Overview

overview

7

Static

static

3

b2981674e3...86.exe

windows7-x64

7

b2981674e3...86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 02:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b2981674e3ca852f89539b019b423fe706178ca41c78efbc9b813b818fe7d386.exe

  • Size

    43KB

  • MD5

    535bf7c06692b073b787286510254e77

  • SHA1

    1070918ae960916fa8e847218c132554740a69a6

  • SHA256

    b2981674e3ca852f89539b019b423fe706178ca41c78efbc9b813b818fe7d386

  • SHA512

    b8fc21555c8dc6c61e4d916e950488f628c7b201fc382189e7135da09a1f78f55ce742c8c9abdbed2b50d941219f8c434ca388e9bc0b2bdbcff578984de54820

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNh4:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYY

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b2981674e3ca852f89539b019b423fe706178ca41c78efbc9b813b818fe7d386.exe
    "C:\Users\Admin\AppData\Local\Temp\b2981674e3ca852f89539b019b423fe706178ca41c78efbc9b813b818fe7d386.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    43KB

    MD5

    9105fad07b6a0f46bb623c9254b27429

    SHA1

    56cb282e83ed20ee809c6c3f814bf49ba205b3d2

    SHA256

    41d44c0c6ec9436382a14c3eb1baa396008eabfb1f645c6cd49d1d7d6077d36a

    SHA512

    072f07178a22c528e9ffd593fd6d02935403193d536512d99026d349ab0af97d68684fd0c628ed194165fb70140101b68516926eb34c516c47b7bf0a4a46c05a

    Download Submit

  • memory/1732-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2352-7-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download