Overview

overview

7

Static

static

3

1039f1f87c...a0.exe

windows7-x64

7

1039f1f87c...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-08-2024 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1039f1f87ca63acec4ab781e75bea9704a16e3c5e2bcbfe1dd9e7807f309aaa0.exe

  • Size

    1019KB

  • MD5

    5bbc6945a17157f1c599b98ec10b355f

  • SHA1

    fa74daf9bbe2c1934b955fb2d2bfe438053f518e

  • SHA256

    1039f1f87ca63acec4ab781e75bea9704a16e3c5e2bcbfe1dd9e7807f309aaa0

  • SHA512

    0498864f9091e546007e5d122ed0103c82246dd10446c3f2b47a7f5f7e5f889f4056e1927b74936635e95be6eb96526eb2bb0542c7f751d25b54cfce6b562dfd

  • SSDEEP

    24576:comUFhNcmLFj4svqaShRsUiTfjo5ya8j8k:cCGmxj4svqaShRibza8T

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 20 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3256
      • C:\Users\Admin\AppData\Local\Temp\1039f1f87ca63acec4ab781e75bea9704a16e3c5e2bcbfe1dd9e7807f309aaa0.exe
        "C:\Users\Admin\AppData\Local\Temp\1039f1f87ca63acec4ab781e75bea9704a16e3c5e2bcbfe1dd9e7807f309aaa0.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1524
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8424.bat
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:452
          • C:\Users\Admin\AppData\Local\Temp\1039f1f87ca63acec4ab781e75bea9704a16e3c5e2bcbfe1dd9e7807f309aaa0.exe
            "C:\Users\Admin\AppData\Local\Temp\1039f1f87ca63acec4ab781e75bea9704a16e3c5e2bcbfe1dd9e7807f309aaa0.exe"
            4⤵
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:4808
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4460
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4024
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:4168

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
      Filesize

      247KB

      MD5

      3b7323809d41550af758af9000ff3092

      SHA1

      e9303c0bb8533e7b075a46a43518db6dc96a92fd

      SHA256

      407a2f7f67658e3d53ba493282c381128064b57959e1e6163ffe43c8263ab73d

      SHA512

      6a5ab7c5604a3faa5e5a99a4235b2883a69add3a180acdd2e99607a9f0bbbdc2d7420aca1baacb929e6fb0f953ef55268ee3034b67053c83cf8a991f92d4b221

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      573KB

      MD5

      8b91687d5fca693e8c9944e29d141e05

      SHA1

      5bbca3b5b9f53d43093b36a8286e42a8ca9f695e

      SHA256

      26cf174a36e7f906d641953a1b187fcd9ec03d867b5ac5ba49a35641d026149c

      SHA512

      0bb6bd176510f6cf62f2d5104dcaabd348ad782b89233c7ef7cc7014a1faf70d431944400bda8400b34cf116e96660954a483b1eeb669b0d5a9f36f3c457773e

      Download Submit

    • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
      Filesize

      639KB

      MD5

      2282a1c1dd5900e35b3cf33f6394ac04

      SHA1

      0eaf304634e4a42012d5dbc8013eb0ee41f76bb4

      SHA256

      c12c59b4c31a46e116c57085594023e89d84935ca59c895a188d6a9d4d27b5da

      SHA512

      619d756a7c43b10c825bdcffca6f3eea42feaaeeca731c781d6ba0b9095bb925b1bd40855d7ea60e93139cb8d09e0ebdd0e915c66e4a39f78169fe3dae3fbc69

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a8424.bat
      Filesize

      722B

      MD5

      0b4ef6fcb91e6ac1580247c0f7a4d367

      SHA1

      e45806ab837f2f2abca9a4db6a6ca7ba974a4c37

      SHA256

      f2d0983ed0ae8e528bbbe3f6dae5c9a2ccebf5037cd11ba54440629f492a5425

      SHA512

      8d5b90c55c732b8a66a6b9be81af8afef6ed4beed25c519bf4415250a3adcb0f36f7f6a6d7384783d62693bfbefd67c9d7908811dbadba23c70fa0515eaa33ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1039f1f87ca63acec4ab781e75bea9704a16e3c5e2bcbfe1dd9e7807f309aaa0.exe.exe
      Filesize

      990KB

      MD5

      0c45b1af9f410771bfd1740f40dc4173

      SHA1

      b896091855905e152abf260a64ebdf8b0c38aeb4

      SHA256

      3f1a80889fc13d98a26b8b6ac034d8ff4a04a5e3fe6c41c994585f5ba3e32bb2

      SHA512

      b23e2cb50ed312cb261df84a87283520079cd479ca16c19079abfce4f5ea18cbc730a191af480431f99d5a062e4b853745140d5e9d40003395f16b5867a11d5e

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      29KB

      MD5

      2c2a254f4ac4becff7c1ed95d1dfc193

      SHA1

      832200e5634e50357289652ac22084ef08089309

      SHA256

      33bef330eba567c27023e923fc3691905f377e95b42999689e93a892f64fa369

      SHA512

      f8ebfadfb39b23bdb76e3403a7d55f8dd19e64f21f81642b3fa5bdfad278e0acc79682a05edaa8d7438aa2240a9a00cc8f615edee27a86b23db9d5ae5f69657d

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-786284298-625481688-3210388970-1000\_desktop.ini
      Filesize

      8B

      MD5

      0eba530c95ed92c62635372036e559bf

      SHA1

      d24bedd9e198e4f71f8e9d0dc36351d486609337

      SHA256

      fdac71b01088c649a174d112f28b274807c720c98d39c8ea678b0832f8cd4b39

      SHA512

      7bf606115d882198ab92ff5d7f9f92f83e2e8bb4c2be9601ace2de9d7613938a56ffd51331ae22ff62b47fcc8bb54e9007a0375348a4a37b3b82e59d8ca1f3b1

      Download Submit

    • memory/1524-10-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1524-0-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4460-27-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4460-38-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4460-33-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4460-1234-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4460-20-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4460-4786-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4460-11-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4460-5231-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download