Overview

overview

7

Static

static

3

ba29cf7296...16.exe

windows7-x64

7

ba29cf7296...16.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba29cf7296c993986aaa08170d642211be14f16b2704e67de0a51067b3616116.exe

  • Size

    44KB

  • MD5

    8820e2e2b91b1c77cb8548fa7e3de1b7

  • SHA1

    5888c9db1c14bacb88b0e26bd6521e9133270d36

  • SHA256

    ba29cf7296c993986aaa08170d642211be14f16b2704e67de0a51067b3616116

  • SHA512

    c6f8ef3b9e13ace6f8e422dbfdd59a7fd03df21d24f3e54b9bcf9d3213a6c870425c9b4500f4e140ae74224201d24027a1a50979c8bc8b5fa0fea4ec0f7d0bc5

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNht:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYN

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba29cf7296c993986aaa08170d642211be14f16b2704e67de0a51067b3616116.exe
    "C:\Users\Admin\AppData\Local\Temp\ba29cf7296c993986aaa08170d642211be14f16b2704e67de0a51067b3616116.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3116
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    45KB

    MD5

    7a7543118a3b1f40175deb587f89f388

    SHA1

    af13ad72384998f07813093cc2f0855f013d8e72

    SHA256

    625cc262a747ba77223051f5900a90dbf5c640603c2c53cd330d67ac8cf0dd02

    SHA512

    66e952dc80f29f97fa463a2a4d2772a2731b07d1703819a94a74ea9dcb48a9aa4b1f4ff3a1281c45d297059bc211a99e914f217e6527e68b75083e26638bb729

    Download Submit

  • memory/3116-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3116-4-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download