Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/11/2024, 11:56

General

  • Target

    f4697f6b22d0b23fd1acd67a5fb52b34cecd91125594f5a9ffe37b060f1ff9be.exe

  • Size

    37KB

  • MD5

    8c0acc2a76a963f1aa4b6dffe44738d3

  • SHA1

    eb173333dc2147f18dbaf529def4e714cd00be8c

  • SHA256

    f4697f6b22d0b23fd1acd67a5fb52b34cecd91125594f5a9ffe37b060f1ff9be

  • SHA512

    1a3e8697ca7bde81da2be1207149564c6197810941c32b47eb3f78091fb868228ffd2b6768496dcfe9b8e9a680487eba295fb7fe1dab5fb8a22d8093eb7f81f1

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAcBHUIFvq:e6q10k0EFjed6rqJ+6vghzwYu7vih9GE

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4697f6b22d0b23fd1acd67a5fb52b34cecd91125594f5a9ffe37b060f1ff9be.exe
    "C:\Users\Admin\AppData\Local\Temp\f4697f6b22d0b23fd1acd67a5fb52b34cecd91125594f5a9ffe37b060f1ff9be.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2540

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe

          Filesize

          37KB

          MD5

          78eb46c4e0f521b169bf23cd6c1fd5a0

          SHA1

          51e8eb50ab26cfdbc853262c422bcdd56d225f93

          SHA256

          8371c8862290ccbb084743433361395a4adf2aa6dbf21ac7b9cbe323e69c1ef0

          SHA512

          93f9165b64446f30ad8d84bd492b40460d51ee3ad7411c2a8fad1c59722610e3e89c1b79910629e26ddafd7cfb6da659057bf747f1dcba66ec2b6ecb7d28858f

        • memory/1632-0-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

        • memory/1632-7-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

        • memory/2540-10-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB