Overview

overview

7

Static

static

3

6ae06ec976...0N.exe

windows7-x64

7

6ae06ec976...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ae06ec9760b566de6a89732dc592b80N.exe

  • Size

    62KB

  • MD5

    6ae06ec9760b566de6a89732dc592b80

  • SHA1

    063d839fad1dda786a630a64e62d4d35aef09cdf

  • SHA256

    363daf6f7d0a0a261a08bb25276451d6ddee891f7271ae2542b9e463eabd6998

  • SHA512

    78102ed9e7626e0cbd93f81c230f501ea996eec627519d5e99aa1407a34da97dba318d57513012621477f7dff2de4ecf578f112595eac96f37c2b621452a57b3

  • SSDEEP

    1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAjUvJQ/johleHhvGh42:NAoglOwvl4ulkP6vghzwYu7vih9GueI2

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ae06ec9760b566de6a89732dc592b80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6ae06ec9760b566de6a89732dc592b80N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    62KB

    MD5

    91ac998107e88cebb8a10a6e6dad1d01

    SHA1

    0ac322a01b0f1793359b8eee214f2d6e3f90b7f3

    SHA256

    6a28abd34b548c73f38cd73e2c6eeb42228343c4551f3c0f995d7e42dd4ac867

    SHA512

    8ef9197641c2e91a46b5f321660eff8cd33cc87fdf2502047f0f1a415dd9ac2207a338006ddf4e33a1b9143bc14a40fc9d8f7710477bb0e886ae37515a2b8101

    Download Submit

  • memory/2320-10-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2604-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2604-3-0x0000000000220000-0x000000000022F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2604-7-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download