Analysis
-
max time kernel
119s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06-09-2024 14:22
General
-
Target
ea37856b0268758a43ce5b8954043dd0N.exe
-
Size
64KB
-
MD5
ea37856b0268758a43ce5b8954043dd0
-
SHA1
23ce32bfc4d884b3c610e48349e8233d48be73d4
-
SHA256
c71cb4b27b4d952fd45923353abd221290d702720459b6ac35422222f62a8d3b
-
SHA512
5368c673af7206b746c8d555c13469877fc55963ba9af3b95d8ba39fd0e34e45e11ef69fd7d99a4343156e06f4a813e5ab5535ce4b9b2ee99bd407ad906d4ed9
-
SSDEEP
1536:lAo0ej2d6rnJwwvlKlIUBP6vghzwYu7vih9GueIh9j2IoHAjUvJQ/johChPhbhhR:lAo1lOwvlKlXBP6vghzwYu7vih9GueIR
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea37856b0268758a43ce5b8954043dd0N.exe"C:\Users\Admin\AppData\Local\Temp\ea37856b0268758a43ce5b8954043dd0N.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5c743a76ec779d0bfe0daae1075bf05ac
SHA1e1446ff187b39c5ba7821fcd538f86659e325efc
SHA256e2e3bfa0155a4e27b7adf88edc81432ca5847e41489570204dcce12385149203
SHA51266ede6f10df842336ed7303024caf0965d132cb0390b11bd4043f17f3044821888215ab8bb33bb9165c82e356c90938dd3bc99ce7de6fa0384cca3c5212cd182
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
60KB