Analysis
-
max time kernel
147s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
10-06-2024 05:34
General
-
Target
2e726706251498df9c0046780c5d7e48f0f8c4eb4222a39f1b4176fc268bd60a.exe
-
Size
29KB
-
MD5
43e7e1fef8adf80adfc6b27406279489
-
SHA1
1ca80c1c1fff95bfaaf6c7d7d25b81bcbd0a14c5
-
SHA256
2e726706251498df9c0046780c5d7e48f0f8c4eb4222a39f1b4176fc268bd60a
-
SHA512
a6be15a74907a5c1555b7c050f9919dee813c0b7f2a22f6ce3dfc5521e6579d8526ffa74efce5c1011fb7f9db2e05e5a1537b1b56f81e9e4bb58a2be47cfd25d
-
SSDEEP
768:/qPJtUA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKhJJhgc0:/q0A6C1VqaqhtgVRNToV7TtRu8rM0wYD
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e726706251498df9c0046780c5d7e48f0f8c4eb4222a39f1b4176fc268bd60a.exe"C:\Users\Admin\AppData\Local\Temp\2e726706251498df9c0046780c5d7e48f0f8c4eb4222a39f1b4176fc268bd60a.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29KB
MD5eddd36c3c75ffa525e8f9e19c2b72d14
SHA1dfefc0fd06bb9adb20d84fc0963698496d9f29a5
SHA256db96e6374833e9bac45a0022bee3a7dc2f23867a378fca8e20e3c399625d50db
SHA512c0e04dc438521d7dec5c9f3e7a51568dc12e1f932aad5dd970f8bc81b563eb44ad108cccb88159383002769d060eaa0a7161474209672ed9486efeec2d42cd78
-
Filesize
12KB
-
Filesize
12KB