Overview

overview

7

Static

static

3

445d2b5e2d...0N.exe

windows7-x64

7

445d2b5e2d...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-07-2024 04:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    445d2b5e2df0a3987c2c2a2e81cba860N.exe

  • Size

    39KB

  • MD5

    445d2b5e2df0a3987c2c2a2e81cba860

  • SHA1

    17dbbcf652188ac80f98564d84f9f8c1c1b71e98

  • SHA256

    c2c34c77678d2a651a3e0c16cf073ec1ec61edbe6ae0767d9282a152564fd237

  • SHA512

    86e28ce02ce7642f13634ef61b1a6e937a2daa04501d56c86f01e0e839251c178aae1da55471f3c1495f38e807177b26249a855f877dc78ff1674d08533ef299

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhr:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYL

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\445d2b5e2df0a3987c2c2a2e81cba860N.exe
    "C:\Users\Admin\AppData\Local\Temp\445d2b5e2df0a3987c2c2a2e81cba860N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1140
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    40KB

    MD5

    d42a9c71e82fb7ebfa87aeed8e0c68f9

    SHA1

    312cd4f3577e4f583e7f35e66fdd51589b6227ff

    SHA256

    3ae829e0be2686b12bbfa10f88d22f60bfa61b544df73b7076d3d59ef810590d

    SHA512

    2cc93a8725148f81b54181940a617ee98d7face8190ab0ecf2713b918a20fd77e1a1a53484169606e3f1e593bf5a5192b62e8b2f4ac443af631c1353ed54c04e

    Download Submit

  • memory/1140-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1140-4-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download