Overview

overview

7

Static

static

3

5679cf695c...fN.exe

windows7-x64

7

5679cf695c...fN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5679cf695ccdae3c0263476a1c49c738813336eaf688fe761285d89d103b647fN.exe

  • Size

    34KB

  • MD5

    924576ea81f52f009d05a32480154b20

  • SHA1

    23b414f27d8cbe3ba2b5e6a9c3c157f16d104988

  • SHA256

    5679cf695ccdae3c0263476a1c49c738813336eaf688fe761285d89d103b647f

  • SHA512

    9c187505c7444d35a8eb108788a7bbee969fc0454acd168f70dc6d01ad2390ed66a94979c5e742cd1f382a90d10678f64cc86937f319c0befc15383a0f60bee4

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wk7IErqyEOGNFbuSxhLIsv/orINI8hx:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wkS

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5679cf695ccdae3c0263476a1c49c738813336eaf688fe761285d89d103b647fN.exe
    "C:\Users\Admin\AppData\Local\Temp\5679cf695ccdae3c0263476a1c49c738813336eaf688fe761285d89d103b647fN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:956
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    34KB

    MD5

    e1a4ac3b5ed0467bead1d229dadfd06c

    SHA1

    7cc056e4cfb94f91e9fac10632857f3ac82c68c4

    SHA256

    27d2f5cab26f887526e80e834171c000d3477fa5a061969b896d584d20b1e78a

    SHA512

    316c952d1f480d3f72bdda3839729bbd1851a7666f2a672981eb3bc3dc158cd46504f29b38414b1b7f7a0f362f934420eb004e0f9351191843660dd9ba3d5730

    Download Submit

  • memory/956-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/956-6-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2312-8-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2312-10-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download