Overview

overview

7

Static

static

3

9e87fd5779...eN.exe

windows7-x64

7

9e87fd5779...eN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 18:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e87fd57798ebca7d99a8835cab583dac29cf0e7af8a47fc12d8e09be041e7deN.exe

  • Size

    60KB

  • MD5

    b0b037ea162162325a0ac948e18ebe70

  • SHA1

    9c26ed13f6bf898f416da7cb09649d69831c0902

  • SHA256

    9e87fd57798ebca7d99a8835cab583dac29cf0e7af8a47fc12d8e09be041e7de

  • SHA512

    8a28ac0acd7bf23460e982bad13d1f72497511358e606efb28372802bbc1c6bd7b7e11506e85bf50bfffd446499488cc0b2b3600e9e5418decd4963d6f5b6045

  • SSDEEP

    1536:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYVFl2g5u58dO0xXHQEyYfdhNhFO5h3xhID:+MA6C1VqaqhtgVRNToV7TtRu8rM0wYVh

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e87fd57798ebca7d99a8835cab583dac29cf0e7af8a47fc12d8e09be041e7deN.exe
    "C:\Users\Admin\AppData\Local\Temp\9e87fd57798ebca7d99a8835cab583dac29cf0e7af8a47fc12d8e09be041e7deN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3760
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    60KB

    MD5

    904b621043cfb31aebb7bfddd0c2bf49

    SHA1

    9b71cea21d5a2110bf33b4da4bdb267016da476a

    SHA256

    05314b5fcb0616f357c665c16a9f65b1658f6aa2f9d80523f87970fc5c286520

    SHA512

    c7bb0c6bc91e7302c115494de6a8808de25e69ad39fbc9c2b9a483bc91138418a3628d31b86c9864687582e34b22e969109b5bd222b0e802564f6509ca46a18f

    Download Submit

  • memory/752-6-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3760-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3760-4-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download