Overview

overview

7

Static

static

3

ccb5598576...aa.exe

windows7-x64

7

ccb5598576...aa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2024 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccb5598576316f752c7d3155de78871f5e88eaa70fbf2ad689f83957d36f6aaa.exe

  • Size

    52KB

  • MD5

    881dd0fc2ef489a84a7aa3fdff69dcb4

  • SHA1

    f8fadbb90370903714cfe1a2673f60c48fdb951a

  • SHA256

    ccb5598576316f752c7d3155de78871f5e88eaa70fbf2ad689f83957d36f6aaa

  • SHA512

    ebdddca2bbc649f8cdfcb69abd2ba4566d3904dcc6fdefb1bd461c26873c0bf9f94a25fa5023a52101ed9ab7dbba7390b03c6ff069f71ffb668dcf1082842b90

  • SSDEEP

    768:49Mn16GVRu1yK9fMnJG2V9dLEqgt6jpYU5ltbDrYiI0oPxWExI:49M13SHuJV9k6jWWvr78Pxc

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1184
      • C:\Users\Admin\AppData\Local\Temp\ccb5598576316f752c7d3155de78871f5e88eaa70fbf2ad689f83957d36f6aaa.exe
        "C:\Users\Admin\AppData\Local\Temp\ccb5598576316f752c7d3155de78871f5e88eaa70fbf2ad689f83957d36f6aaa.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2276
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$aDC0D.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1244
          • C:\Users\Admin\AppData\Local\Temp\ccb5598576316f752c7d3155de78871f5e88eaa70fbf2ad689f83957d36f6aaa.exe
            "C:\Users\Admin\AppData\Local\Temp\ccb5598576316f752c7d3155de78871f5e88eaa70fbf2ad689f83957d36f6aaa.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2756
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -u -p 2756 -s 124
              5⤵
              • Loads dropped DLL
              PID:2972
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1740
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2228
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2688

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
      Filesize

      254KB

      MD5

      9ae223947a503e976e1edc7875d53c72

      SHA1

      fb15a478dfd690204c2584a9c2a1bc264995cfac

      SHA256

      f597c0c63f5e46aafe0f0268ca163aeb7b0b6695d73042397e45f2063d64f23e

      SHA512

      cd94c5e526d86fa376c95500c2886d487a057cdc071c3bdb99a43b0ff2637829b813b7826e09d9cc05ce7ead2dc42102a809ab644e3dc61230eeae151455a8c8

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      474KB

      MD5

      534b3a473ca3d525541b1289b316404f

      SHA1

      c1e408bf066852bc1ebdbb3a9e835932e3e7bb72

      SHA256

      f9719cc66a7a6dc9ff57786e474a1868b6696b4468dfc0f915533acea44291ca

      SHA512

      99b77d6860209d482448490a6afde3d3144c8ca1a838d97de66c758f9ebab8b21a51f3257cd7b191cb4f254ba2f04ae69a8b5f29a9c95d768d400fb5e8f1e330

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aDC0D.bat
      Filesize

      722B

      MD5

      6fc9bb8dd0ce3f6bc2274a0d117717c3

      SHA1

      0bf5f002db4098cd953cb92bc60753611ccded7e

      SHA256

      650ac7d4c4bdee8095e948dc013d767bcc899bacba28f2562096a72aa4cf12a7

      SHA512

      36e9581f7fdc1b4e5064fd80827f2ad063fd6b050d809200ea1142bad5d4e2a74209015a1bd29079c094087575fd7b1abd3d23765553f1bd54ffe84ada670e59

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ccb5598576316f752c7d3155de78871f5e88eaa70fbf2ad689f83957d36f6aaa.exe
      Filesize

      23KB

      MD5

      3f9dbfee668294872ef01b90740b01d0

      SHA1

      99a4702b65485cd14736b1c2cdfb81b455dda01c

      SHA256

      40b32fea1fcadcb2db369475e2bba58b0b83f5c3bb647e2e63877726c35a9f86

      SHA512

      0113cec160d97ea0cce70860cc5b79b502d16191ee237a3abb84309499be193aa0127dbcb41fc05a90fa61484b061ec4332ad29a918db598e32fe832b74bd1e3

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      29KB

      MD5

      4c513a4884d5671553b53e59a8c5149a

      SHA1

      57afa0c2f1936a9adc9ddcb007499472a8a37d6d

      SHA256

      0413d2f733470a6ae51171bd9de1abe1034020f8951e2c9c10156188471f3df3

      SHA512

      2ac965599f0d154c1af515bd102436247fb8a83f0b34d0d01cde2d2063802d07258b0cc022e04f62eb06e5c983ff0ee2df4e727a0214f930ecc9b9e7be4a7924

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-3290804112-2823094203-3137964600-1000\_desktop.ini
      Filesize

      10B

      MD5

      1603436fb34d76c51d66ab1816519131

      SHA1

      3d5dc4ccfe3cc992c253dccfccf66ea727f66bf6

      SHA256

      9072a674ab684ff3ef851bf4f0fdc4118d2bcbe765282f38f3f6de4360057d60

      SHA512

      30d89b59822313e4b281b8f63b959f36262b2b948cf38e6389e9a1a7517c7c239349a41de9e35c8cd27d6b852ab5349206c2fb85b631dc59fab5421d997dbd46

      Download Submit

    • memory/1184-34-0x0000000002600000-0x0000000002601000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1740-36-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1740-44-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1740-50-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1740-96-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1740-103-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1740-433-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1740-1879-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1740-19-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1740-3339-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2276-0-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2276-17-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2276-12-0x0000000000220000-0x0000000000256000-memory.dmp

      Filesize

      216KB

      Download