Overview

overview

7

Static

static

3

helium_2.0...up.exe

windows7-x64

7

helium_2.0...up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    helium_2.0.0.4601_setup.exe

  • Size

    6.2MB

  • MD5

    44f4d3858310c16153777eee8610de1a

  • SHA1

    dcb3db338d4d2da9b7168f66ab46fd823e3a7588

  • SHA256

    c294d45d5993a69f3d61b515d4a59bacf45753b09b7892d59bda902d898c3f5e

  • SHA512

    e1f93eeaa6c03c65855998aae9e1f972f45ada6e24ad7df7f95beb8bcdce34cb8d24be9101a583c52c0c4d63bd2865f5b11972a2d17094653cd7f7030ef2fad6

  • SSDEEP

    98304:dX1JilLar0QJZvg5BSlnoe/MakVrVNn40t9kZaxwOiEWQpyA:ZILY0YljocMXBp9kk9iEtyA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\helium_2.0.0.4601_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\helium_2.0.0.4601_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:624
    • C:\Users\Admin\AppData\Local\Temp\is-43UN0.tmp\is-844MF.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-43UN0.tmp\is-844MF.tmp" /SL4 $60062 C:\Users\Admin\AppData\Local\Temp\helium_2.0.0.4601_setup.exe 6211824 71168
      2⤵
      • Executes dropped EXE
      PID:4592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-43UN0.tmp\is-844MF.tmp
    Filesize

    592KB

    MD5

    38e57692dc759034d88733a74010c102

    SHA1

    3dd1786d1bd2415ea56185a5dc755ef808265f13

    SHA256

    c9b6429a22f9c977fbb84a5afd47cfe657eead7f6ce246f7e4df087ed25af794

    SHA512

    3bafa5fad0186db7e2a71de02d988515617fd72422e8129432d678ff6d20c0ee9beda32b25bc58ccb87de36267e5e7119b7a6ada33ec494b2145dd639f9dcd99

    Download Submit

  • memory/624-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/624-2-0x0000000000401000-0x000000000040A000-memory.dmp

    Filesize

    36KB

    Download

  • memory/624-11-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4592-10-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/4592-12-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download