Overview

overview

7

Static

static

3

c43215aea5...aa.exe

windows7-x64

7

c43215aea5...aa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2024 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c43215aea5fd2a8fefe4b782e9f1cabb76fbff1a1577ec40c3c6d645b4a155aa.exe

  • Size

    92KB

  • MD5

    a3a95c138fd17c3b3e1376b1eaaf2496

  • SHA1

    52ec93cbf2ec906ef610f33170a10cd3b42e6cbe

  • SHA256

    c43215aea5fd2a8fefe4b782e9f1cabb76fbff1a1577ec40c3c6d645b4a155aa

  • SHA512

    d2ad51edaa139c18e5b985681afa90965f577aeb01ba8c7c4622a27a278aff947e3af64166425edd0218982ed1fa653e671afb0dba7706278e76232fd7cad0ed

  • SSDEEP

    1536:YAowfUJFgjT284U+w2EwRz6OlvaeEpIao/6NXznCCh+61CXCCCC9yttattvtHtgL:YAowyFgjTiUkEwt6OlvaeEpIao/6NDn3

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c43215aea5fd2a8fefe4b782e9f1cabb76fbff1a1577ec40c3c6d645b4a155aa.exe
    "C:\Users\Admin\AppData\Local\Temp\c43215aea5fd2a8fefe4b782e9f1cabb76fbff1a1577ec40c3c6d645b4a155aa.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3544
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:4912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    92KB

    MD5

    80e2d8278a6886b722520a3c7a364d8c

    SHA1

    1aae82f1fd807dd8c91ca707b1620327967f0af1

    SHA256

    e053cd23c484787800a0115137165ee5945d4917fd09e858c16f354dc7d51333

    SHA512

    d07c0f4129efb4546c5f52829a163def84539ac37f609b6b92e7723bdd9ea066e0466aa8c69137294c2a8e0428406f9a7f1aaeabf72902b0c1b81dbe3f7c48c9

    Download Submit

  • memory/3544-0-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3544-4-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4912-6-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download