Overview

overview

7

Static

static

3

8b6be615e2...0N.exe

windows7-x64

7

8b6be615e2...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b6be615e2425b2c4eb822cc46f61d40N.exe

  • Size

    63KB

  • MD5

    8b6be615e2425b2c4eb822cc46f61d40

  • SHA1

    519525e47d84776738a5c18432d96906d91380ce

  • SHA256

    66a29f2dc536cf2ff1e306a6204c316544749584be4751c93fea8016705bb3f9

  • SHA512

    0711bd53de4e32ef0d128bedc65b355001364c651e6fc7f62675575b856ec49495b84207ab41dc042a618adc8cc148f618c95c96126ddcec955bc63c0c356186

  • SSDEEP

    1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAjU+Eh6IbRJhHhLhIKp:NAoglOwvl4ulkP6vghzwYu7vih9GueI+

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b6be615e2425b2c4eb822cc46f61d40N.exe
    "C:\Users\Admin\AppData\Local\Temp\8b6be615e2425b2c4eb822cc46f61d40N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4696
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    63KB

    MD5

    0557c640249f01af012012ad945b3454

    SHA1

    d3059135d783ec746813485219928b6a153cbe91

    SHA256

    0791052bebf206232129f3f545dd6dfb43755e8a840009eeba2e13b62fa7cc03

    SHA512

    fee4029052c797fe0cad7709cb1fa3f71165c3cca2c685803701f774c40d8a9367f61ae36988c5d133ed3987ad3844f26440677eccddca73eb4ad978f14fb771

    Download Submit

  • memory/2920-6-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4696-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4696-4-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download