Overview

overview

7

Static

static

3

60adf5dc2f...5N.exe

windows7-x64

7

60adf5dc2f...5N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2024 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60adf5dc2f750370cf616faa0e7fd9b73f2704f37530d1a40b6c2d73e6905045N.exe

  • Size

    63KB

  • MD5

    86a15a028eceb5bb24e895c0601406b0

  • SHA1

    7709382c7cc831b85648e53548bd6f812963bf00

  • SHA256

    60adf5dc2f750370cf616faa0e7fd9b73f2704f37530d1a40b6c2d73e6905045

  • SHA512

    37dde6ca9649d5e2da88b3a71a6fe690f5d12d781f769500822fa467b998c9b8308a2902ddcab61098312a0957db6ffe825c66353adf9353301ee07b231661a9

  • SSDEEP

    1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAjUvJQ/johleHhvGh4Y:NAoglOwvl4ulkP6vghzwYu7vih9GueIY

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60adf5dc2f750370cf616faa0e7fd9b73f2704f37530d1a40b6c2d73e6905045N.exe
    "C:\Users\Admin\AppData\Local\Temp\60adf5dc2f750370cf616faa0e7fd9b73f2704f37530d1a40b6c2d73e6905045N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:3000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    64KB

    MD5

    85e2a140fa5fda0be3cbc417c9e57668

    SHA1

    ccbe8e548e1fe0549d79c11f3d9c1d869a3f4319

    SHA256

    a144773bf9423971f667aed8df7cfd433ff536e4a13ac8d27a9e2fe3465a3723

    SHA512

    02978387a1086f5ad25fc1b9ca86fb232e64cebbf10e9476bbff40067a9152c82b8ccf05ecfedb4b7a48ab2a2a2fc85c7a18451ac5f316c88a8e37f1d58ba74d

    Download Submit

  • memory/2852-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2852-3-0x0000000000220000-0x000000000022F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2852-7-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3000-9-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3000-11-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download