Overview

overview

7

Static

static

3

b4897e55d0...48.exe

windows7-x64

7

b4897e55d0...48.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-07-2024 01:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4897e55d06a33fe6e2d9b2fa9b587d3ae1a97ea03a2b9e77719b121424c4948.exe

  • Size

    68KB

  • MD5

    94aeea7408449f314a70fd6d703f515a

  • SHA1

    7a69a1c807711cba0b449469c6c47e4d8bbb3ad2

  • SHA256

    b4897e55d06a33fe6e2d9b2fa9b587d3ae1a97ea03a2b9e77719b121424c4948

  • SHA512

    063c8ab821f97644d53844d52d5618b76c33c2e51cc46b576833c5a39c9279ad9287621bf0daba39b6cc4d79c2a1d777c776ceae48e8eac189ce8cf9466bd9c4

  • SSDEEP

    1536:r3SHmLKarIpYeEToa9D4ZQKbgZi1dst7x9PxQ:rkF3pdlZQKbgZi1St7xQ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3584
      • C:\Users\Admin\AppData\Local\Temp\b4897e55d06a33fe6e2d9b2fa9b587d3ae1a97ea03a2b9e77719b121424c4948.exe
        "C:\Users\Admin\AppData\Local\Temp\b4897e55d06a33fe6e2d9b2fa9b587d3ae1a97ea03a2b9e77719b121424c4948.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3164
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA568.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4996
          • C:\Users\Admin\AppData\Local\Temp\b4897e55d06a33fe6e2d9b2fa9b587d3ae1a97ea03a2b9e77719b121424c4948.exe
            "C:\Users\Admin\AppData\Local\Temp\b4897e55d06a33fe6e2d9b2fa9b587d3ae1a97ea03a2b9e77719b121424c4948.exe"
            4⤵
            • Executes dropped EXE
            PID:4932
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4288
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:3228
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:372

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
        Filesize

        244KB

        MD5

        9703409e5a36aa6d8fc51a2a34663f9f

        SHA1

        fc2154fd588329ecfe724a74bb293f7a5358fcb1

        SHA256

        97c319358f1d61ae3c784d44b19e1669a587702e7f73e32989855218a2970cc5

        SHA512

        977e28ed322df2ed3db1b9aa72faebb44aa6ca5aad4dd2b1e54a43188c84e4a48859531fec33be07bf6244dbd870a5ec5e1ea19f80f8d2cc35b9160caff7db98

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        571KB

        MD5

        8fe1288c6e84038384551eee40fb1fe0

        SHA1

        d623a6b95737bd4d65bae2dd26f36a27caa4a8a0

        SHA256

        d9fe4a0ce9c2b441e5cdbaeb2b1a0b5b54d52adc56be1f2e38752ee82295aac5

        SHA512

        fa55c51502ba1a306b87fc3bf9c5fb0deb20add79bdda86f968c095a00c3f8933c74129bb4a54ff2a6b97510a023930b67fa8ed36f8b98548414fc32acc12656

        Download Submit

      • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
        Filesize

        637KB

        MD5

        9cba1e86016b20490fff38fb45ff4963

        SHA1

        378720d36869d50d06e9ffeef87488fbc2a8c8f7

        SHA256

        a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

        SHA512

        2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$aA568.bat
        Filesize

        722B

        MD5

        91f71f71873665d2bf7a39bf084a583f

        SHA1

        0220e0ea7723db6b46246b6fdc6010863e98048d

        SHA256

        8e77f9852ff7f42f6a528ab1319f9820c05380ee71b825d72febc81f9ee7c64b

        SHA512

        bc11655f0743d58ccd2e1474c4f598a861602a2df8ca4037589f5750091519b2ead48b55392e162839c1e7df15b3f1179f939974053a1fffd349a0be424236b9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\b4897e55d06a33fe6e2d9b2fa9b587d3ae1a97ea03a2b9e77719b121424c4948.exe.exe
        Filesize

        41KB

        MD5

        977e405c109268909fd24a94cc23d4f0

        SHA1

        af5d032c2b6caa2164cf298e95b09060665c4188

        SHA256

        cd24c61fe7dc3896c6c928c92a2adc58fab0a3ff61ef7ddcac1ba794182ab12f

        SHA512

        12b4b59c1a8e65e72aa07ee4b6b6cd9fdedead01d5ce8e30f16ca26b5d733655e23a71c1d273a950a5b1a6cce810b696612de4a1148ac5f468ddf05d4549eed5

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        faa537da04333b1d2264b5e74336142e

        SHA1

        8ac278558286edcbe5b0648d0052dc98e148aa40

        SHA256

        9c1055873c600ca7e5e6d55aff2bc1287d91b6e7e7dd73af40175e27cdc8c131

        SHA512

        91ba1be7a655d818e3ba62c5bb1c023ce19e5105a5d1b798d9da1faf6dded3c0ea4507617ed56dbf911f2a235547f02f4ecf1fd353e0451ea0870eb6605f2dd1

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-384068567-2943195810-3631207890-1000\_desktop.ini
        Filesize

        9B

        MD5

        ece8e24737d1957fb4e94d8890ee8d02

        SHA1

        6c79bfb99f560a2102a903116f5a0c195f7885e4

        SHA256

        d920366b3c62a677cf0cf1f267a7c2f3dd693f2ff60ee023091bf9c39c5e30b8

        SHA512

        ccf58b4da1ad1379a546f307bca8dc4452a61a3cb443814f4d9566b8d8d35cc9d794ada4d1a13296ed5bc0248ba5ef538e5dc5e22861c2ead3f479beeb5c2d37

        Download Submit

      • memory/3164-11-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/3164-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-27-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-37-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-33-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-787-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-1234-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-1496-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-20-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-4785-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-9-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4288-5230-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download