Overview

overview

7

Static

static

3

710c8150d5...c1.exe

windows7-x64

7

710c8150d5...c1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 12:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    710c8150d5c960618556cd62ea32fd924ed188524fdc7c0f3e748031978769c1.exe

  • Size

    570KB

  • MD5

    369584b692626ccc239ba2b9b8d2b6ec

  • SHA1

    e6a16afd6d5fcff7cef8f61edc5fb1d83d7e53f0

  • SHA256

    710c8150d5c960618556cd62ea32fd924ed188524fdc7c0f3e748031978769c1

  • SHA512

    c00d6f0ac9f17ce595708a72f473231f7644a4b7f536a1c64c01d68998948cc834d29f1afeec2a6e4bc251678736e8ef2fbcced742adc10455c7b24985667a57

  • SSDEEP

    6144:fVfjmNCE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHk:N7+57a3iwbihym2g7XO3LWUQfh4Co

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1200
      • C:\Users\Admin\AppData\Local\Temp\710c8150d5c960618556cd62ea32fd924ed188524fdc7c0f3e748031978769c1.exe
        "C:\Users\Admin\AppData\Local\Temp\710c8150d5c960618556cd62ea32fd924ed188524fdc7c0f3e748031978769c1.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1724
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$aB838.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1320
          • C:\Users\Admin\AppData\Local\Temp\710c8150d5c960618556cd62ea32fd924ed188524fdc7c0f3e748031978769c1.exe
            "C:\Users\Admin\AppData\Local\Temp\710c8150d5c960618556cd62ea32fd924ed188524fdc7c0f3e748031978769c1.exe"
            4⤵
            • Executes dropped EXE
            PID:2748
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2568
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2504
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2448

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
            Filesize

            251KB

            MD5

            533ce215a7c274602dc456ca375cef93

            SHA1

            76c502d7c45eca3fd96f6b04eb850e751bc785dd

            SHA256

            d70c9f73bbeed5cbc0df4a4d14bae68789f84d8092281337d2919322b288ce9c

            SHA512

            09d9dee36c48567921de4b7c31c4a822d5f9ed5e0b1cb0330031b320f40b5ba9b15e89dc37d52561094642c0ff16c14d32e81ed5b1dac06150fefbbd6f3365bf

            Download Submit

          • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
            Filesize

            471KB

            MD5

            4cfdb20b04aa239d6f9e83084d5d0a77

            SHA1

            f22863e04cc1fd4435f785993ede165bd8245ac6

            SHA256

            30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

            SHA512

            35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\$$aB838.bat
            Filesize

            722B

            MD5

            e2cf80a6ee1e37751119a4ac3542625c

            SHA1

            9e91c3140aff2c8146f54022e7a8f052c3e68e10

            SHA256

            fce46b18f825880d6311c360ed2f83c0c15f22d2f232dd47752f777bdad2ecc8

            SHA512

            e0d15574a9bb1b4c4ff65af0dcc2e0c76e1d969203e354015fd716abedef60b010ba7994b83b0416b7c61f964cbefa43b03373ac507e1d6f6578dfe2758865df

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\710c8150d5c960618556cd62ea32fd924ed188524fdc7c0f3e748031978769c1.exe.exe
            Filesize

            544KB

            MD5

            9a1dd1d96481d61934dcc2d568971d06

            SHA1

            f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

            SHA256

            8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

            SHA512

            7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

            Download Submit

          • C:\Windows\Logo1_.exe
            Filesize

            26KB

            MD5

            53885d1d2f16fd5d97b5750df70bec25

            SHA1

            a98bfc00037b5ebe5cc7e4ac80244be328008065

            SHA256

            6a728a8314a2bb146b859b90064bc3e0082b69789b4705a101d524e4ddda785d

            SHA512

            5c21d987833d66631e9c6f26ee9fb200fe60b059d9a6d8b8099ad979375a20aaf7cfbf6e6b043f0ababd32e2d04cdcf9f1ca341d2f27305ef5f3e8762cb244e0

            Download Submit

          • F:\$RECYCLE.BIN\S-1-5-21-4177215427-74451935-3209572229-1000\_desktop.ini
            Filesize

            10B

            MD5

            291aa08828faa68893c7f89a0dfc158b

            SHA1

            fcae3d190f0d8c14b44dc2be0b627b0680d2eab9

            SHA256

            f9e79f635e09441b5a073e6263a1d1de881c2105d7637650b5ec2d20f6a7c841

            SHA512

            9c80a5e3e37731eb0eba85b496e512dbfe08c77c207bcb41ad429d289e3d348e8e7b83ef00052c445581df37aa60729a4f0c2dd3ed0ed2e5d05a8758a23f1f38

            Download Submit

          • memory/1200-30-0x0000000002E40000-0x0000000002E41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-17-0x0000000000320000-0x0000000000354000-memory.dmp

            Filesize

            208KB

            Download

          • memory/1724-16-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/1724-0-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2568-32-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2568-45-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2568-91-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2568-98-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2568-472-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2568-1874-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2568-39-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2568-3334-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/2568-19-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download