Overview

overview

7

Static

static

3

7c8454f3ff...20.exe

windows7-x64

7

7c8454f3ff...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 23:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c8454f3ff06f6402774355ee7ea234d370128bf676751d9d8dbac1a4572fe20.exe

  • Size

    37KB

  • MD5

    349be1db0823283847810e38251a908e

  • SHA1

    8d2f97dd7a75b2cc7a764215be0a264d5ad1e0b3

  • SHA256

    7c8454f3ff06f6402774355ee7ea234d370128bf676751d9d8dbac1a4572fe20

  • SHA512

    1a65c396b751c7daffd67ba987d156e59c493710faef1bcc99b6f0ffd6e86a3cbbe514abb745567a13bbb582681ec160d77213c256b48c282b802e436f814799

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhu:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYO

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c8454f3ff06f6402774355ee7ea234d370128bf676751d9d8dbac1a4572fe20.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8454f3ff06f6402774355ee7ea234d370128bf676751d9d8dbac1a4572fe20.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4328
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3980

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\microsofthelp.exe
      Filesize

      37KB

      MD5

      b4b20c3ab281c8cd6035423371485631

      SHA1

      2c55c821c1c5d1211b22ab282da41c49319a0fd9

      SHA256

      414f4a24ea7a61ba4b26002e7614f742b1e964aea3b5ac6683cf10cb60324dd3

      SHA512

      9a7f5d689c4f932f39fbc2f58745822a7cfb39fc47e98cc91b1e9f5f4b6b5e1b81d8998da8581957211aaf8cef5c9cea9927c7737c59e5f1bc692c8cbccc1dac

      Download Submit

    • memory/1604-0-0x0000000000400000-0x0000000000403000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1604-4-0x0000000000400000-0x0000000000403000-memory.dmp

      Filesize

      12KB

      Download