Overview

overview

7

Static

static

3

eb5e9f5391...b3.exe

windows7-x64

7

eb5e9f5391...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    22/05/2024, 09:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb5e9f5391f4695283b22b40bbad8403d7d349f721dc6aebf6a7c503a273cfb3.exe

  • Size

    36KB

  • MD5

    2b0f18d3e33ef0aabdb7d3447607ebe5

  • SHA1

    d59ed5e49c2c70904a96cd37859fdf1cd2431cfe

  • SHA256

    eb5e9f5391f4695283b22b40bbad8403d7d349f721dc6aebf6a7c503a273cfb3

  • SHA512

    0183b55da215127e99360c9748f49e4580a0d63aecee4395ea17243efdb51078102176a1ae836a314c6b8af50de1a78dd6258608a94c11abdfd6e88854c2de48

  • SSDEEP

    768:/qPJtHA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNh3:/qnA6C1VqaqhtgVRNToV7TtRu8rM0wYX

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb5e9f5391f4695283b22b40bbad8403d7d349f721dc6aebf6a7c503a273cfb3.exe
    "C:\Users\Admin\AppData\Local\Temp\eb5e9f5391f4695283b22b40bbad8403d7d349f721dc6aebf6a7c503a273cfb3.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    36KB

    MD5

    69c28c26d483855b97f538067826c068

    SHA1

    15c1b9b69b61c08aa178fb292b4ca531695714da

    SHA256

    0ecaabb39620613c69e424696606a50b8cbac92a28d006aa2cfafb4a3dda1a6f

    SHA512

    496d1f0e8da9ad9eb7a94565a09e1b89b30b30351b59d1b67b6cc3bb9425a65b184b1ed7e91370708d654b381d863f187f97b0cebf679828b5ae8804bab3dcd4

    Download Submit

  • memory/1924-9-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1956-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1956-3-0x0000000000220000-0x0000000000223000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1956-8-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download