Overview

overview

7

Static

static

3

5b0218c413...f5.exe

windows7-x64

7

5b0218c413...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/08/2024, 06:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b0218c4131cba3b629b26ceb13d1cd8de96216508614891dd4ef5c59c69c3f5.exe

  • Size

    484KB

  • MD5

    d51e777be84a0e55ecea661a763610e9

  • SHA1

    312cf0c4b1fd8a661cb02aaded5f32d844bf5b15

  • SHA256

    5b0218c4131cba3b629b26ceb13d1cd8de96216508614891dd4ef5c59c69c3f5

  • SHA512

    4cab9f50affb77e863010b3c884606b955f8d74b8abaf749b81cc87b40588f29d0d6e4d1df42c9e57df6d5df36ae68e907857a4eae762dbc89cd038d2b7402a7

  • SSDEEP

    6144:kVfjmNOz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fay7:m7+I1gL5pRTcAkS/3hzN8qE43fm78V

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3544
      • C:\Users\Admin\AppData\Local\Temp\5b0218c4131cba3b629b26ceb13d1cd8de96216508614891dd4ef5c59c69c3f5.exe
        "C:\Users\Admin\AppData\Local\Temp\5b0218c4131cba3b629b26ceb13d1cd8de96216508614891dd4ef5c59c69c3f5.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2148
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8AFA.bat
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1752
          • C:\Users\Admin\AppData\Local\Temp\5b0218c4131cba3b629b26ceb13d1cd8de96216508614891dd4ef5c59c69c3f5.exe
            "C:\Users\Admin\AppData\Local\Temp\5b0218c4131cba3b629b26ceb13d1cd8de96216508614891dd4ef5c59c69c3f5.exe"
            4⤵
            • Executes dropped EXE
            PID:2540
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4332
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3236
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
      Filesize

      244KB

      MD5

      cfeab04ba42ff7919f34d1bac09d4a96

      SHA1

      ffd6266900a8d45596c8119bcd5dec1316301381

      SHA256

      b01ce506e7e23e8d8cf147036ce979a16076f6f90b60f880205ea0a80a57c7d3

      SHA512

      ed4e90f27581899a7a4aca155129ba2f047b28a720acf775bba48425edad223cb865f6d324708f442cf37f9e5611472c49b36d74f314b1506b6bfc59f8d5f097

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      570KB

      MD5

      b83484863064921aadf6ccef94daa024

      SHA1

      6d0b8784f49fe773cf9e0bfa1fdd75d9bc7d2c86

      SHA256

      1e8edfa7cfe12256f9bac24d467a04c7cd36dc573e1c84c72193adb6d84401df

      SHA512

      c2e52391ffbf057341324f25a6ddaa02f443b78f5a8deaf4e2848fc523924df4196112841a1566f6bfc608d00ea84797cf6ca5ee4b61d02b3c2251d7431ce03b

      Download Submit

    • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
      Filesize

      636KB

      MD5

      53ee62011469b286a2a1b5658c86b9bf

      SHA1

      9bdac0b23b0a965947c780c6a6b48fc7122f9ade

      SHA256

      7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

      SHA512

      c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a8AFA.bat
      Filesize

      722B

      MD5

      1d3c0b5b39525dd92695433bf4085bef

      SHA1

      2b97d2ba65f930756900778c8f8a6c476382eda8

      SHA256

      b1b51e35d4eef9b095533d477ac1815551fff150dd6b39f3e4807f0bb4ab51bf

      SHA512

      fbfc7e6e6cacf0b4264b5f845b4376396b3e0e68bad88b327aad64f9aad0323783036c94ba92ed113f14c06138cba196f81d09a98203d91fcdce0c76a6025f9c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\5b0218c4131cba3b629b26ceb13d1cd8de96216508614891dd4ef5c59c69c3f5.exe.exe
      Filesize

      458KB

      MD5

      619f7135621b50fd1900ff24aade1524

      SHA1

      6c7ea8bbd435163ae3945cbef30ef6b9872a4591

      SHA256

      344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

      SHA512

      2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      26KB

      MD5

      917b43f73b37b25d70ed7e2a1d2a65dc

      SHA1

      8a7061e3c6870fdb9052aca688a0f66aebe7fd86

      SHA256

      5c90e5e69f94662c15ac8451894b831ddf61df3c684eb880a2e257d5a9db4906

      SHA512

      43ec56689b68b96fa98e3478148b175bb3edf98f622788296369a961d91803538b23b0c04dd0d5bfbdceec01cb1336d7657197a410e5427e936b1bd6d9440c41

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-2718105630-359604950-2820636825-1000\_desktop.ini
      Filesize

      9B

      MD5

      1d7eff79e14bea77e992f25202a6decc

      SHA1

      2481953494e9f17a5d9c8186bac1e89c460da06b

      SHA256

      0bc3f26881fb44793cd3a989e616ce2b45848152d57eb4a38fd5f06df63f0a9a

      SHA512

      e9cffe2ce1cc689a1a0c9bee4da9e0ab90625931729257893780b13eb9060ee26bf373c87c0ae33e3fcdc3e8614d415ac00fe57fd7f1fb4908212cc145c8d9ad

      Download Submit

    • memory/2148-8-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2148-0-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4332-26-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4332-36-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4332-32-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4332-1232-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4332-19-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4332-4791-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4332-10-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4332-5236-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download