Overview

overview

7

Static

static

3

dc23c838bb...0N.exe

windows7-x64

7

dc23c838bb...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc23c838bb459ba278b8ef7215edf780N.exe

  • Size

    44KB

  • MD5

    dc23c838bb459ba278b8ef7215edf780

  • SHA1

    fcab3bc3c5736988c7d94b0ae8c751f94659bd26

  • SHA256

    bb6d066387422b11fcf82ef2f2f01f4dc8935b2108dd56b60692fdc1f34a5a7a

  • SHA512

    b4908e5b985e452e59419e5e05be284036ff4643c2221abc381fc6512e7f2ec4ebdb2965d05d74195380a8f48dc7a9471ddb85d030f9f30e9ef9aaa9462e2202

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhx:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYR

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc23c838bb459ba278b8ef7215edf780N.exe
    "C:\Users\Admin\AppData\Local\Temp\dc23c838bb459ba278b8ef7215edf780N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4656
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    44KB

    MD5

    b0bcff7236576a92a1936758e9eedc86

    SHA1

    880609aaa13a9ddeb5e3a9c56a59b23660185cc2

    SHA256

    8c39c71d86608b0b14151a7a10b27c39dfbebdb436f07e2092517b1c5579b7f5

    SHA512

    addd9020144d30c6bc4fa18e50fd8beeb124ff9c4ed8cc1923086179aaac659bdd6d500c79966b0789567e96d7f0749373a8ffd7daee8ea6bbdfa93b619ff0f8

    Download Submit

  • memory/4544-6-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4656-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4656-5-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download