Overview

overview

7

Static

static

3

39b145b30a...0N.exe

windows7-x64

7

39b145b30a...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 03:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    39b145b30a656c267bca58431cee1cc0N.exe

  • Size

    43KB

  • MD5

    39b145b30a656c267bca58431cee1cc0

  • SHA1

    b945b743dcfc66a1047312d49ae9fc295fdce5bb

  • SHA256

    d61abb9ba12157b3eb244f3d5a3e3c76a1a0aa96622f7ee442c847d0ca123006

  • SHA512

    21b1d6ffb41b25fe34a5e1289a0ac4e06cc48564cd29a3820d9556b77f8a31322e38720008293dd9c3407a4185d52c98e1086bd7f28b12a3924055202f159370

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhL:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYr

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39b145b30a656c267bca58431cee1cc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\39b145b30a656c267bca58431cee1cc0N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2540

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe
          Filesize

          43KB

          MD5

          d4855cfcd013aa41268bd44247f32c7a

          SHA1

          307e576b0ae757ca0d64731b6d7423bdda6be8e9

          SHA256

          500cf802b5142c1966b628c8fc9d7da02190d298b4c30ba73d98ada7441dcff0

          SHA512

          7acff90ebb34c42f1cad1330e6973e1254774a06c05c62122ef22b8228f20addbf05aa108ca68ef6454ba4d845daba3a968129ace9f2d3f57eb8a913f9c761ee

          Download Submit

        • memory/2180-0-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2180-6-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2540-8-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2540-10-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download