Overview

overview

7

Static

static

3

fd79f3a1a9...c5.exe

windows7-x64

7

fd79f3a1a9...c5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2024, 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd79f3a1a9754f49e185e12c40a4fcc2c8b7418b6911444412ea8e3c2d38a6c5.exe

  • Size

    69KB

  • MD5

    e17102cc11f5147e23578b16f9258878

  • SHA1

    6a5268f87442f73762c1c8f673f73e576960d10a

  • SHA256

    fd79f3a1a9754f49e185e12c40a4fcc2c8b7418b6911444412ea8e3c2d38a6c5

  • SHA512

    4695dd12f5042d07643aeff98fd83033493da4387ac3c24f185a2e238ab58209ab2bb5c8bc607570dcc80bb7b43d2dc0587d51696a2b7682ddce3fce4873bf77

  • SSDEEP

    1536:NAo0Tj2d6rnJwwvl4ulkP6vghzwYu7vih9GueIh9j2IoHAjU+Eh66C2hthEhH/HU:NAoglOwvl4ulkP6vghzwYu7vih9GueIg

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd79f3a1a9754f49e185e12c40a4fcc2c8b7418b6911444412ea8e3c2d38a6c5.exe
    "C:\Users\Admin\AppData\Local\Temp\fd79f3a1a9754f49e185e12c40a4fcc2c8b7418b6911444412ea8e3c2d38a6c5.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    69KB

    MD5

    ce9fecf2d9c0f6974a63d427bb8cf947

    SHA1

    8a489294ec3c7dd78ffb97e5f0feee9d17e0e5de

    SHA256

    4de94a5edbdd6c8f152703a462ab9c86aec8d4984f77bcf3759cd93b3b6aaeb4

    SHA512

    a1eda0dfc7f6f3d338d44caf8bf08ffc1c7f8b8c70cfb38d5458550e936b3190373cc9e9dd3685a155f57e5f716fec24553868047637eb7c4c43cfb5d6a0e94f

    Download Submit

  • memory/220-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/220-5-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/412-6-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download