Overview

overview

7

Static

static

3

6d024ea396...cb.exe

windows7-x64

7

6d024ea396...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 00:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d024ea39697a5120f88442656ad2b97f7cc3ad5b9ef5d54268aa5aacdd92dcb.exe

  • Size

    35KB

  • MD5

    567ed76a47b150a1b743f3c81775fa86

  • SHA1

    2efd67549a53d497e9e4018edee33af04f5a2132

  • SHA256

    6d024ea39697a5120f88442656ad2b97f7cc3ad5b9ef5d54268aa5aacdd92dcb

  • SHA512

    79af12a82e3c390b02eb6b7b20cceb4a4eaf2bac34664c8ebf44e5b83562c55ced0eb03239d33e527a58ed2be5fed62c4ca0dde5ea5153862a186ac6793b9e87

  • SSDEEP

    768:/qPJtHA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNh0:/qnA6C1VqaqhtgVRNToV7TtRu8rM0wYU

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d024ea39697a5120f88442656ad2b97f7cc3ad5b9ef5d54268aa5aacdd92dcb.exe
    "C:\Users\Admin\AppData\Local\Temp\6d024ea39697a5120f88442656ad2b97f7cc3ad5b9ef5d54268aa5aacdd92dcb.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    35KB

    MD5

    62a9e16f3035abef3b143d19a79322ec

    SHA1

    db00bf8335b1316bacdd38bc8a9e28e7c811ed05

    SHA256

    f582cba120d650c3dd1c189b4de73cca01856016c85472a08b093cfc524ad87e

    SHA512

    76769374dd654d9597b5f5cdb0a8759aafb3a771dc8b88b4ac8d6afb361e1b17bcf99f4f5ba7fc94e2bdd2ee36b3fa3b0dd608772e4c2ddb426f3745f4fa2bf8

    Download Submit

  • memory/2392-5-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3152-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download