Overview

overview

7

Static

static

3

91f0ff8e90...1N.exe

windows7-x64

7

91f0ff8e90...1N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    91f0ff8e9029c3126eefd22c119291caeea42ba252c9bfcbd89dc1b38e76c3c1N.exe

  • Size

    51KB

  • MD5

    18c2dfceb211ade5d0d9450b1c6bc570

  • SHA1

    30a6fe5a14e59c0fe5723752083650cac5cb280e

  • SHA256

    91f0ff8e9029c3126eefd22c119291caeea42ba252c9bfcbd89dc1b38e76c3c1

  • SHA512

    a788ca91b123dbb0ee61289da47ff37aa3b5adda2d174ad6e1111e786d41da8d63765e719e2a6afe7829fa2443bf7b398740f073e04cabea115aca832c723211

  • SSDEEP

    1536:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYVFl2g5u58dO0xXHQEyYfdhNhFO5h3xhI:+MA6C1VqaqhtgVRNToV7TtRu8rM0wYVO

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91f0ff8e9029c3126eefd22c119291caeea42ba252c9bfcbd89dc1b38e76c3c1N.exe
    "C:\Users\Admin\AppData\Local\Temp\91f0ff8e9029c3126eefd22c119291caeea42ba252c9bfcbd89dc1b38e76c3c1N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    51KB

    MD5

    e03077eb2f04fe5d54b556365b3cd931

    SHA1

    3987b5f16d294a0ed00db5fe19ea3cf3ecb7c188

    SHA256

    37b312d232c8a92949621e0954a72a007afd5571d23fdb7d7f7ba60829d77a2e

    SHA512

    e1e71a40fa50634b64fce64142eb179a2178a21b01d9c4013647e75da0f2dbb9848319132e0ba82bf8d22145f8d6b9f09980429bb7079fe2321b340e694f4414

    Download Submit

  • memory/1708-9-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2280-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2280-6-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download