Overview

overview

7

Static

static

3

13defa5b28...0N.exe

windows7-x64

7

13defa5b28...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2024, 21:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    13defa5b28f0cbf50f2f5e9b943e8e70N.exe

  • Size

    39KB

  • MD5

    13defa5b28f0cbf50f2f5e9b943e8e70

  • SHA1

    3874a377a23634f94101e94be4622815c459cbd3

  • SHA256

    7f8f2857279cd90b3e12c90685bbf535a176a68e048d8b16db16a28c8cf6184b

  • SHA512

    8e4a7296c1e621b19c3dd59e9ef078bf07dc5d3c4764de5ee01be74ea385c006c0d662cc57eb88c6893953be675fc9b26f4c1519be971e236b9183d74c0a8f7d

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhX:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wY3

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\13defa5b28f0cbf50f2f5e9b943e8e70N.exe
    "C:\Users\Admin\AppData\Local\Temp\13defa5b28f0cbf50f2f5e9b943e8e70N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3104
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2372
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4396,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
    1⤵
      PID:2488

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\microsofthelp.exe
            Filesize

            39KB

            MD5

            2a17a02a2b10c70f3fb0b15fbb956b11

            SHA1

            7da33eb98adcbaa64906f7bf13b70acf1c707f47

            SHA256

            7a819427821a294d2668ce617a46918b15a34f629c28fbae125593fe8ab4de16

            SHA512

            db6869fc90c97ac0c1fc34ae24003418c088925afdb0793d37d56905ad46c687901fe926447316342146a6838921b85e6caf31b0d2caf087164ea619d1c73ef9

            Download Submit

          • memory/3104-0-0x0000000000400000-0x0000000000403000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3104-4-0x0000000000400000-0x0000000000403000-memory.dmp

            Filesize

            12KB

            Download