Analysis
-
max time kernel
119s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21/08/2024, 00:54
General
-
Target
6e873121c8b81490985757a7c258bf90N.exe
-
Size
62KB
-
MD5
6e873121c8b81490985757a7c258bf90
-
SHA1
44ba54d170633df1b137247ecb8c769ebb1643a9
-
SHA256
a1f2211d1fe3256d5959eda3d5bc79661366384052a0ce50fde135de77db138d
-
SHA512
5815d58fe077678f9255ccf57e6ad74f49ae4c27d9823ea42dff8adba7abfa4bf2a1bf140ff45b6c57483caf695d2df2e9095ec0ea22fcd61d8b95b4b1f42b4b
-
SSDEEP
1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAcBHUIFvSxChhMhyhkW:NAoglOwvl4ulkP6vghzwYu7vih9GueIk
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e873121c8b81490985757a7c258bf90N.exe"C:\Users\Admin\AppData\Local\Temp\6e873121c8b81490985757a7c258bf90N.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD5077530d7d44d0da87853c34c0edbad35
SHA1b9a700727fe4ff8d1867e368c1f44598fc7df93d
SHA256392ee58c897d42cf09f5777e80a3385f8c98ea932c066f17ad0167aea678910e
SHA51266b11ea49639ed2317351a7109a6c3fd7c7e78373375bff321a425d2dff3b8114bef3ff698b09e179fb9b7566ac6b7e3245f48b8a97f02f00a9626f05647f188
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
60KB