Analysis
-
max time kernel
120s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21-08-2024 04:23
General
-
Target
b3c41b2fafb10b5f1c29f3523c9ce280N.exe
-
Size
77KB
-
MD5
b3c41b2fafb10b5f1c29f3523c9ce280
-
SHA1
d3561a710f6529845dcd2bc16404d1cac78447dd
-
SHA256
ebd0bd4778346204e1b7173a954e7a5f6a4799454a5b72edc45cf269fdbab232
-
SHA512
04648d03a191db3d2b08b8153e939901f3c038d6ed9cad078a3696850b4136f8508693efb18867a6fd0f55c7eee40661332234194ef58538c82bf807cd28bd7d
-
SSDEEP
1536:86RAo0ej2d6rnJwwvlNlIUBvsI7hrhEh9cpDN/qhAvP3OInvnHvvxIfhqhcGoI/D:xAo1lOwvlNlXBvsI7hrhEh9cpDN/qhAD
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b3c41b2fafb10b5f1c29f3523c9ce280N.exe"C:\Users\Admin\AppData\Local\Temp\b3c41b2fafb10b5f1c29f3523c9ce280N.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
77KB
MD5caec7a2d70cfaef267360e2458b2e658
SHA10d4e73781fd8a6e7618623cf8c15cf37fa9021c7
SHA25642902f805be6fa42d74ad5a3e24f6fb7c59f3229083aa5e6bbfffa1cf567b84a
SHA5121707c314d439af83a8fceab58848594f482530c4e20d30ba3cd6f82bafd94f58ababe37e9e5cd54e6b079ada2f008de108acb6baea4fffc2623591746f6d24a0
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
60KB