Overview

overview

7

Static

static

3

953a1c1eaf...27.exe

windows7-x64

7

953a1c1eaf...27.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    953a1c1eaf2c3aad452b6fe4449c0d7a2fbda2fe63edfca6c268b924c6691a27.exe

  • Size

    88KB

  • MD5

    d1fe309e993e04c867a5118e5184e5cf

  • SHA1

    e2590eddb15a796c311ba560fadf2555299ae282

  • SHA256

    953a1c1eaf2c3aad452b6fe4449c0d7a2fbda2fe63edfca6c268b924c6691a27

  • SHA512

    86167a0ed24a40e1e761d2781ac49ea50e263d4c00ea2ca6bb85054cfd725c8ffbcbce5007391f7b20f7179578cbf639267653155c52ae18e147caf23cdab7ba

  • SSDEEP

    1536:NDj2d6rnJbJnJBSX1nV1b1N1Il1k1YFI1x1J1MuEqx517Q/1T1Jzct01Nsqnl1Rr:FlnnJBSX1nV1b1N1Il1k1YFI1x1J1MuI

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\953a1c1eaf2c3aad452b6fe4449c0d7a2fbda2fe63edfca6c268b924c6691a27.exe
    "C:\Users\Admin\AppData\Local\Temp\953a1c1eaf2c3aad452b6fe4449c0d7a2fbda2fe63edfca6c268b924c6691a27.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    88KB

    MD5

    57d16e2dea6f94695d15e7fee7d71583

    SHA1

    2e29a069c57d633549aadd197e353019dc9e162f

    SHA256

    222f9b42c57f8080b030480e7a18a9278b2a72a7d7117db3bb63b17f62649084

    SHA512

    8bf967e09c4eca8b03c2ed30d4148f7bd26cdeff3837c766a40823367d2268ca7590bbf3ca24cb82a17751926c2d39464590b65c7af4fbaca3786a47a8ddaed0

    Download Submit

  • memory/1908-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1908-3-0x0000000000020000-0x000000000002C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1908-7-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2052-9-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2052-13-0x0000000010000000-0x0000000010005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2052-14-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download