Analysis

  • max time kernel
    119s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/11/2024, 12:15

General

  • Target

    bf5899ffd7c5a806928951cae770d054513b7604e259ea237d1fcd7cbd461267N.exe

  • Size

    83KB

  • MD5

    564a16d5e90b382bc97387e30b1bb410

  • SHA1

    c46f6a63522ff0a955084e4deca895c7375d3fc9

  • SHA256

    bf5899ffd7c5a806928951cae770d054513b7604e259ea237d1fcd7cbd461267

  • SHA512

    678d6d487613d5cea5e867a48d4ad9a3443073488fdcb9fdff488f1b902fccb700e68b44416575ea1cbfcebd743d91f9c31b0453e2f00b0e86eb1b998255f532

  • SSDEEP

    1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAcBHUIF2kvEHrH1hyhS:NAoglOwvl4ulkP6vghzwYu7vih9GueIt

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf5899ffd7c5a806928951cae770d054513b7604e259ea237d1fcd7cbd461267N.exe
    "C:\Users\Admin\AppData\Local\Temp\bf5899ffd7c5a806928951cae770d054513b7604e259ea237d1fcd7cbd461267N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4428
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:1732

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe

          Filesize

          83KB

          MD5

          7c794c57333d31e8bf8eb814b51ba843

          SHA1

          7637b56f7c32fcf2ab280af36e303bb016181a6e

          SHA256

          0c1064d60cdbdbda6d127dc4aa11c2c2158f61ee03045a55c67a4be5256e77a0

          SHA512

          e542865a0579a04688c1f952fa3d11aee27be565f834a51785470216a404d287f13c86d3ef38ede6ced6e60d0006e50c0fbb37bae0ff5bbc3049c8b7d040f720

        • memory/1732-6-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

        • memory/4428-0-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

        • memory/4428-4-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB