Overview

overview

7

Static

static

3

63e8f467da...0N.exe

windows7-x64

7

63e8f467da...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 01:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    63e8f467da609801db378e268b696eb0N.exe

  • Size

    40KB

  • MD5

    63e8f467da609801db378e268b696eb0

  • SHA1

    0805427d8b107978c31b348abd34b6d79b6add1e

  • SHA256

    53e0c1f59d2cb60aa8aeb19fa4d67719e61388e655546d686917ade75ac2ceed

  • SHA512

    ebaa6f0ef58897d26d092bce3d4433ee06d3718612a2f48c9d84189f24208fadba5e23effc6399ee9c5d457f6ee0c1a2000c0302a4628cc0d5798cbb37428bb3

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAcBHUIF2f:e6q10k0EFjed6rqJ+6vghzwYu7vih9Gw

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63e8f467da609801db378e268b696eb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\63e8f467da609801db378e268b696eb0N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3228
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:4548

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe
          Filesize

          40KB

          MD5

          181ad785074c3334fb499ea2b8e72fd2

          SHA1

          0f74167e1b29f8ede6d9ff0eceee39cb0fd904db

          SHA256

          283b6280d29a8a9d958ddff18994873db95fa86aa58f4669bc1f24b9c7ce6a10

          SHA512

          bdcd6a9b2a951c92ec558b40929d50b4f50e6995ead0f89a73ef8470e7fcf6dce870986a78645cdf9661c0cb9eae7988e109ddfe09c4b686a491460f6459628b

          Download Submit

        • memory/3228-0-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/3228-6-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4548-7-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4548-8-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download