Overview

overview

7

Static

static

3

d31cf20cfc...4f.exe

windows7-x64

7

d31cf20cfc...4f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 18:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d31cf20cfc39a56d786c9a7b61018f21fa6d21eb64f74d52ecd9d3b39a20784f.exe

  • Size

    49KB

  • MD5

    0838281c8192753d9a24fe9f0cf8ab9a

  • SHA1

    f1996a12162c8d2318c12103ccb86a64470c4edd

  • SHA256

    d31cf20cfc39a56d786c9a7b61018f21fa6d21eb64f74d52ecd9d3b39a20784f

  • SHA512

    185a3f76215376e36b643f91e02e35c000000569f500d8fa8dd3c70ca4ea032a3018068585977fb2fe1de65909e30402fae49c99938ea9fb60725840e3039466

  • SSDEEP

    768:/bHt1u16GVRu1yK9fMnJG2V9dDClcxEAZR5wo/uDSYipCAMxkERw:THk3SHuJV9Qax5ZRuO7pAx9w

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3496
      • C:\Users\Admin\AppData\Local\Temp\d31cf20cfc39a56d786c9a7b61018f21fa6d21eb64f74d52ecd9d3b39a20784f.exe
        "C:\Users\Admin\AppData\Local\Temp\d31cf20cfc39a56d786c9a7b61018f21fa6d21eb64f74d52ecd9d3b39a20784f.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3264
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA568.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3404
          • C:\Users\Admin\AppData\Local\Temp\d31cf20cfc39a56d786c9a7b61018f21fa6d21eb64f74d52ecd9d3b39a20784f.exe
            "C:\Users\Admin\AppData\Local\Temp\d31cf20cfc39a56d786c9a7b61018f21fa6d21eb64f74d52ecd9d3b39a20784f.exe"
            4⤵
            • Executes dropped EXE
            PID:3472
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3564
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:3764
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:4204

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
              Filesize

              247KB

              MD5

              5eeeda7f94ba02d4e07771a8022d693e

              SHA1

              cb21683ef0b6a6e9f021113901292159ce2de26a

              SHA256

              f35757719cf11cac2e06e36428a23233bef75283b4173ccca04673b0d3809308

              SHA512

              c8e0a06a7b3c61dc0e77ac5e662347e6481562fae37914becf30a3de8e002f31a8be80f3b9a391381ffe517d1778cfd35f3ec7ecb58132a2c9154b5523262265

              Download Submit

            • C:\Program Files\7-Zip\7z.exe
              Filesize

              573KB

              MD5

              895af9aaa4c5655a90e89b2734573fb6

              SHA1

              8f631110513f9e73745391ad91748ae307f09c67

              SHA256

              18b1969bbe25425c55394c72bcf442625b74b537ebd521ba432ba3a4b05cd7f4

              SHA512

              7a637dc4c79c39e72badb3d4352146e545f0b1866fcede1cd94700d54b314ed33cfd751d15d51e0a49567c25f95d8eb49ab40f89ba409cba6d386630f1a02617

              Download Submit

            • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
              Filesize

              639KB

              MD5

              4ecd8fb63b7004f8913929392d741380

              SHA1

              0beda97b6a527ba300e45087ce22106b076ffa18

              SHA256

              332ad9f838dd9cd2996ad3833c9f3111d495aaa947907ef1833ed13acd5c75d2

              SHA512

              e4238c8319811cf53b90434a9b8aa8732e19c2741a77f46f81961ae8aac7f283aca9ad9dc187e8310c9ab5b0f0370665d9ef11ae2f49f9f5ae1c8101a54a1a5c

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\$$aA568.bat
              Filesize

              722B

              MD5

              2b75ca4bcfc1c972c716bcf20e61611f

              SHA1

              1eb645be3abea0baf878b6d4e3248d54df8a71f4

              SHA256

              c7fe8988a5c4f7b4b357b197d4f9ad37941e423c8b50bddd4bb27414dd25db3e

              SHA512

              3157bbc7ad4154eafe2ef9cc11bf39536dbb7e919caad991af9b478d443d1340ca4d4b07db005f4a9ed52d7b83c0f24a15d8331cc955ba30394c53f7be4572cd

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\d31cf20cfc39a56d786c9a7b61018f21fa6d21eb64f74d52ecd9d3b39a20784f.exe.exe
              Filesize

              19KB

              MD5

              a1b97bbe06c1f8dc0a8e358e85d9bdd7

              SHA1

              bd935d383c4b4f23ea7b884dbce3f442aa8d94d2

              SHA256

              5d54992bc25d5bd2dbfbf9afe4bf5250488953d8773843b1c3a8bfec8b06f5ad

              SHA512

              f8df25109ebfe709fbba8419a80ecfc9a0d8741675f1af33fc37b9bcfa8818e281d69141f1001d965072c749d2416e3b07ec0aac79b33fb7a5dc4f7347b8fc60

              Download Submit

            • C:\Windows\Logo1_.exe
              Filesize

              29KB

              MD5

              47189fc6506fa40d4be79e6bcf99417f

              SHA1

              81d9fcf6fcecb63947e25b3001772957b0a8b650

              SHA256

              401aa6acbf2597ec1ed489814395cd8dbfca84f8229e298b946500cc6e74d114

              SHA512

              f74be19bb01b6bf0326385fda2dcf898600500d1b88513f8285bba1c98f85945855e238ccafe2f77f873c716b4b6d1f8ff1b0f1cd82765e47407c63665fd09af

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-1750093773-264148664-1320403265-1000\_desktop.ini
              Filesize

              9B

              MD5

              34161716a6ca53479b632148242b943e

              SHA1

              8858557a658c16f5bd03652eff514e066d1600b8

              SHA256

              64655fa660d975efa9315df6cccb6edb310c9990826101015e68b735162a8e93

              SHA512

              a0f19a255929a439a71438d378f185d476428d7eeb6620dc8483ed838cc0ae044c5f2576a22b77856ae741a62081c9d398d154f71360e8f4b20b67af3b6283fd

              Download Submit

            • memory/3264-10-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3264-0-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3564-27-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3564-37-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3564-33-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3564-1233-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3564-20-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3564-4800-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3564-11-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3564-5245-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download