Analysis

  • max time kernel
    119s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/11/2024, 10:57

General

  • Target

    2f3d95e0eaa6d813ec9a3694a16a8d5d6b12217c42393289002558734a2995c7N.exe

  • Size

    46KB

  • MD5

    6f1e0c3994e7d22d3f8321758648eafb

  • SHA1

    a2ede46399990f057d98280b9a01aca0546b015d

  • SHA256

    9b7ef4ae63826909a6587cd2d152026a5e7c1ed0af7a61ff98ac11c1af099937

  • SHA512

    91b69af90753352be596bf683ad7bb971bb5f8b5e7804e0fa075f91f35ef82ea3e4a2aca4e77bcc7b6eb4d941119c740ca2cc771c440a9986326a79e774a4f71

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhu:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYO

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f3d95e0eaa6d813ec9a3694a16a8d5d6b12217c42393289002558734a2995c7N.exe
    "C:\Users\Admin\AppData\Local\Temp\2f3d95e0eaa6d813ec9a3694a16a8d5d6b12217c42393289002558734a2995c7N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2308

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe

          Filesize

          47KB

          MD5

          54db70ea19d0383960c90ca83ed7880b

          SHA1

          bd73289604e1e2cc7e4b7858f21c0af394dd4061

          SHA256

          cfde1f58e9655b0bed4832993319f06e80d3a29df68b1960f9654d6c2ad36459

          SHA512

          421f5fa1f360f09027801831aa27ed09588dfb89d69909c29d8e612d97d10d1e015fb88c6d7f652d5a657295e8090b24f2ae7045f116aecdf7af5f1856899be2

        • memory/2308-6-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

        • memory/2580-0-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB

        • memory/2580-4-0x0000000000400000-0x0000000000403000-memory.dmp

          Filesize

          12KB