Overview

overview

7

Static

static

3

0d56e7e3f8...bN.exe

windows7-x64

7

0d56e7e3f8...bN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2024 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d56e7e3f8288718ddd97e9b6035179ea01a54dc942b89bd3cd5de1cab725b1bN.exe

  • Size

    81KB

  • MD5

    b850d8dfc68534c3d4aba8f0abd475c0

  • SHA1

    7cf9e7a280eb66f9c859ebcac5616fd8add3097f

  • SHA256

    0d56e7e3f8288718ddd97e9b6035179ea01a54dc942b89bd3cd5de1cab725b1b

  • SHA512

    20e19fa5103c216e2cce134c074b9f142c00af345e1dfb598941c4ce5c30a08932974976959616b5ff69181d0aca6ae584be72804059ccfd4d8c7cc28d822657

  • SSDEEP

    1536:86RAo0ej2d6rnJwwvlNlIUBvsI7hrhEh9cpDN/qhAvP3OInvnHvvxIfhqhcGoI/o:xAo1lOwvlNlXBvsI7hrhEh9cpDN/qhAo

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d56e7e3f8288718ddd97e9b6035179ea01a54dc942b89bd3cd5de1cab725b1bN.exe
    "C:\Users\Admin\AppData\Local\Temp\0d56e7e3f8288718ddd97e9b6035179ea01a54dc942b89bd3cd5de1cab725b1bN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3320
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    81KB

    MD5

    7e71680ce7b2d09b6e5346c5d5b1d4d4

    SHA1

    d19fa04245093f38dcecf0ee82395cc8630a0d9c

    SHA256

    bc8afffc1cfd13e3ba29a22e6c4552a2954a23504bd658219cb2188919a41f6f

    SHA512

    b7f7709f7cab30fbda6c98d98fd352b2a812b33951e1db32c264061d4349eb9c796855259e867e009e5d9e2dac3cf471fbba6c9c3aadad17727b4a8a94abe3d0

    Download Submit

  • memory/980-6-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3320-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3320-4-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download