Overview

overview

7

Static

static

3

e343e78cdb...0N.exe

windows7-x64

7

e343e78cdb...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e343e78cdb1edb8076def1a83f2a6030N.exe

  • Size

    39KB

  • MD5

    e343e78cdb1edb8076def1a83f2a6030

  • SHA1

    7ab578ac90c5536edc4cdec1ea21546e9af31f04

  • SHA256

    d948dde2586219ec059a4a9268c6d2f0c764dbe1a54110240728d308b2219219

  • SHA512

    f2ae6caf93e6fd7eb9f15876096eab27a862f3d3a4932d1cfab3d2bd71b3266e17fa6eace4e93bd129f5afed0d1a65221e44ba5753021c59ba65bd32dbefccf7

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjU+EmkcX:e6q10k0EFjed6rqJ+6vghzwYu7vih9Gu

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e343e78cdb1edb8076def1a83f2a6030N.exe
    "C:\Users\Admin\AppData\Local\Temp\e343e78cdb1edb8076def1a83f2a6030N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:348
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:1016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    39KB

    MD5

    2b97dde9a872b0a2af57111e61eeafb1

    SHA1

    6067cc616d400dece7e25f6376c3cc983b903a3a

    SHA256

    91ccaba3792c69b5f48c7f05c2203d3b9d33c192fdd00e45a3ef0c6a5a89d0a5

    SHA512

    e599126756675bbc4e3e26eb10f82ed09888ea494f62054441a71812ccfca395839257f2e60108b619f9b08447809a8d6d94f9601cc4979d6dcbe7e16d6cb527

    Download Submit

  • memory/348-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/348-7-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1016-9-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1016-11-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download