Overview

overview

7

Static

static

3

cfcc181a49...6N.exe

windows7-x64

7

cfcc181a49...6N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfcc181a4914e5388e469b5718c07efd5a8aa0c96a7b1be2a2e8dd90cb553b76N.exe

  • Size

    69KB

  • MD5

    f4e40459f052d23eea19822461ca2b40

  • SHA1

    70217f5ddf38f7d9e5adfe6939a501fba8dd6642

  • SHA256

    cfcc181a4914e5388e469b5718c07efd5a8aa0c96a7b1be2a2e8dd90cb553b76

  • SHA512

    b42d474b2bd2ffb45b9a1ef8020762a0ceecb3d31f60cee0792352858e64e2154c02c9ac4807c06f313d40db5f857555b75cf180727adceb7650ac7d29b5a7b8

  • SSDEEP

    1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAjUvJQ/johChPhnhHuF:NAoglOwvl4ulkP6vghzwYu7vih9GueI+

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfcc181a4914e5388e469b5718c07efd5a8aa0c96a7b1be2a2e8dd90cb553b76N.exe
    "C:\Users\Admin\AppData\Local\Temp\cfcc181a4914e5388e469b5718c07efd5a8aa0c96a7b1be2a2e8dd90cb553b76N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:324

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    69KB

    MD5

    fbae0e6d271ac97de753f72fa76eeba2

    SHA1

    86789f4c40094d98e525b92babe31ad53017efb6

    SHA256

    72fb5d81e446285c5b1b358d678982d6be9b875e36665b90bd25f1b6eceb2254

    SHA512

    4b4a95f525fcf081b8d6dd1a9e64ae29501cdb80e22d98d9fdec575d1c824e0e2899885d12caf17b65e573855f777eafd5199a4c24e2e2652d54dc7de60f3a85

    Download Submit

  • memory/324-9-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1720-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1720-3-0x00000000002A0000-0x00000000002AF000-memory.dmp

    Filesize

    60KB

    Download