Overview

overview

7

Static

static

3

41f6319333...20.exe

windows7-x64

7

41f6319333...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41f6319333e52ef17cfe33d158e89fc8f76ce8542f30b7b9244bb498fb845720.exe

  • Size

    28KB

  • MD5

    cbde7ea9f7f324c4b1ef352ea3284577

  • SHA1

    6e6947dafd3f7ca29511a5782355bc1a814d090a

  • SHA256

    41f6319333e52ef17cfe33d158e89fc8f76ce8542f30b7b9244bb498fb845720

  • SHA512

    0f421998704299bbf61258049353b4f4128e47b8f0c4b814d81cd602c2740a8149bb31b2a0355706a8b50fe4879cacf550bf183ce3f7352fbef548fc67a67483

  • SSDEEP

    768:7qPJtecA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdheV:7q+cA6C1VqaqhtgVRNToV7TtRu8rM0wv

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41f6319333e52ef17cfe33d158e89fc8f76ce8542f30b7b9244bb498fb845720.exe
    "C:\Users\Admin\AppData\Local\Temp\41f6319333e52ef17cfe33d158e89fc8f76ce8542f30b7b9244bb498fb845720.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    28KB

    MD5

    a4fe7869383145e3806249b9eafae1ea

    SHA1

    3f8079831b006730c158d8ec06443b6724aa1b63

    SHA256

    6a81d8c489d680904024fdc54cb3761496d590f9c25f8bcc9b79b934b3b17453

    SHA512

    02488603406ef6b01aa13853c81e29e2c9689d2fd978e8f83c882fe36d287a514b629f1111c5f21b76b237134172ad100a2d0463bcaacee4ac826e4b05de5979

    Download Submit

  • memory/2572-0-0x0000000000400000-0x0000000000402000-memory.dmp

    Filesize

    8KB

    Download