Overview

overview

7

Static

static

3

b962c2cc38...dN.exe

windows7-x64

7

b962c2cc38...dN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b962c2cc38a8db3969d875061964c45f0f0263f37aee893df0297d94835cc76dN.exe

  • Size

    41KB

  • MD5

    3db169696f7eab43a375240b63c68fa0

  • SHA1

    ac415f79c5c7a55d9b5d79d82a4efbdd9ec2e612

  • SHA256

    b962c2cc38a8db3969d875061964c45f0f0263f37aee893df0297d94835cc76d

  • SHA512

    4bf5cc6551f6af7a68ac2bd1560adb7ca036af9db100202f8c9bcd632b50005516d9afa4e3dfe3823b07fbc420d774e9d8da02d4b46b552d8db6566eb9d20f84

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6v8tvGE9UHrSdghj8bvHRIkhbUIchUh8R:e6q10k0EFjed6rqJ+6v8tvGE9UHrSdg7

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b962c2cc38a8db3969d875061964c45f0f0263f37aee893df0297d94835cc76dN.exe
    "C:\Users\Admin\AppData\Local\Temp\b962c2cc38a8db3969d875061964c45f0f0263f37aee893df0297d94835cc76dN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4304
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    41KB

    MD5

    f181e040c2d5f96c0a30c1fe3564f928

    SHA1

    528a9b98ed7666901197090ee43f2ee84d79875c

    SHA256

    8fa4bdb1fbea9fbbb939d61df08bc013e430b5a5d416fadcab56b06eb597cf9c

    SHA512

    cc3bc370c94466d312121cc2e3e4702c6aaef159475ae6b3aca4649f26fd8a78b53aa5a7ca6ef886d106fef5db55905dc74003d997401c1161179d41cbc30579

    Download Submit

  • memory/3020-7-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4304-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4304-5-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download