Overview

overview

7

Static

static

3

302d1beddc...52.exe

windows7-x64

7

302d1beddc...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    302d1beddcd4a3d6bd6bb51afe7b8ed6c3277072f9d390cc8105d1e4acd90152.exe

  • Size

    3.5MB

  • MD5

    3d8bc2b291bb7396cfb6ee904880fb87

  • SHA1

    93c2b3ee8d984a5326bb0ebbac06e04999890a75

  • SHA256

    302d1beddcd4a3d6bd6bb51afe7b8ed6c3277072f9d390cc8105d1e4acd90152

  • SHA512

    d55f56f336f12d354d54f8902a2b929d7a4e5169737596ad77a351c1a6e914f3f71097a96ed3891cf6ecccbb1e3aca6f43f989a6b74721d24bf31d54bc1b6948

  • SSDEEP

    49152:A5tzuM0S2S5mLFEuVebedv9uNBb8AftK9qrO1LS9RhSq15vTNuHv/QXd9CQxM4kA:ACFk/fUqrOiOc5z

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1188
      • C:\Users\Admin\AppData\Local\Temp\302d1beddcd4a3d6bd6bb51afe7b8ed6c3277072f9d390cc8105d1e4acd90152.exe
        "C:\Users\Admin\AppData\Local\Temp\302d1beddcd4a3d6bd6bb51afe7b8ed6c3277072f9d390cc8105d1e4acd90152.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$aC072.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1916
          • C:\Users\Admin\AppData\Local\Temp\302d1beddcd4a3d6bd6bb51afe7b8ed6c3277072f9d390cc8105d1e4acd90152.exe
            "C:\Users\Admin\AppData\Local\Temp\302d1beddcd4a3d6bd6bb51afe7b8ed6c3277072f9d390cc8105d1e4acd90152.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:264
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -u -p 264 -s 128
              5⤵
              • Loads dropped DLL
              PID:2740
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2384
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2356
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2704

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        254KB

        MD5

        e07b271414d7901d4be3fef46b6234ad

        SHA1

        383c79a26054fb1d00f931222e5f7fd7cdc2987b

        SHA256

        84bb3d64de9f9a1c3b1c2359204a1986fdbe17ef226274213bb17fbf0ca2198c

        SHA512

        d989a243a0c6e0f1fa1e562f49be1263fd2d7962f289d4a0108f046ef6f2cd87b262a4b2fbd4a94be3f9e39ac656b402f8d8aa40600db3ee02b24cf0d78e08e3

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        474KB

        MD5

        6eabc463f8025a7e6e65f38cba22f126

        SHA1

        3e430ee5ec01c5509ed750b88d3473e7990dfe95

        SHA256

        cc8da3ecd355b519d81415d279ed037c725ba221bf323d250aa92ee2b2b88ca7

        SHA512

        c8fde7026ac8633403bbefee4b044457184388fb7343d8c46f5f7f272724227976bf485ea91da49e2a85dd0cfb73f260ac705d8007333dd3e5539fe5ed67e3ab

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$aC072.bat
        Filesize

        722B

        MD5

        1e14ca23babab5897333c2fe6a3e125d

        SHA1

        df9af513d1f216251fff313a37c9eea94461d874

        SHA256

        f62fb394910e5eadfa5ba75428d1ea791bc272c5e9c524a6ed55d3fce5d81af3

        SHA512

        65a9a99f421d48f702df2da5b4d6f52894744d3a0409e22f8b9fe8f6eeed84a9a9f765a08dc84809d13f511b561b47b6363b7c9b37dbba158995809782491b63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\302d1beddcd4a3d6bd6bb51afe7b8ed6c3277072f9d390cc8105d1e4acd90152.exe.exe
        Filesize

        3.4MB

        MD5

        cd53c61345139dd549495633c7195a9d

        SHA1

        2f2ea5f17f724e08f2d965e591b61e0daf310487

        SHA256

        2b2538d62a3d95caa1eaaf402dda55e9b0dc66e5a0b8f6c8fd3042550e48d56d

        SHA512

        006ea7fc9f7cb6b7312c4431ba631a528654bc5c111561cb884b165176dc70dccbb7d72e132b38ce599156df6ffa31476b69fe6dd095a3fef2f93b7ef5208124

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        11eb7f6334d62b91ca0518344bd7cfe3

        SHA1

        f287e1192de3d3d4b86b99884a6c1e5b5f8933b8

        SHA256

        3c602a45453a2ce84e2a810d5de5d83b1a99872ed761854d214f518cf819e7fa

        SHA512

        e9b7be81ce8cb8b44ec1900c033df1a31117f1aa0281b55825b93ed923d910012f93d5cf0065043e9f8b9a44fde6b5733404c4f951b69df1e0bade8f3e771ec9

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3434294380-2554721341-1919518612-1000\_desktop.ini
        Filesize

        9B

        MD5

        2efce5174bcf8d378a924333f75e26ad

        SHA1

        4fe6e1d729b55d42eb9d74aca11b36a94402de14

        SHA256

        04ccb9bec2864153c72852867d8e65dca07eca4e5edcfb4beb62cb364dcd91fa

        SHA512

        24684969632fb0562a3a7a5fec91d869d627730d8e9d83a2b17e326d7047e3fbff205eec207914e42ecd50fef68a212c19f3599ded271c00e66acc22f1f04c16

        Download Submit

      • memory/1188-34-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2384-101-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2384-36-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2384-43-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2384-49-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2384-95-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2384-1241-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2384-1878-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2384-3338-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2384-18-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2692-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2692-16-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download