Overview

overview

7

Static

static

3

e30fd4182a...35.exe

windows7-x64

7

e30fd4182a...35.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2024, 10:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e30fd4182a74d2e00a62eebdd7271a9d590eb132e38909a6c20f55fcc27a0335.exe

  • Size

    40KB

  • MD5

    dab4dc2b6a8e43db3b08d87076ff1571

  • SHA1

    589f9c5a51085d9ec4a7924eeef45f3728edcd26

  • SHA256

    e30fd4182a74d2e00a62eebdd7271a9d590eb132e38909a6c20f55fcc27a0335

  • SHA512

    bdd656908f59ffcd568919e73d4f704fcb1751a3deb71960b1ed8a27c4e3ef4da1eb527749d2f2feb569ad47008a9f1341193472bef0238f612ca99386721efa

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjUvJw3/z:e6q10k0EFjed6rqJ+6vghzwYu7vih9G8

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e30fd4182a74d2e00a62eebdd7271a9d590eb132e38909a6c20f55fcc27a0335.exe
    "C:\Users\Admin\AppData\Local\Temp\e30fd4182a74d2e00a62eebdd7271a9d590eb132e38909a6c20f55fcc27a0335.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    40KB

    MD5

    50c3d9073fc7f6389762bea24e97407a

    SHA1

    1455438dbb403820a40b55dbf0f197889a2353a1

    SHA256

    71cbd18bb4a26532ad41c4c12849a59a32288c61eddbec73f96bb01c151224d7

    SHA512

    7f1fa53623249c6cc9e1056e29b5e45e5a5aed3ef15940c2c2f42ce6567db1fe51a2994354f0c83acf3c82dca989c6f5654742cc6d6aeeeabe1d41548ce19b91

    Download Submit

  • memory/2076-9-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2076-11-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2524-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2524-7-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download