Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
20/08/2024, 22:34
General
-
Target
9cc706f56fc61eee4e4214fa3def6870N.exe
-
Size
74KB
-
MD5
9cc706f56fc61eee4e4214fa3def6870
-
SHA1
bb172e726520903951e31659cbf0fefb2edf7ee0
-
SHA256
b9ec09f584e8e5f914ce88e34ed892227132113fdaeffa7bd1e80c9b609a679b
-
SHA512
924289f4879effb35ee34a16b9791e5ceb6ad7496feb96f290f42048db939f3c1615aaaf5668d5f00b752f8b8682a2566edccdaf370bc365936323d40f4fe296
-
SSDEEP
1536:86RAo0ej2d6rnJwwvlNlIUBvsI7hrhEh9cpDN43vBKMvWPqH5kYhpvEHchVvhESz:xAo1lOwvlNlXBvsI7hrhEh9cpDN43vBb
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9cc706f56fc61eee4e4214fa3def6870N.exe"C:\Users\Admin\AppData\Local\Temp\9cc706f56fc61eee4e4214fa3def6870N.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5a80a3a244294934052c6b1ab39cf9351
SHA1e8e3ac8f9817391ef1fd532fb14b48a7a6640889
SHA2561c5d56ca43b7ff2fce6360fb93204cb543f364fdd838340c78f9624d366af9cd
SHA5124e5b3a304a1bee0a8a8306566fd4f4ecd0cc3be3ca79fb87b6f99c83f4590a96d34f0eb71bb80a3cd4b389301ea29155b091fbcf0fcbebbc2803f9631ba5e89a
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
60KB