Overview

overview

7

Static

static

3

3b55722091...d9.exe

windows7-x64

7

3b55722091...d9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2024 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b5572209140dda6a53844d5b2568dd9.exe

  • Size

    85KB

  • MD5

    3b5572209140dda6a53844d5b2568dd9

  • SHA1

    5530cb8fc615f28e54894b23ce5a79e2cce65544

  • SHA256

    fda9f28bf941edd588e6bd2939d70fddf8295f3ea94b61af9add09819c0db60b

  • SHA512

    772982adc118f313f3ea4d1d700a78cbe0515d3aab56153203c3da8a706a045f9e9ba0bb12bf9c7a44b5744ac3dff85bbffdb4fc70e1dfb6bd444fada8155064

  • SSDEEP

    1536:/Ao0zj2d6rnJYulBJnJBSX1nV1b1N1Il1k1YFI1x1J1MuEqx517Q/1T1Jzct01Nv:/AoAliulHnJBSX1nV1b1N1Il1k1YFI1I

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b5572209140dda6a53844d5b2568dd9.exe
    "C:\Users\Admin\AppData\Local\Temp\3b5572209140dda6a53844d5b2568dd9.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:1956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    10KB

    MD5

    645d9ac51231063f27e06182822d5711

    SHA1

    88dc1b512e3b7337330b9a01e8225f6333fd762d

    SHA256

    23fa9a4ac03535852327ee24a0e5d5285cf46f7910215ecfe50babff805f1ccc

    SHA512

    1938b9f491321b6abe546c958f6125da52206bcf22966b8f1bee813a4e48eb65efee5912df283ed894d76b56a43a97625f8a003ed6747f2951516903788ecbf4

    Download Submit

  • C:\Windows\microsofthelp.exe
    Filesize

    1KB

    MD5

    5e43ce4a8c59061926435057a481ad24

    SHA1

    f516604cc7faf14abbad12657ce6c93c29a93224

    SHA256

    e9c6291fed9ddf4ae0d0dd2c15350b33642b05ae0d9c9ff09766063eaeb63fb9

    SHA512

    f80d984a5739d1fc33893dc4144095c8d96b9dc454edf53a958d61a8edf77ea4cb629e0018ff4a46c48ea7b015e20c89f5e427b0c70ffcec195b8a05163d89fe

    Download Submit

  • memory/2300-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2300-4-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download