Overview

overview

7

Static

static

3

d068cb8f60...0N.exe

windows7-x64

7

d068cb8f60...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d068cb8f60b9392def215a69aae7e9a0N.exe

  • Size

    37KB

  • MD5

    d068cb8f60b9392def215a69aae7e9a0

  • SHA1

    c987e4c8ce8fafa1b22322e8138b4295babc74ea

  • SHA256

    40e6094eb67515aec0c454cbdfc6ff79ce9851feb7cbefe4af30200cd3003615

  • SHA512

    5e6b951f393b10ad18a95d91b4194041156bffc428129c44260ef9ad5f3d74d286ecbfc0b08852be2d9c99c36a672129bc4a332908b9ec3fb8770c7c6d734819

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjUvJw3/n:e6q10k0EFjed6rqJ+6vghzwYu7vih9GU

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d068cb8f60b9392def215a69aae7e9a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\d068cb8f60b9392def215a69aae7e9a0N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    37KB

    MD5

    226e7fd172bc2da9827b36e1602bc6f9

    SHA1

    cab6f4076fc9d0f2fc8b389af43ddceb17ed681e

    SHA256

    4174b6796f017f8f23940ec5b5df2a6de8d78ed82d56668e0b02055210853e2c

    SHA512

    9a91b3a66a92aa775afa01514051fcdcf52e90102ab8023db41f38271d755f1ca0107a9bb7df2c80de3df1319e54931e13e2ffacaee1ba9a0c835f1a57e9a5b3

    Download Submit

  • memory/1940-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1940-3-0x0000000000230000-0x000000000023E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2408-9-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2408-11-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download