Overview

overview

7

Static

static

3

be35fb926c...13.exe

windows7-x64

7

be35fb926c...13.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2024, 03:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be35fb926c1b92d98b35b03fa041539eb0c62b6a8df7d0aeb3faee029a695c13.exe

  • Size

    66KB

  • MD5

    f43784dfb4f307b6c2201a18efe583b2

  • SHA1

    d615648e69d1cb23e9b144b2ea0fb5b4a0d619f6

  • SHA256

    be35fb926c1b92d98b35b03fa041539eb0c62b6a8df7d0aeb3faee029a695c13

  • SHA512

    9b347c44fe04130ed7b232444a0f9a90d3503db9a0672f6f9d514342016ed806fb2e26dc821f18af9eb5a38d41c664b0bb1f5288a6c9d2a21857667fb05e6234

  • SSDEEP

    1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAcBHUIFvSHbhqhJgvbo:NAoglOwvl4ulkP6vghzwYu7vih9GueIk

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be35fb926c1b92d98b35b03fa041539eb0c62b6a8df7d0aeb3faee029a695c13.exe
    "C:\Users\Admin\AppData\Local\Temp\be35fb926c1b92d98b35b03fa041539eb0c62b6a8df7d0aeb3faee029a695c13.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:3436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    66KB

    MD5

    705cbb20ecf538257d29fdc3c0cce102

    SHA1

    c245f30b49eae63df290589e2b602d93e3b83769

    SHA256

    f6472d5e584f6e9504dc950d7bd545415d2c7783bca8703bce59da70bfb417f1

    SHA512

    e92492c1b468f0204c06082e39de2310a198b691814b69334abaf5faa4bd72289b2f654c16ed9fdc56bf9a4b4e09c02d603509b7853db46c44677c990ea94099

    Download Submit

  • memory/2192-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2192-4-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3436-6-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download