Overview

overview

7

Static

static

3

f06711ff82...38.exe

windows7-x64

7

f06711ff82...38.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-04-2024 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f06711ff8284648db25874c853263d1d23bd12c388a2ebcccd2939066fe6eb38.exe

  • Size

    30KB

  • MD5

    07aeed9d19fbaa8e9bed9c6e25710506

  • SHA1

    804b66592b99b6392824fc43fb70acc58d7b1d7f

  • SHA256

    f06711ff8284648db25874c853263d1d23bd12c388a2ebcccd2939066fe6eb38

  • SHA512

    c46e667ce1c0417218b8c84cf4c673000f46b0aac5588c73f067fa1f4f90cf9f6fee4804b9f6db3170661871f7ec78c09e6a66fac8a424c1128e4548159c3513

  • SSDEEP

    768:OqPJtYA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EwhSahGCoh:Oq4A6C1VqaqhtgVRNToV7TtRu8rM0wYj

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f06711ff8284648db25874c853263d1d23bd12c388a2ebcccd2939066fe6eb38.exe
    "C:\Users\Admin\AppData\Local\Temp\f06711ff8284648db25874c853263d1d23bd12c388a2ebcccd2939066fe6eb38.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    30KB

    MD5

    a08eaf0df1ed02b9e87b995139f47faf

    SHA1

    d6de988f14f8abe9aefecfe2f340119f60746eae

    SHA256

    f437b629c57835fca90c842e69d3591abf1d9b6ab470f2ee984543b543f7cc8c

    SHA512

    b47348e498d954f6a69eb0b9c137586ed4717cc802e8784b5aa04dfbfd2f54b88139074e0b47b93355b2b3d994a6a85f0d05fdcc2c1fae8512d7e3f3490bf505

    Download Submit

  • memory/1944-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1944-4-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4036-6-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download