be6e215596b0d88c518f

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        ea017656bd9eac12b8894a56bc4ea1a3

        SHA1

        d4c793ef0db49a1dfc1795a02674140ce05cbf14

        SHA256

        bfceaabf687f4e06d6a813e4dd342f6858e5e1db3babd7c6c92e359bf662263b

        SHA512

        b63970d9b51520434a34e21451e0ad88bb7695a73acafddbb3d7d5582dcce1410e053dbfe815ffbdd5742c4124541f960bba54949f0ac4d50398b478a2687180

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1176886754-713327781-2233697964-1000\_desktop.ini
        Filesize

        9B

        MD5

        1368e4d784ef82633de86fa6bc6e37f9

        SHA1

        77c7384e886b27647bb4f2fd364e7947e7b6abc6

        SHA256

        57507bed6cf91d70e66bd4cc287634889ef30b648cb7c44a4edec0e2cb68b772

        SHA512

        3cb7168e776eb564768e30eba43174014a85108ab306a7c07a1522fb42173c381a5bff9ac10944fd345dd5308061cbe2878c60d1e878f8768281c1adcf5dd85b

        Download Submit

      • memory/4080-10-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4080-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4184-27-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4184-37-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4184-33-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4184-1233-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4184-20-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4184-4800-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4184-11-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4184-5245-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download