Overview

overview

7

Static

static

3

5240f9fd3b...56.exe

windows7-x64

7

5240f9fd3b...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 21:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5240f9fd3b4c54c99f4a4bee279c7db2f5fb50b15fba7d46cd877af85152b256.exe

  • Size

    33KB

  • MD5

    62fe77333393678f9b7f678d7956e228

  • SHA1

    8bbdfb70e8c7663517340607bcb175532984f76b

  • SHA256

    5240f9fd3b4c54c99f4a4bee279c7db2f5fb50b15fba7d46cd877af85152b256

  • SHA512

    6f66afc6361eab92a5b35cd0f698ebd434caa78beaee9abdc448c03d50686dd09e2b4225e130a2441556184582dd94e552881c41ac4aaf029f83711f411c5484

  • SSDEEP

    768:/qPJtHA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhQ:/qnA6C1VqaqhtgVRNToV7TtRu8rM0wYw

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5240f9fd3b4c54c99f4a4bee279c7db2f5fb50b15fba7d46cd877af85152b256.exe
    "C:\Users\Admin\AppData\Local\Temp\5240f9fd3b4c54c99f4a4bee279c7db2f5fb50b15fba7d46cd877af85152b256.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:436
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1844

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    33KB

    MD5

    b7582f3a892bba5532d0d0eada2e5128

    SHA1

    69babc6ccd8d89351091fb343b6bcc28dfc0b321

    SHA256

    4e5b069b3fcd4abc84414e3edffaa77daea6c1cb2aa9bda6383212ee0512c39b

    SHA512

    0a2369de344a8e667981413ceebf304754baa50ef41d85fa694239fb0211d2e4b8f76891e7879edabd21a991b047b51f361b972ab766a1ef1e3eed03b3d88c74

    Download Submit
  • memory/436-0-0x0000000000400000-0x0000000000403000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1844-5-0x0000000000400000-0x0000000000403000-memory.dmp
    Filesize

    12KB

    Download