Overview

overview

7

Static

static

3

Trojan.Aut...40.exe

windows7-x64

7

Trojan.Aut...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trojan.Autorun.ATA_virussign.com_135db4c64a6b4a27efa076ec2289df40.exe

  • Size

    39KB

  • MD5

    135db4c64a6b4a27efa076ec2289df40

  • SHA1

    b13d6638314b59108276821b8d1ea529e4123565

  • SHA256

    bbba923927a1db53ce06658cd42d4757ecbfbecfdf4135bedead83bd6a6be991

  • SHA512

    caa48f868bb8f0b51cc9ad16edea8e5b7939c5c10daa036adc58b1b3760caa739da595d1b1b006a820204ae73dc15479c8a108ba4e3196fb32dcb2db25ecabbf

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjU+Emkcg:e6q10k0EFjed6rqJ+6vghzwYu7vih9GF

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan.Autorun.ATA_virussign.com_135db4c64a6b4a27efa076ec2289df40.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan.Autorun.ATA_virussign.com_135db4c64a6b4a27efa076ec2289df40.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    39KB

    MD5

    a9333a739deba2f60bd8cf5ec4284a97

    SHA1

    ce0a64d356e0a86a48de25e2c1252cc90b2adbaf

    SHA256

    7887d8276f61832d2c5aa5c064364e8542f148f317d11a29624de6b25cf5f18e

    SHA512

    85a416819346a8cbc91384085a45bc64556e33d387b1f54c9ba41abb6f1344bea1184bda7544da148728258e53034825e86a31a1483b934d031855b28ace5842

    Download Submit

  • memory/2188-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2188-8-0x0000000000220000-0x000000000022E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2188-7-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2760-12-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download