Overview

overview

7

Static

static

3

28896d0690...0N.exe

windows7-x64

7

28896d0690...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2024 23:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28896d0690948dee049186bfac97b470N.exe

  • Size

    95KB

  • MD5

    28896d0690948dee049186bfac97b470

  • SHA1

    ac3a53315db76824c93829d5d29f173e2611830e

  • SHA256

    c34db677852953ef30e2b76c17eccd5f77a9d3edf0086068f1ffe0cce7bfe820

  • SHA512

    be1c990a83bbcc95f4c27017c1ceef22116f7b44ac2929fda3c494db01419c24d0a299441f319013df241947b7c4f4e18658e94eee57659e784589717c1d35e7

  • SSDEEP

    1536:xjMqxL2Q3qOLjp01Y06JdOGZqlSmQBDtkDCr5EDZvX/xsJ:xAyLd0K/JdOStX5EDUJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28896d0690948dee049186bfac97b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\28896d0690948dee049186bfac97b470N.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4304
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB229.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:964
      • C:\Users\Admin\AppData\Local\Temp\28896d0690948dee049186bfac97b470N.exe
        "C:\Users\Admin\AppData\Local\Temp\28896d0690948dee049186bfac97b470N.exe"
        3⤵
        • Executes dropped EXE
        PID:4376
    • C:\Windows\Logo1_.exe
      C:\Windows\Logo1_.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Windows\SysWOW64\net.exe
        net stop "Kingsoft AntiVirus Service"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4892
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
          4⤵
            PID:5052

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7zG.exe
      Filesize

      750KB

      MD5

      2ed5066bb06249a3a866b05150937238

      SHA1

      ecf699b03431291a2caeeab3d19a42daac6c8f9b

      SHA256

      5671ee7d070168cc2238dd771756175e7bb9fb60d7c0f2f32c6c85988a45fbac

      SHA512

      6132363918290e912290854808ae1ecefc07d10f04445f28376bd29de8a97a753afab69192ffc10164a5ec9c8d34805d9171b715d3e279b63ba223abee0fa08f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aB229.bat
      Filesize

      536B

      MD5

      c53b691b89bb344971cdf582e1a5f83d

      SHA1

      60490d38928816a0d31dea13c1a5915a8f2bdfeb

      SHA256

      36e2b0b1dbd235ffe785081de846d41100dd2d023a4369a2ff5ceb295ac7d667

      SHA512

      10b5ca387d79fd9fe551850723a097656cace87a054e90fabce991e5c1682e3cc1dbfd5423deb5010617509c5336d71f63e62b3ae1b8d33fb687eff877599faa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\28896d0690948dee049186bfac97b470N.exe.exe
      Filesize

      29KB

      MD5

      aa8be4a43d0ca0cc8f43405e2aa2b137

      SHA1

      f01c2dc35441ca3daeb79f165d76f422582ceb66

      SHA256

      e605e6b5701a525db7001f65ebfd314abba4ad9414e478e923b3a697cf06bc77

      SHA512

      12cbf68aadcd45ecd84b700b6b0c7d836fcc6ac54b97b942b1a86f470a49a3acb77f464288ca8a6a22409ed209c48bd5479149e15fc8feb1b11386518a5cacd5

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      66KB

      MD5

      f0f079c7d04db77b32f96165a44aece1

      SHA1

      61d1fdc1d988a9b0f2e8399f84240ff5c47bb384

      SHA256

      3b9ba52ffc0e1e20761eeb921e9c046250723c132504ceed1146d378e5f19b4f

      SHA512

      c1ffee86f2a22ebe857652943ba474cf4777d8e143484e0fd025f457cf27af7d84aec61ffe976942af483d1e9ea5dbcd8b4e6831603fbdad5b709b325ff7180e

      Download Submit

    • memory/2156-14-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2156-15-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2156-17-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2156-19-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2156-144-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2156-205-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/4304-6-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/4376-12-0x000001A4573F0000-0x000001A4573FA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4376-11-0x00007FF8334D3000-0x00007FF8334D5000-memory.dmp

      Filesize

      8KB

      Download