Analysis
-
max time kernel
119s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
17/08/2024, 07:11
General
-
Target
badc756ef51cff9be2f8c159b0f3f0c0N.exe
-
Size
74KB
-
MD5
badc756ef51cff9be2f8c159b0f3f0c0
-
SHA1
e36d25dc7ce19e085a2e17ad2d76fbb200703f27
-
SHA256
5cf9db8dec175b1c6e2386575a9fe4656c7e6f963242db288f860c309e8a6863
-
SHA512
a09e7b7222bd9d087e3f1c75192c6eb533197af3b29ed6f325b04af87d9f18174cdbb57d494b0c946618680d7dee850b8a9d365eb1b2e9321d7fe5ae4a6c7fcb
-
SSDEEP
1536:86RAo0ej2d6rnJwwvlNlIUBvsI7hrhEh9cpDN/qhAvP3OChhW4dI0h4HCIzhUvT/:xAo1lOwvlNlXBvsI7hrhEh9cpDN/qhAF
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\badc756ef51cff9be2f8c159b0f3f0c0N.exe"C:\Users\Admin\AppData\Local\Temp\badc756ef51cff9be2f8c159b0f3f0c0N.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5b525fe55fa4f79c1042866560faad03d
SHA1f338dcbc741584e04fa80dcc2d15bbf715e55e74
SHA256c33586dbfa78ba07706db605d9b3e5f12547e8ce964932e08faf3ff16047b699
SHA51205659fb99f56e3f6739f8ebd36a7ef89ae1174d31c6885f78b8687a0f98ec23a524327b079715824441557b9b874d09525bf6b10cf667b2ab282a5d29501fe94
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
60KB