Overview

overview

7

Static

static

3

b569549dd7...0N.exe

windows7-x64

7

b569549dd7...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 13:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b569549dd7d02ca29e8efe23d05b6fce67be059ed8415984dee5aad8bb749a80N.exe

  • Size

    45KB

  • MD5

    f97f15bc381ffd971fdef887eb3946c0

  • SHA1

    c60c93864884c6c8e91d8a494bb8d79ff11b9258

  • SHA256

    b569549dd7d02ca29e8efe23d05b6fce67be059ed8415984dee5aad8bb749a80

  • SHA512

    1fe65d0c581435ba4317a0bb389e11558063f6a7491095d6d8406d9d6ccec1d53155228164a346d910c610b5188c0c0facdb554e85d9825020e7234c9aa87e9e

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAcBHUIF2H:e6q10k0EFjed6rqJ+6vghzwYu7vih9GY

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b569549dd7d02ca29e8efe23d05b6fce67be059ed8415984dee5aad8bb749a80N.exe
    "C:\Users\Admin\AppData\Local\Temp\b569549dd7d02ca29e8efe23d05b6fce67be059ed8415984dee5aad8bb749a80N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:976

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe
          Filesize

          45KB

          MD5

          7bc08ec9e0e28346bfeef09b945edc33

          SHA1

          d107f7e16d1c41fead0455395e5e35f37b5fe2e9

          SHA256

          b467e705c28dad993e5a718198617e5358384d9aa7ab0ab1325d03991b3f6463

          SHA512

          1d4be096601c5ff706bd4feeae2a5b1bd5c04a5f5ce75dd5ae86dcafdcf8242c13fcd2309a87c22b208923e6354f5e32913d31b0129e856af9621c138a0d492a

          Download Submit

        • memory/976-10-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/976-12-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2100-0-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2100-9-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2100-6-0x0000000000220000-0x000000000022E000-memory.dmp

          Filesize

          56KB

          Download