Overview

overview

7

Static

static

3

c06a740ccd...0N.exe

windows7-x64

7

c06a740ccd...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c06a740ccd49b7f306921934f1cfc430N.exe

  • Size

    63KB

  • MD5

    c06a740ccd49b7f306921934f1cfc430

  • SHA1

    3494559603c6d8bcaca94a3ead6a62ae750eccbd

  • SHA256

    1a4ae8d5bbcb2a8695f526df478a71a46825b541ca8defd19394b62d46ec745d

  • SHA512

    cacf260782e763dc6cb1eec8db3f78436b35d7fdc29e81c5ff6e47ce8ac73195558f6b34ebe6bad7c5542a2d0cb95b806bae432d0c72d61a8d7faeaa63d979ff

  • SSDEEP

    1536:lAo0ej2d6rnJwwvlKlIUBP6vghzwYu7vih9GueIh9j2IoHAjU+EmkcU+uZd7ZY8O:lAo1lOwvlKlXBP6vghzwYu7vih9GueIt

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c06a740ccd49b7f306921934f1cfc430N.exe
    "C:\Users\Admin\AppData\Local\Temp\c06a740ccd49b7f306921934f1cfc430N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1044
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:1904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    64KB

    MD5

    3d53ce28725b6e722a26b7a17800e6fd

    SHA1

    2819b6ea106fabbb354576634bed9c102417f825

    SHA256

    fc4062ee6b76c6db9bac65b03013c4796343f642a51500af63c9dad806c0389d

    SHA512

    ca64ecfa02aeb20983c79825e9acb03f4dcaa6092645d2d18105ed9063986fd6c523b2fa2d337730711fdb99e580a2e8b79acea69c23448055ca977a283c32b2

    Download Submit

  • memory/1044-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1044-6-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1904-8-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1904-10-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download