Overview

overview

7

Static

static

3

3a70df5701...06.exe

windows7-x64

7

3a70df5701...06.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 23:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe

  • Size

    3.0MB

  • MD5

    2df06080847c440edb9dca506b20a330

  • SHA1

    9ef81f44bd467a33a14fb14cb47c6ff954765147

  • SHA256

    3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706

  • SHA512

    01eee6ed888321ad16a26f7ec910e13d1cb3836f1cd890394a5c970f44378eb3f9fa71c07198d0a8bdc7ce074f9b427c7884beeff2f9a6a31b065b7135b2ad91

  • SSDEEP

    49152:K76IGwdA0g6CupcLp0pHwjOLaUIeJSBTbJeKPTSuN0oqhedGW96oNeD:1IGH6CupcLp0pHnFSNbJ3TSW0oaW9nNe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3508
      • C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe
        "C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4416
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9CDC.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3280
          • C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe
            "C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe"
            4⤵
            • Executes dropped EXE
            PID:2764
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3696
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2896
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:1524

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
              Filesize

              244KB

              MD5

              86c431395f7a9682dbb3a9403349d55c

              SHA1

              0c164a4f0b5d2f6b840eb46f6963f49c6f749363

              SHA256

              054f5874dd3032ea612bc8981fa45545387f7793450eb408d4307368fd1b4895

              SHA512

              94c00ec6d392cf2f0cb80e0c50a2707ce555fdd638eb263ba9214158de62d66d90971aa833e05b55639ba9b7a484fae412dc7de904ac06831d35dde6149d1180

              Download Submit

            • C:\Program Files\7-Zip\7z.exe
              Filesize

              570KB

              MD5

              3de8be3db894d7c6864dd2f4ea2ccc38

              SHA1

              ae0618c70156191f38c0b2e65a733f5534acc6c2

              SHA256

              38484084c919c4f70a099da3595ae9749706e040981b03deab6bf57c21176af3

              SHA512

              0249ba7e2de03a371b9b4016f16a77a6ad598170dd5384d7f88e11f798a9884dcaf581ad0764f1d9d9c6d2a556804708267d526372c025078ef79947ccaa1622

              Download Submit

            • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
              Filesize

              636KB

              MD5

              2500f702e2b9632127c14e4eaae5d424

              SHA1

              8726fef12958265214eeb58001c995629834b13a

              SHA256

              82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

              SHA512

              f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\$$a9CDC.bat
              Filesize

              722B

              MD5

              7b623ad85c8c2431c0131fc1fbfc9cc4

              SHA1

              703fd859123d07b3600ba95780323bd4632db1ea

              SHA256

              e61fdb086fdb94529201f329ed735f6c965bb220cad4688b014b3016c7612ed6

              SHA512

              6b53d0e565c298658de8f733feaa251833a48cec386c9228b0949cc5b2a237d463e762a66ee3cc35c596eec40b50e0e671a821414e140c753211db610b958bad

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\3a70df57018badadda4deee047963884597ad22461d6ba526eb86d5c52d47706.exe.exe
              Filesize

              3.0MB

              MD5

              d9d63c77ed65a20c102e7a1a0df2b581

              SHA1

              8483bfba9e325a2c3e555bae3155e5d0e9ddcc9f

              SHA256

              c96c258af32735e1f37f64b38a5f00e6618a574e48525be1b18c3eb60f79b17d

              SHA512

              5fec2c4775bcb3615f16cd418512c873c8938d2235fd4ea40788f40327a2c8844c8c13e46aca43d85a7ada67aee299f430b49654779b44b7e0c8ead03ff7e4f3

              Download Submit

            • C:\Windows\Logo1_.exe
              Filesize

              26KB

              MD5

              66b52612270a69c70fcb753c71db38af

              SHA1

              56c10089c0cc6d1638ec3a9818411040c0684cf0

              SHA256

              bdcf0b120cbba26c70240bec100cf50964765bdbba76565d3d1ecc788ffded64

              SHA512

              9be0b6f733a1e03626ad978b057405bd894e9f8179f5292e2ae62b1e2ee337e501233f58f75bf5643e12fdb68e6e6d2a3e146ba6641a448c089cd2e153d729e8

              Download Submit

            • F:\$RECYCLE.BIN\S-1-5-21-3419463127-3903270268-2580331543-1000\_desktop.ini
              Filesize

              9B

              MD5

              5e286801abdc6ca5d3091665a72ecd7c

              SHA1

              87e0b4601ab0b05784a1059a45d72d807b0e2cbb

              SHA256

              131ccc46b756e5373dc2f2d37625bfb980a48f2f2287585da364166cf2e709b5

              SHA512

              51506d6adb68cca9e21fcddfe9672b91352cdb4f3c5b8c2da40219c73d2e7724776cd8701ff68449720c0aa398fe4f7665dabae2bd5147d42c5b6882c99f0bf1

              Download Submit

            • memory/3696-27-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3696-34-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3696-37-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3696-20-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3696-1233-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3696-4795-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3696-8-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/3696-5240-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4416-0-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download

            • memory/4416-11-0x0000000000400000-0x0000000000434000-memory.dmp

              Filesize

              208KB

              Download