Overview

overview

7

Static

static

3

dbadd7fce3...8f.exe

windows7-x64

7

dbadd7fce3...8f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2024, 09:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbadd7fce3c986bdbe49a00e2186c18c695f0e79554242b6e31c0c17a4000d8f.exe

  • Size

    40KB

  • MD5

    7f733dccb7b5b22632655f70d1990f24

  • SHA1

    270f5dc65fa244c0853f01e9b14323c803229438

  • SHA256

    dbadd7fce3c986bdbe49a00e2186c18c695f0e79554242b6e31c0c17a4000d8f

  • SHA512

    6b654f462b8a26426e88140969325a80d8fa7c9f39d673cd185914a4ca2bb5c9c8f106910e764998cd35cf614bb9642741d1b64d1fe12f517578c8246b3fd463

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjUvJw3/H:e6q10k0EFjed6rqJ+6vghzwYu7vih9GM

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbadd7fce3c986bdbe49a00e2186c18c695f0e79554242b6e31c0c17a4000d8f.exe
    "C:\Users\Admin\AppData\Local\Temp\dbadd7fce3c986bdbe49a00e2186c18c695f0e79554242b6e31c0c17a4000d8f.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3548
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:4856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    41KB

    MD5

    99d1aa66857a2bea39f62776616f4cc2

    SHA1

    5902494df7183a6dba1f73662267a77306e9ae2c

    SHA256

    dd1fbe3e3b28813368beef0d1aabeeb9d5bfced5933ed0f7cbe4b07b75758c14

    SHA512

    12d433de49edea0cbe76b5b5de028e592839bb7b0e2389296ce784da1be82334de07e9084c4514225ffd9dee5ba1b2ad3f0926868f98e162c539b571e76676a5

    Download Submit

  • memory/3548-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3548-5-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4856-7-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download