Overview

overview

7

Static

static

3

eb690b5917...03.exe

windows7-x64

7

eb690b5917...03.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 06:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    eb690b5917eff9ba739ecf878640fd0aca27deba73852cb0c0c2fa3504433003.exe

  • Size

    41KB

  • MD5

    cc0b6d779e32257de6929e85d6cf4869

  • SHA1

    fe89e9b057e6fb94fccb56ad27d7bc9116b86db9

  • SHA256

    eb690b5917eff9ba739ecf878640fd0aca27deba73852cb0c0c2fa3504433003

  • SHA512

    50fb6a43f12955787a1784708d44d6492dc946609c6cfa468d8da3e403860f778d789edeeb244f19ab306cb19d51e3bd46c0f15949fb488fb06d7105463d74e0

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhu:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYO

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb690b5917eff9ba739ecf878640fd0aca27deba73852cb0c0c2fa3504433003.exe
    "C:\Users\Admin\AppData\Local\Temp\eb690b5917eff9ba739ecf878640fd0aca27deba73852cb0c0c2fa3504433003.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4692
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2040

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe
          Filesize

          41KB

          MD5

          1cbd4d499cf98dcf7218e118c8e08401

          SHA1

          082a31b700c372ffd545f78dfdce9dd0e870c2f1

          SHA256

          f58d902b5bdfd8eb9f978e385d9b216d30871f04a03f25e8e07fddbaeef9b4f9

          SHA512

          eb8773918890c57b107ea11932781fba4d55e0c65c146ba7e386702e7dc5bd8704818c03e0435685a469bb4475678791bb5842be8d802677dcc007cd396cb426

          Download Submit

        • memory/2040-6-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/4692-0-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/4692-4-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download