Overview

overview

7

Static

static

3

e7ddcaba29...2f.exe

windows7-x64

7

e7ddcaba29...2f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 00:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e7ddcaba29ccc15ba902b55b9c3b99bf7a0d3998a8011befde16eecd93ea2c2f.exe

  • Size

    260KB

  • MD5

    b283549b798cc302bfa1338f179b71c2

  • SHA1

    2dbb4f91f757ad4dcb3e981dde994b3bc2c51474

  • SHA256

    e7ddcaba29ccc15ba902b55b9c3b99bf7a0d3998a8011befde16eecd93ea2c2f

  • SHA512

    dd2ead3d9937f5fbf32a1c3a623b763a71fac989169cca0e1c35900e01ad102f7904e121b8d6893db94887673620665f945a9bf25521ca2f7075b0467b8fa7ee

  • SSDEEP

    3072:TFMlkuJVFuLRkgUA1nQZwFGVO4Mqg+WDY:hMiuJXuLRp1nQ4QLd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3436
      • C:\Users\Admin\AppData\Local\Temp\e7ddcaba29ccc15ba902b55b9c3b99bf7a0d3998a8011befde16eecd93ea2c2f.exe
        "C:\Users\Admin\AppData\Local\Temp\e7ddcaba29ccc15ba902b55b9c3b99bf7a0d3998a8011befde16eecd93ea2c2f.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2352
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8A10.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1008
          • C:\Users\Admin\AppData\Local\Temp\e7ddcaba29ccc15ba902b55b9c3b99bf7a0d3998a8011befde16eecd93ea2c2f.exe
            "C:\Users\Admin\AppData\Local\Temp\e7ddcaba29ccc15ba902b55b9c3b99bf7a0d3998a8011befde16eecd93ea2c2f.exe"
            4⤵
            • Executes dropped EXE
            PID:1948
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2524
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2532
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4972

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        247KB

        MD5

        d113141a8c16955e1418802a97b0231c

        SHA1

        ea3dcbcf2eb9218f6f1d1bfe6e7191cb12299f90

        SHA256

        c4fb3b5be5b7a1ec1f1c5aa7f7a73802398c1a2c8ed1f7cc13b262c4e314556d

        SHA512

        6ca1777fdfbfdd211e2ddc053bb6244158657df5e2c7b4be3d89fc60c0d72f989b02f5e302e6c67e517fdd37dd048fdab631c1a38090f5b0a4c8f815ca458d41

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        573KB

        MD5

        6fa8ef356af564b1afa01c787498c2a8

        SHA1

        6320c7a682986d0d34762bb2c54f68f492c3aeee

        SHA256

        1a01e5f5a23ab1f3cdd96799522f39083f1611790c2db4500b9ccaba42531dbf

        SHA512

        0a6d54777b6441956e7ed998597892ea2d52449f89e4681663eb8548063b460cd4ac1b0077d1a92ac91221444bdbb85953fb2ae272bb87c302a699e038421c80

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        639KB

        MD5

        f5a0cd2b1164f9d9b88198e8afc1d237

        SHA1

        88331c129d5c42ba1d3e666742558f62575f6737

        SHA256

        ab72de50eef923f8c3ef48c7d0005d75f28974c6d0e0532c004761d2e7e547e5

        SHA512

        0e280eae13669f47f2339b0e6602cba025b9d6e1268f3e886b7102a2752d8cc860f5c074a569ae3d434677e769072df71b6bb5184122986e59691f7ae72bd179

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a8A10.bat
        Filesize

        722B

        MD5

        732bdd4db6277822f054b31ed2045643

        SHA1

        d05e4d79b7299cd39bdad3c0a0ff6561bd134aa7

        SHA256

        e22872c8599bb0a8b38a494b22669affb85cba253c6b4e93577c34ae3a23537f

        SHA512

        2043b78c3933e334c82aafb3d720753392cfd37db0ddb0a122b272d76347745d8147ef60dc88a30324757519ab2a7f52c1462c2d2b759b5e1c26c5d4ac6ea4d1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\e7ddcaba29ccc15ba902b55b9c3b99bf7a0d3998a8011befde16eecd93ea2c2f.exe.exe
        Filesize

        231KB

        MD5

        6f581a41167d2d484fcba20e6fc3c39a

        SHA1

        d48de48d24101b9baaa24f674066577e38e6b75c

        SHA256

        3eb8d53778eab9fb13b4c97aeab56e4bad2a6ea3748d342f22eaf4d7aa3185a7

        SHA512

        e1177b6cea89445d58307b3327c78909adff225497f9abb8de571cdd114b547a8f515ec3ab038b583bf752a085b231f6329d6ca82fbe6be8a58cd97a1dbaf0f6

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        c574da3c8af83a4886cf1d8a0c71c79f

        SHA1

        5dacedb189b23d7d6119d132405840b9917f12f1

        SHA256

        9d8e1eafc09fe11ec8acb7e0545f9d4a419982a085bd141236a7090fa03dcfd8

        SHA512

        3284d03dfe3840141da3d92c0a11427b3880f0405c3d4a69d87067067bcc710073e1da9585d2efc438b5f5057be94f4b0832b9891735ac1bbded1c6ac7d0d13c

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-464762018-485119342-1613148473-1000\_desktop.ini
        Filesize

        9B

        MD5

        34161716a6ca53479b632148242b943e

        SHA1

        8858557a658c16f5bd03652eff514e066d1600b8

        SHA256

        64655fa660d975efa9315df6cccb6edb310c9990826101015e68b735162a8e93

        SHA512

        a0f19a255929a439a71438d378f185d476428d7eeb6620dc8483ed838cc0ae044c5f2576a22b77856ae741a62081c9d398d154f71360e8f4b20b67af3b6283fd

        Download Submit

      • memory/2352-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2352-9-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-34-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-29-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-37-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-11-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-75-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-1234-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-27-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-4798-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-20-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2524-5247-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download