Analysis
-
max time kernel
119s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
18/08/2024, 16:21
General
-
Target
3c53ad3e35040ceef658ecb7267cedc0N.exe
-
Size
62KB
-
MD5
3c53ad3e35040ceef658ecb7267cedc0
-
SHA1
5ee58a891b1fdd9f97e0b5e4a37780b4c10e2832
-
SHA256
945f2ac29511d5afd79c0bff41eb980b41b2b59c8d4613c16418fd1c7ba9621f
-
SHA512
24dde2e9c4803900fcd7c08c8b25599dd127e0f79ff059e704eb95cf0018112d2a766eca1c651bcb61fe0acba2aa974d90da4eb26b094088669b715d9301785a
-
SSDEEP
1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAjUvJQ/johleHhvGh4y:NAoglOwvl4ulkP6vghzwYu7vih9GueIy
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c53ad3e35040ceef658ecb7267cedc0N.exe"C:\Users\Admin\AppData\Local\Temp\3c53ad3e35040ceef658ecb7267cedc0N.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD50f2e86b80a7c4773d8e41d2dc8258705
SHA1f6aeefcc86e0e4f135032abd0bc11094acd94b49
SHA2569ea07cda4711fcac61b2edea0fab8852cfa66c6ff65f1728c3f16ab04dbe061d
SHA5120f4424e01e5788f436f872937641e936a44806b364a5267f7b5a233e2d10ba72aae93c47f9b4ffe86dad09328a869a4e3b2dd88374e8bd65590f2441cfa98276
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
60KB