Overview

overview

7

Static

static

3

c3bdd8ddd7...4a.exe

windows7-x64

7

c3bdd8ddd7...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3bdd8ddd75e10a6fc012eecb6e7bb46499d53e56e4380700279abd58a03144a.exe

  • Size

    2.3MB

  • MD5

    79ae8800dc1059c4365073f4c15ed5eb

  • SHA1

    a9ef66eda37414e731630c15b551cd251da13892

  • SHA256

    c3bdd8ddd75e10a6fc012eecb6e7bb46499d53e56e4380700279abd58a03144a

  • SHA512

    b95edc41bf5609cabf9a104240913004cc6801ad6cab3c22a97fcffa203454564d70740d25b2b8f9e3de5594674711c2b42846eaa4ebdd757d9849afe5cea5e2

  • SSDEEP

    49152:J7iuAJld1NwfF0GSYbL+0Joz7ITd2fVy+dlyTTTulk1vOvUM:4uAJld1Nc/P6zud2fVy4lggk2vUM

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3548
      • C:\Users\Admin\AppData\Local\Temp\c3bdd8ddd75e10a6fc012eecb6e7bb46499d53e56e4380700279abd58a03144a.exe
        "C:\Users\Admin\AppData\Local\Temp\c3bdd8ddd75e10a6fc012eecb6e7bb46499d53e56e4380700279abd58a03144a.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4644
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAAE6.bat
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3708
          • C:\Users\Admin\AppData\Local\Temp\c3bdd8ddd75e10a6fc012eecb6e7bb46499d53e56e4380700279abd58a03144a.exe
            "C:\Users\Admin\AppData\Local\Temp\c3bdd8ddd75e10a6fc012eecb6e7bb46499d53e56e4380700279abd58a03144a.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:2104
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2692
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2248
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:336

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
      Filesize

      244KB

      MD5

      e673adf0204e255b2009a33202e6ea32

      SHA1

      e6939a67cde886114f932bad044665a08a345f4c

      SHA256

      e2073fb12bd69849b4977e0f96297d236e9bb59a084955c5b6d26bac2311d18a

      SHA512

      2ee2c7cc83777334e4f841c9b1e08a8d73c5bddd8cf37e00c563f14fe008c4f41f967c4214d9b630963ec031aa07fdc7539df42e23004569fa483d67368e7b1a

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      570KB

      MD5

      d33c44159e4e3b67ef1dc299432d84ea

      SHA1

      681efc5896c7cd1f8794239e00a6575768e76779

      SHA256

      a273cab19ac256d5696bf59246f487948fed454a0eb5a0cb57f08210677b7c45

      SHA512

      13db6f7a94d8d45a3889c1ab7be132a5dc7a24588197622a3dc69fc661f62ef00db310457df0c5203c86fb073848c3cf5f860094fe1365033d2880fcbbef26a6

      Download Submit

    • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
      Filesize

      636KB

      MD5

      2500f702e2b9632127c14e4eaae5d424

      SHA1

      8726fef12958265214eeb58001c995629834b13a

      SHA256

      82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

      SHA512

      f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aAAE6.bat
      Filesize

      722B

      MD5

      d879045e646040dca7c06605137a7d84

      SHA1

      3a9031839b3f018363d1ccf62ce03be2b4635761

      SHA256

      0618d20bec4301d59ba28d10c8ced66cdd052643944d9d52d48fb00aaed2d72f

      SHA512

      0b056908d3ef5448e85833bd3caa5166b923856ae29f091d38325243f4119f7847674559b96bdc15f309666e272a6ce21a28f6af8bdf40446ba21af4440f3d78

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\c3bdd8ddd75e10a6fc012eecb6e7bb46499d53e56e4380700279abd58a03144a.exe.exe
      Filesize

      2.3MB

      MD5

      d424f3972ca2b1f314a037e97d906128

      SHA1

      e4511513afd534c7caab637537ba36752c1b2120

      SHA256

      6faa3a2305217bb7b09b48635f885be4943182279b743ce694361753d49f7e42

      SHA512

      bfe697bc02beacbc16484d60cb1d0268f8ecd0a707a3b1554fdb535130e85d487ea64e5fe098204be7e9b4a11374066178e68d9c727d14a89eefd079ba4ffb1e

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      26KB

      MD5

      c474b36ee670d0befb8b3442b383647e

      SHA1

      cbefd636854e54c8ba30014c14a41130bb08f136

      SHA256

      e0f5b3669e539794344317f8000194313e5428a839a76341491c5698dd4b40f6

      SHA512

      ef840ac2b62a7146a699dbcf8101b8619dba97b96ed8c04f0546861d95cb6fa9e2e6cc676e7340d657d9c82071b6ff31c56ba77f76e069a37066a880d3c0a44e

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-4182098368-2521458979-3782681353-1000\_desktop.ini
      Filesize

      9B

      MD5

      e02899454c67c7d6d1af854fdcb53b67

      SHA1

      26fb213f7c299c2a4d8c4afd234ee0b751d7a30e

      SHA256

      0e67e90646d3ba7b46f935b205c9f89e8bff2dca7aeda3cd5dfb93868b262315

      SHA512

      e1519bebf62ab4cb28e630a201312812e04f815ec0663f7b68b478da97c0bf7c7c2238a8632540d3d1f37acbe83919fb198b39ebeb222c19faa2130ab65ffffa

      Download Submit

    • memory/2104-23-0x0000000000400000-0x000000000068D000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2104-20-0x0000000000405000-0x0000000000406000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2104-22-0x0000000000400000-0x000000000068D000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2104-19-0x0000000003E80000-0x0000000003E81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2104-21-0x0000000000400000-0x000000000068D000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2692-40-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2692-34-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2692-26-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2692-45-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2692-85-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2692-1241-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2692-4799-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2692-8-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2692-5244-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4644-0-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4644-10-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download