Overview

overview

10

Static

static

3

10e75daab8...a2.exe

windows7-x64

7

10e75daab8...a2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-12-2024 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2.exe

  • Size

    163KB

  • MD5

    83ab2ec3e3456bc3cc19457a7534576d

  • SHA1

    3382b548d439bc16a4fd54aa49817109d13b8161

  • SHA256

    10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2

  • SHA512

    e603c8a683cbd1e259754c171c4066f3fe9aacd5d11636964041e38a25bdf8d6bdef4868f4c870a83214616770e89e1bd9c5ad1b3a3c830ee448610d0025b513

  • SSDEEP

    3072:VftffhJCuU9Cw7vFoF3M9Z8oU8HyNftffhJCuUZROzoTq0+RO7IwnY:VVfhguMCysgZNSdVfhguikdNwB

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1152
      • C:\Users\Admin\AppData\Local\Temp\10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2.exe
        "C:\Users\Admin\AppData\Local\Temp\10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1224
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$aE3AB.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2360
          • C:\Users\Admin\AppData\Local\Temp\10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2.exe
            "C:\Users\Admin\AppData\Local\Temp\10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2808
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 36
              5⤵
              • Loads dropped DLL
              • Program crash
              PID:2964
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2364
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:848
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2860

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
      Filesize

      251KB

      MD5

      0ebc6749e2c3264b0251feb3fb3c91f0

      SHA1

      3d51785703c577cd51e0c05df428fef65acde3ae

      SHA256

      9a9efd253692b6b2bb8e358acd75ba07cfaa12644d8de5d12460df3b5df06172

      SHA512

      6a2a18ecd874330f55d70a0898054b4e9c5454fd32ce4e5c08e141787a1116dd013456d4831730beca6d8e28261d3f6dbac147022b4e9d3fda70579cf2942929

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      471KB

      MD5

      f9fc019eacb573ec828d2d9ff6a48318

      SHA1

      b91958dc8d178b6eeb35e829bab84d0fb12c2280

      SHA256

      bf9ba3df2bad76d15f4efe42c0c59f37b9454907958892df8ab996552658934e

      SHA512

      998ba7bc7cdd5df3e1acfda6f4f92ec9d27732e1e182177dff310f3c918f3be99626a3526bebdff5bb7eb980640434baf56e0f08bfd125168c0a9e37e7239305

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$aE3AB.bat
      Filesize

      722B

      MD5

      771ee5993f4aed49b582d230189c4758

      SHA1

      cb2ceb4cb3748bf809aa93335e6a2f875e50d435

      SHA256

      be37c89d222d5986ef430d86a3d84b936768b316f904093c01241759459d7036

      SHA512

      3974844883b5e7f9a62ac322d4f9d797be564fe4999c7aecc14c275ce4e23152f9212d06dc8b3ba3f16a72fdbd2d540e3f7f1f837f8281e1a1ad10709a99535c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\10e75daab8d37ded5da2e87609c5a30a515d90dd305e180568cfdf30da41a9a2.exe.exe
      Filesize

      137KB

      MD5

      56c765a6bae3953c3b3e2cdc70826731

      SHA1

      56aac813814e1d74914ed10252542e636bc4f330

      SHA256

      7a0ef5a0bdb4a246847e7b31e49bd570d47630d634eb53130f642b061e4e82c9

      SHA512

      dbcea75226a570a2ad5a600123a0d5ddf5f8cd38977eb6cf3d9566e59a7d6b8a1df9041e07259cf90049d24b0760802e0bb153a56a274dd301a53890aa870a90

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      26KB

      MD5

      6d1897fce1d6586be0535a68800186c1

      SHA1

      b7e726ce1efdd0faeb4e7815c135a2fc51e0a06f

      SHA256

      5f37e266fe06751a70976dde002a6dc53df2df2d08147adcaa408cdfa43f2324

      SHA512

      977e16961bfd2cd6fa9f4315887697be1c4bd3f98a79dd317a0db932ba5dc71bd779c333c4f56fa184618120a62caba9149ed047a52c4c5c73ba23b2aa1704ad

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-312935884-697965778-3955649944-1000\_desktop.ini
      Filesize

      10B

      MD5

      8b929bbff5206fb508d25ffd2036ed74

      SHA1

      cd32d37ccaae75cc9bb7ba821161d084b6d3d173

      SHA256

      e461dcb4d7e5d8f7940f58d1fb55b6934a26df6435436b8465461ecc002b172b

      SHA512

      5c5816f7ff2ef7de725d9b2f97e9ab62f765e81d53bfc3623c6683a34609fa8c1fb6b472ae266154be61937f296b16ed4147e7d2024517fa1e7603975df82281

      Download Submit

    • memory/1152-36-0x0000000002B60000-0x0000000002B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1224-13-0x0000000000220000-0x0000000000254000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1224-17-0x0000000000220000-0x0000000000254000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1224-18-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1224-0-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2360-28-0x0000000000170000-0x00000000001AC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2364-39-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2364-53-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2364-99-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2364-105-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2364-518-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2364-1882-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2364-47-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2364-3342-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2808-38-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download