Overview

overview

7

Static

static

3

8fbac78153...20.exe

windows7-x64

7

8fbac78153...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fbac78153a82027f927a25487509b08063cac3aed41da7dcc44e6801b564a20.exe

  • Size

    40KB

  • MD5

    799e4bf97436a505d3c9412742aca700

  • SHA1

    a7a441e30b57f256c21c2e2d11e840369d4db0c2

  • SHA256

    8fbac78153a82027f927a25487509b08063cac3aed41da7dcc44e6801b564a20

  • SHA512

    fe35d4655751c626791ba8cfe892d04ed18a6d25435b868415eaed77c4c943c04689e469bccce32abb929a063cd5780c1b904bbe144b8a8de030f6dd7e864ea7

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhr:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYL

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fbac78153a82027f927a25487509b08063cac3aed41da7dcc44e6801b564a20.exe
    "C:\Users\Admin\AppData\Local\Temp\8fbac78153a82027f927a25487509b08063cac3aed41da7dcc44e6801b564a20.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    40KB

    MD5

    cb0531d697161e421a5e4a0b48e22de0

    SHA1

    48a1347c84f166138ac4ba82affbe99dba55fea2

    SHA256

    591805bea3569d06879ffb4f423efa1e146869ab7b7745b11f609e011ff75334

    SHA512

    3f4c3216a62c151af9d3b314a2b26c0fb1516bfd5b0a58c9b2bdb5dec58c1c0fee92cfc072a7b6153654a430777294c3d2c039e17a930a6abf309858c54ec36a

    Download Submit

  • memory/848-8-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3044-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3044-6-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download