Overview

overview

7

Static

static

3

51d1acdbed...e0.exe

windows7-x64

7

51d1acdbed...e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-07-2024 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51d1acdbed7a49a84f9b295f299e1542a1b2097605fbf4e95a6037dcc25cd0e0.exe

  • Size

    315KB

  • MD5

    337347c936df99f79c92ab844abfc310

  • SHA1

    fa02390e22ec0f3af4389985d0c438b7a0aaee1a

  • SHA256

    51d1acdbed7a49a84f9b295f299e1542a1b2097605fbf4e95a6037dcc25cd0e0

  • SHA512

    2e5cc226ff4b6ca2887e87df0655377a38d530060b0169d32f6436961b920e31c7def7d3d40a4c6cae82cbb3021345cfd8074062150daa64dc76f00b3a5fa921

  • SSDEEP

    6144:2VfjmNGCAmFrmNzVzf3tYN5gPNv5+9WgSHpx3FUdXOKFNnokn:Y7+GCSVzf3i64WJJTUhO0rn

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3384
      • C:\Users\Admin\AppData\Local\Temp\51d1acdbed7a49a84f9b295f299e1542a1b2097605fbf4e95a6037dcc25cd0e0.exe
        "C:\Users\Admin\AppData\Local\Temp\51d1acdbed7a49a84f9b295f299e1542a1b2097605fbf4e95a6037dcc25cd0e0.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:208
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB15E.bat
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:432
          • C:\Users\Admin\AppData\Local\Temp\51d1acdbed7a49a84f9b295f299e1542a1b2097605fbf4e95a6037dcc25cd0e0.exe
            "C:\Users\Admin\AppData\Local\Temp\51d1acdbed7a49a84f9b295f299e1542a1b2097605fbf4e95a6037dcc25cd0e0.exe"
            4⤵
            • Executes dropped EXE
            PID:1240
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4824
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4128
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:1668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
      Filesize

      244KB

      MD5

      97a533e33765046422715a4e1dc2f203

      SHA1

      e044a853e84ba0dc3f191c7884c2797e223ca4e6

      SHA256

      77c1d1810ff974221b72cf90df1b8c028aa03660cd247ced79717079d842c246

      SHA512

      9dca0a7f943889065b79b573024cdf1d735ad4a09958d66d1c6741297377f4e285f03d876cec1e6fca62a82e0972dd656195bb41c9e631b6359346351e4a47ac

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      570KB

      MD5

      bf658abddef00daf63c11c6271194151

      SHA1

      86813f3217a43f07eb77a9b455467605ee141001

      SHA256

      93f1b6ba3ee063708bc3794c01c36747cdf52054b88656277675865818f1cf61

      SHA512

      9e176970ebbd1daae38444f5eca35aa38c1af894b8f0361d56a290631594531edf2ddff7aff4c4ec2b4cae3d656509412529ea8a25ee7b1a8f92dc5189aa71d2

      Download Submit

    • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
      Filesize

      636KB

      MD5

      2500f702e2b9632127c14e4eaae5d424

      SHA1

      8726fef12958265214eeb58001c995629834b13a

      SHA256

      82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

      SHA512

      f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aB15E.bat
      Filesize

      722B

      MD5

      5ea035f261ac4a0c93f30f1e71efba4d

      SHA1

      37f60af4cc09c6c946ba325eb6c215d75e52a1e5

      SHA256

      68c336b687fbf3d6a14bee68d9047e1de41248177145b9e638625eb4bfc681e0

      SHA512

      26b97de94655eabd74c9f05b009c1e36b1cefce1bc1718dc9f19583f49ec38bfe65d5adf6bf85812eb9cc255de5b57a1df4e4867c3027dfc5662ad4c3072dfc6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\51d1acdbed7a49a84f9b295f299e1542a1b2097605fbf4e95a6037dcc25cd0e0.exe.exe
      Filesize

      288KB

      MD5

      9bd7f6c66aeee6d240517c0dc78dff19

      SHA1

      627084a7b0900adec1be08d3f08fb01c7aaed4c2

      SHA256

      2a37971200dda9141321e7ac09681822d2b0af1935360328e96601edf963efcf

      SHA512

      a188a44f63841e13ce5b9fbac07d59bbd1772a4d8169ffccd395df36591ec9aa916b38b1f65c6bc4e3d629ae62f7e3c79879ed69ed5378381e52578b2a260195

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      26KB

      MD5

      9bdf847671dc3903890f77077bcb0901

      SHA1

      11c0c0b5032d088b270e41a2b4ef84e6dbce0903

      SHA256

      f3b0988c673f8190dd9ca5e66522f8844ec26a2abb7eaed78815a4f54f76cf64

      SHA512

      9476560001bd604b35a27b0d2f15e7e43df643831104be4669a320425a61d8b48f2d24899b7b70cbdd8107e69aa498e412632bec7876d9394c3744866d04ac43

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-1705699165-553239100-4129523827-1000\_desktop.ini
      Filesize

      9B

      MD5

      c20162cff0e529974834e150d7e6691f

      SHA1

      512e9821581354bd8078227ddf386b17e771ff38

      SHA256

      82f2070eb6138ab12ec2a1f0c3ca7b3b97db75cc19a5076ed382b017f309bdd6

      SHA512

      c2c414232ac5fc3d7ff195523c49610795d0ea4d95c69748ef9ddd4a42203ace52a7da8594cb20102743a21b6eb5bd9e7ee5915513a9c11a0db319323538d744

      Download Submit

    • memory/208-11-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/208-0-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4824-27-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4824-37-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4824-33-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4824-1233-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4824-20-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4824-4785-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4824-8-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4824-5230-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download