Overview

overview

7

Static

static

3

284f225101...0N.exe

windows7-x64

7

284f225101...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/07/2024, 00:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    284f225101064df61d4b5ac9023b8700N.exe

  • Size

    41KB

  • MD5

    284f225101064df61d4b5ac9023b8700

  • SHA1

    2a4513e327c63e5e2c0c59b41b58c4017e59dc6e

  • SHA256

    87a3896bebabb582782e7a37a7c1379bd5aee63671ca3cd77edf8ff7c29a5c29

  • SHA512

    9f5b1bca31b5cf835aa89e222411a0d3ef826d1327f11987812ae4544246beb1a590e2a38927462e62a210bb4ac151a39d555a552448bfc346160f1d6b6881f6

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhX:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wY3

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\284f225101064df61d4b5ac9023b8700N.exe
    "C:\Users\Admin\AppData\Local\Temp\284f225101064df61d4b5ac9023b8700N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3140

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe
          Filesize

          41KB

          MD5

          284de35ed0c1c0cd5af4387b26ac199b

          SHA1

          56a52795a33bfabffc7c9e2ba17c3f91beac9e0c

          SHA256

          d229399400df9c4038cdf114ad9535f04d1cac127703ba662a2ef77b305c1578

          SHA512

          22ea9ea5af2720a3fe85ad6aeae2bbb1d61a6d598466bc59d45ec94ab277553efcf1749bceefc12ea57bcbc6cb2dc154e8fddd8a75284f881824fd4e3eff4be4

          Download Submit

        • memory/2896-0-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2896-4-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3140-6-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download