Overview

overview

7

Static

static

3

4137b75e4a...8N.exe

windows7-x64

7

4137b75e4a...8N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 04:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4137b75e4a475c7af7f50df6de87c7bf8f6bdba5aff0603cfda459df7c8d5f68N.exe

  • Size

    38KB

  • MD5

    92b6232066c1fb65fe9984c3a0031450

  • SHA1

    1dd0ab3f901ed4c5a7ee9736ca5f96a8049dd5ef

  • SHA256

    4137b75e4a475c7af7f50df6de87c7bf8f6bdba5aff0603cfda459df7c8d5f68

  • SHA512

    9096cd682b882d9cec40725cc550174af6f8271930bd06a843fb753e1754337d4ea6123b916895e8d55250ddf62d48a076a102844f9ec1b4e31e5cf71bb9e024

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjUvJw3/h:e6q10k0EFjed6rqJ+6vghzwYu7vih9G2

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4137b75e4a475c7af7f50df6de87c7bf8f6bdba5aff0603cfda459df7c8d5f68N.exe
    "C:\Users\Admin\AppData\Local\Temp\4137b75e4a475c7af7f50df6de87c7bf8f6bdba5aff0603cfda459df7c8d5f68N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3696
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    38KB

    MD5

    742e94d86d284463471a1e8ab5e98fd0

    SHA1

    0799165625af62dd43e8e287b73e04670fb02ced

    SHA256

    a6937f0a4bf030d2de301926a3b7ecf37878aba5b56080c9c9d96c3236cad849

    SHA512

    0bffa9a7c59600589817f9a400df5a9891cd965b4f7b953eca4c67725a102234ee6c9522d9435bb3a2860c16546f14f34bcea40526e66e8c0b18bf708f342365

    Download Submit

  • memory/2484-7-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3696-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3696-6-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download