Overview

overview

7

Static

static

3

d92ff2d3e9...2f.exe

windows7-x64

7

d92ff2d3e9...2f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 02:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d92ff2d3e93aa9845346fa1703feb946b2d8e5efaa37af9c3a24fb40cc09492f.exe

  • Size

    45KB

  • MD5

    b947ac61c2c8e38cf9c8c9246ed06da3

  • SHA1

    dafa1ab399451c99d6dc8fd8d899b348740b6cc8

  • SHA256

    d92ff2d3e93aa9845346fa1703feb946b2d8e5efaa37af9c3a24fb40cc09492f

  • SHA512

    15940eab5520472d55937f758560139c4c4a8f75dfec4011d231d01cab571368b5d4b86f9d6f81e44a8dbaec7d234e5e76340366deb70561feb39f34acef63db

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNht:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYN

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d92ff2d3e93aa9845346fa1703feb946b2d8e5efaa37af9c3a24fb40cc09492f.exe
    "C:\Users\Admin\AppData\Local\Temp\d92ff2d3e93aa9845346fa1703feb946b2d8e5efaa37af9c3a24fb40cc09492f.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1160

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe
          Filesize

          45KB

          MD5

          2a682ac28c929e41c1aadb4bda55f90d

          SHA1

          99e836f5eddf9348cab3b53fde321eb9cf4f32c6

          SHA256

          2bea4dabbb64932eb5b0549f755a73f7f263fe29c382a42010f598f4d864dd4f

          SHA512

          91dcd1ed407fc56c03b63c06c8602a2c8ad44c702c3d0ade7ef7e381a501f996e3dd525a1373656d261c3631e925d2fbf1b3c7a672831bde67f88bd483d6d06f

          Download Submit

        • memory/1160-9-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2260-0-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2260-6-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

          Download