Overview

overview

7

Static

static

3

0014e1e401...5b.exe

windows7-x64

7

0014e1e401...5b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/04/2024, 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0014e1e4015aafa6306832812d82ce093b6cea0a13cc890ab855972634c9eb5b.exe

  • Size

    24KB

  • MD5

    6763e20d9ebf26e618d402f2bdf65cae

  • SHA1

    12cb86c8903e57ac4161b209fa26fd43e2ab559d

  • SHA256

    0014e1e4015aafa6306832812d82ce093b6cea0a13cc890ab855972634c9eb5b

  • SHA512

    b61d84012b79b2166a3a11d1162a6f443a9a564e68e465d847dad68d6410c08b8c3e7ca7ad6c752263edc116f28cdda5ccf801fd8b5914ef1e536ef3ee2538f3

  • SSDEEP

    768:7qPJtecA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKhJJ/DF:7q+cA6C1VqaqhtgVRNToV7TtRu8rM0w7

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0014e1e4015aafa6306832812d82ce093b6cea0a13cc890ab855972634c9eb5b.exe
    "C:\Users\Admin\AppData\Local\Temp\0014e1e4015aafa6306832812d82ce093b6cea0a13cc890ab855972634c9eb5b.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    24KB

    MD5

    64f512ba12572c8984a3de7f185ddc2e

    SHA1

    c25715a40594575c377e66be863b7c91bf7ca9e3

    SHA256

    139758e699e0d5d9b3b14e699a1dbe2295719226b12e2be68107cd5b926cfb88

    SHA512

    bce310a3bea2a41bafcd602b4b29f17b2a3454039f2fc22892a95fcaf8cc66cb19224f3a76816dabf1fc63b4b2c580d8fcc38386b708c0d820271e0bc63f30fa

    Download Submit

  • memory/2624-0-0x0000000000400000-0x0000000000402000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3532-5-0x0000000000400000-0x0000000000402000-memory.dmp

    Filesize

    8KB

    Download