Overview

overview

7

Static

static

3

0d56e7e3f8...bN.exe

windows7-x64

7

0d56e7e3f8...bN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2024, 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d56e7e3f8288718ddd97e9b6035179ea01a54dc942b89bd3cd5de1cab725b1bN.exe

  • Size

    81KB

  • MD5

    b850d8dfc68534c3d4aba8f0abd475c0

  • SHA1

    7cf9e7a280eb66f9c859ebcac5616fd8add3097f

  • SHA256

    0d56e7e3f8288718ddd97e9b6035179ea01a54dc942b89bd3cd5de1cab725b1b

  • SHA512

    20e19fa5103c216e2cce134c074b9f142c00af345e1dfb598941c4ce5c30a08932974976959616b5ff69181d0aca6ae584be72804059ccfd4d8c7cc28d822657

  • SSDEEP

    1536:86RAo0ej2d6rnJwwvlNlIUBvsI7hrhEh9cpDN/qhAvP3OInvnHvvxIfhqhcGoI/o:xAo1lOwvlNlXBvsI7hrhEh9cpDN/qhAo

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d56e7e3f8288718ddd97e9b6035179ea01a54dc942b89bd3cd5de1cab725b1bN.exe
    "C:\Users\Admin\AppData\Local\Temp\0d56e7e3f8288718ddd97e9b6035179ea01a54dc942b89bd3cd5de1cab725b1bN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:1952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    81KB

    MD5

    7e71680ce7b2d09b6e5346c5d5b1d4d4

    SHA1

    d19fa04245093f38dcecf0ee82395cc8630a0d9c

    SHA256

    bc8afffc1cfd13e3ba29a22e6c4552a2954a23504bd658219cb2188919a41f6f

    SHA512

    b7f7709f7cab30fbda6c98d98fd352b2a812b33951e1db32c264061d4349eb9c796855259e867e009e5d9e2dac3cf471fbba6c9c3aadad17727b4a8a94abe3d0

    Download Submit

  • memory/1952-10-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2024-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2024-7-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2024-3-0x0000000000220000-0x000000000022F000-memory.dmp

    Filesize

    60KB

    Download