Overview

overview

7

Static

static

3

d026c7dbab...aN.exe

windows7-x64

7

d026c7dbab...aN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2024, 06:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d026c7dbaba48e71224e9b70032a4daaac664ac447e8b38ede13206fcbb025aaN.exe

  • Size

    38KB

  • MD5

    58cb8fcc63258ffb7d220e04b0164ea0

  • SHA1

    422dcf78a0989eb8080cd490b3e3c23e85ae7f20

  • SHA256

    d026c7dbaba48e71224e9b70032a4daaac664ac447e8b38ede13206fcbb025aa

  • SHA512

    bef7a4ece745392e09166015d6eaf57ba5c9519fe085c1fa4d82dc49d160c03376a0aacad48c4388ca9dbc6a40d2bffcd4b2bf0fde676160e72cedb8024ae081

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjU+Eh6Iv:e6q10k0EFjed6rqJ+6vghzwYu7vih9GD

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d026c7dbaba48e71224e9b70032a4daaac664ac447e8b38ede13206fcbb025aaN.exe
    "C:\Users\Admin\AppData\Local\Temp\d026c7dbaba48e71224e9b70032a4daaac664ac447e8b38ede13206fcbb025aaN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4072
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:3104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    38KB

    MD5

    b4d72ca390da3ef69993d47722c737e5

    SHA1

    78eaaf03b96f254eac728d92d8d73376d9763bfb

    SHA256

    72988e2878c6b507e70c62468b69c03446bf3abacc6f179c8778245aacf97662

    SHA512

    e730c5f5d3c1ad40abaceb90c02c68bc66c69d816318c785aa481c1a1fcfa64182fbbbb7eaee6cf444042c5a15ff9be84c4ab00c328668b220ff0494be041dca

    Download Submit

  • memory/3104-6-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4072-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4072-4-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download