Overview

overview

7

Static

static

3

bbe80cbc26...a7.exe

windows7-x64

7

bbe80cbc26...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2024, 06:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bbe80cbc26afe601c9872ec8b73abd419d584d846931b22cc39b28bec87e24a7.exe

  • Size

    959KB

  • MD5

    5358b95179aeda8763370ed2e94ebf4d

  • SHA1

    fb2917d7fa2fdf40150669df7579921901f57eb6

  • SHA256

    bbe80cbc26afe601c9872ec8b73abd419d584d846931b22cc39b28bec87e24a7

  • SHA512

    6b8a4ce3fb70fd8ad559cc2cb88462c0a155d85d54b251c3a46fcfbd2d455579bce7bf211cf1ac93fbe667aa55fb7f97b368ab11377384d53f9906b6a000ba28

  • SSDEEP

    12288:kRKcv8Nh7py6Rmi78gkPH3aPI9vyVg/0paQuj3IdD02fKBjtp/:JBpDRmi78gkPXlyo0G/jr

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3452
      • C:\Users\Admin\AppData\Local\Temp\bbe80cbc26afe601c9872ec8b73abd419d584d846931b22cc39b28bec87e24a7.exe
        "C:\Users\Admin\AppData\Local\Temp\bbe80cbc26afe601c9872ec8b73abd419d584d846931b22cc39b28bec87e24a7.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3096
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a95E7.bat
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3200
          • C:\Users\Admin\AppData\Local\Temp\bbe80cbc26afe601c9872ec8b73abd419d584d846931b22cc39b28bec87e24a7.exe
            "C:\Users\Admin\AppData\Local\Temp\bbe80cbc26afe601c9872ec8b73abd419d584d846931b22cc39b28bec87e24a7.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:3000
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4820
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2044
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2068

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
            Filesize

            247KB

            MD5

            98dd7c1511e132e59c9d441b3dbf987c

            SHA1

            36c7d00b0b524300f44a3b7da7b3415bfad369e4

            SHA256

            afe966017bdbfb5195a6fdf32e2eab42aa7e332ac9c83a123db5daf1b3171aa3

            SHA512

            959e4cc73a8c6ac67c004c29dee3bc71599059f2559502496eedc4a0b6d1773c3f5fdee8104f12d58fbc4ce66191bd1e786bb7ae706e93a0062657b986996409

            Download Submit

          • C:\Program Files\7-Zip\7z.exe
            Filesize

            573KB

            MD5

            4aafd131a93af2ecf070c7c59e905e66

            SHA1

            d97dc15b3f7bbe559886f3bea2879e83cecc6809

            SHA256

            92925beb42af0a02fcd0b0cd89a2d8eb67556b173cb5eb391adb6fdd8ea1d11b

            SHA512

            4bf8e9fb37162f9c04ca5b65910bf80fc0f63cc1d75cc0cae88415282750411a49a571be3661cb4f50724461e082617285ed9a68f10d7f716a919f06f564d190

            Download Submit

          • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
            Filesize

            639KB

            MD5

            fe2fab2d4c843edc9198a7767e9842e3

            SHA1

            42d7effdc358db8ef6fc6afbb9f09141535b5d11

            SHA256

            4c50aca6c5c15d52d26c69be9dce9e7a1020e233f44d4ad245c60ea355f1e8a8

            SHA512

            8b8c5d11732e088ac444554482294f42ccd386ce88ea9d40c59beeb04800696713f118e6d60fe2378f666862e08a8a32c322d443d21b96121552b498fb9c5f14

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\$$a95E7.bat
            Filesize

            722B

            MD5

            061ac6fb53915459c401196e73adc18b

            SHA1

            0ac31b99dd1d5ecdcccb19170cc282c164e3044f

            SHA256

            435eea1d9bd44bdace731a3d5ef6e91915115f127d5e7a90fc6d60c416e1cea6

            SHA512

            89dd395820289779676cab23cb3c6b525e611428d910ac883f2e6538048a801d10beb563dff0c27b127d2b00030fd615f749f4465dc504e8137af861a6ac4169

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\bbe80cbc26afe601c9872ec8b73abd419d584d846931b22cc39b28bec87e24a7.exe.exe
            Filesize

            930KB

            MD5

            30ac0b832d75598fb3ec37b6f2a8c86a

            SHA1

            6f47dbfd6ff36df7ba581a4cef024da527dc3046

            SHA256

            1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

            SHA512

            505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

            Download Submit

          • C:\Windows\Logo1_.exe
            Filesize

            29KB

            MD5

            4c513a4884d5671553b53e59a8c5149a

            SHA1

            57afa0c2f1936a9adc9ddcb007499472a8a37d6d

            SHA256

            0413d2f733470a6ae51171bd9de1abe1034020f8951e2c9c10156188471f3df3

            SHA512

            2ac965599f0d154c1af515bd102436247fb8a83f0b34d0d01cde2d2063802d07258b0cc022e04f62eb06e5c983ff0ee2df4e727a0214f930ecc9b9e7be4a7924

            Download Submit

          • F:\$RECYCLE.BIN\S-1-5-21-2878641211-696417878-3864914810-1000\_desktop.ini
            Filesize

            10B

            MD5

            1603436fb34d76c51d66ab1816519131

            SHA1

            3d5dc4ccfe3cc992c253dccfccf66ea727f66bf6

            SHA256

            9072a674ab684ff3ef851bf4f0fdc4118d2bcbe765282f38f3f6de4360057d60

            SHA512

            30d89b59822313e4b281b8f63b959f36262b2b948cf38e6389e9a1a7517c7c239349a41de9e35c8cd27d6b852ab5349206c2fb85b631dc59fab5421d997dbd46

            Download Submit

          • memory/3096-9-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/3096-0-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4820-27-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4820-37-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4820-33-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4820-691-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4820-1234-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4820-20-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4820-4785-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4820-11-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4820-5254-0x0000000000400000-0x0000000000436000-memory.dmp

            Filesize

            216KB

            Download