Overview

overview

7

Static

static

3

c69bb77c6c...2N.exe

windows7-x64

7

c69bb77c6c...2N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c69bb77c6cc598fd568a69f13235e50f86be2da3dc9b301d9e600cacc95beeb2N.exe

  • Size

    78KB

  • MD5

    ad0eb8a2c240cc466b880b31536176f0

  • SHA1

    86497534921b1fb1a7cb69d553652aa586ff5132

  • SHA256

    c69bb77c6cc598fd568a69f13235e50f86be2da3dc9b301d9e600cacc95beeb2

  • SHA512

    6e3db927bb3993eb7e51fb8da7dfb5271ae68905a93bea407c62a7e9ca1f6522601740d8aad7cbdc19cca8bae76c5f7f993cbae57dc604f8213446c804ea60a2

  • SSDEEP

    1536:86RAo0ej2d6rnJwwvlNlIUBvsI7hrhEh9cpDN/qhAvPHG3GvUhCHi1X5GoOvmHO4:xAo1lOwvlNlXBvsI7hrhEh9cpDN/qhAi

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c69bb77c6cc598fd568a69f13235e50f86be2da3dc9b301d9e600cacc95beeb2N.exe
    "C:\Users\Admin\AppData\Local\Temp\c69bb77c6cc598fd568a69f13235e50f86be2da3dc9b301d9e600cacc95beeb2N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:4840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    78KB

    MD5

    d43942aa4a1e4f8e295a26f9fc17084b

    SHA1

    18667233a04ec0d8fe955d97526c95f4a9360dc3

    SHA256

    51d0a0ad4c5a256299668606af7d8142d602424719786e245780c841a0185036

    SHA512

    63f812e8e902f1e61775d384eaba0b919b4f0be0aa653e92253d890087aaabf50b23c74608cc5562c4f7a2231570130620882ada7e8bc3ae5d50814c7a7d2942

    Download Submit

  • memory/2736-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2736-3-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4840-6-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download