Overview

overview

7

Static

static

3

123bf59fff...0N.exe

windows7-x64

7

123bf59fff...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    123bf59fff7d53eb90be9cd79ba08450N.exe

  • Size

    37KB

  • MD5

    123bf59fff7d53eb90be9cd79ba08450

  • SHA1

    6244527b65ec10d8c4d62b3b970f04444cc0379e

  • SHA256

    8a46b06680ff5767aa24d6fea40549ad0b8359e7aeed89cf17b3dac91abebe88

  • SHA512

    551e280db3ebaba05ccedf245108a0b55e097ab8173cc11a8331a372ae3a209469df860afaac0685d34a6e1e400ba0ff2049e9e804a7081a8e7f5c3090a39738

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjUvJw3/3:e6q10k0EFjed6rqJ+6vghzwYu7vih9Gc

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\123bf59fff7d53eb90be9cd79ba08450N.exe
    "C:\Users\Admin\AppData\Local\Temp\123bf59fff7d53eb90be9cd79ba08450N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    37KB

    MD5

    e72c6448c46c215979a74c655ca22601

    SHA1

    7b57d72c8d2c3b610065f1e3ffd4f2743b03385e

    SHA256

    128bc2c9f4e07141a2bcc9f30a3f39d65d5bfd5dd1a29606f1f6585ca3fd773a

    SHA512

    d9dbb3d80f1e785a5f095265b3ec1f975a250a5352cd5c64d647f7739a033afb9147da1e824f400b405648917f1eb5bf05f30feb1737f590d22ef8139452973a

    Download Submit

  • memory/2156-11-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2444-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2444-8-0x0000000000230000-0x000000000023E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2444-7-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download