Overview

overview

7

Static

static

3

dd171a357f...6N.exe

windows7-x64

7

dd171a357f...6N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd171a357f13c95cc4282ad267e734a365e3e9bf8c22d43d5956264a98c39886N.exe

  • Size

    67KB

  • MD5

    7355361179bd12e6679c02061981af50

  • SHA1

    95c294ef5c96cf75d0caaa571b157287a697b16e

  • SHA256

    dd171a357f13c95cc4282ad267e734a365e3e9bf8c22d43d5956264a98c39886

  • SHA512

    a1aa304c7f287ad50730d23f1d62beabcfd40293c74862059fb8cbaba3b9590c68a8db4321555c843d1e036fbc5b4dfe75df55d0f0be31202b3a703a038b8c7b

  • SSDEEP

    1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAjU+Eh6IbRJhHhLhIKt:NAoglOwvl4ulkP6vghzwYu7vih9GueIQ

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd171a357f13c95cc4282ad267e734a365e3e9bf8c22d43d5956264a98c39886N.exe
    "C:\Users\Admin\AppData\Local\Temp\dd171a357f13c95cc4282ad267e734a365e3e9bf8c22d43d5956264a98c39886N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:1720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    67KB

    MD5

    34141dcd68083cd87712804c0a57cdbb

    SHA1

    39df146bd0e9d37c53958c8102c1b3f31687cdd3

    SHA256

    db5cd2e0e37c705becf378c4f643d37446c5607e341a8e8606efd370a2bfc8f1

    SHA512

    e4cae04641cf2d5fbaede8e981700171056314c9bb658f7c8132a261420383ed589d807a27cf8081df64b911b856e65bf97538122c277c9148fa054b405c36a4

    Download Submit

  • memory/1720-8-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1720-10-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2548-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2548-6-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download