Overview

overview

8

Static

static

1

WinHelpc32.exe

windows7-x64

8

WinHelpc32.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    winhelpc.zip

  • Size

    912KB

  • Sample

    250107-k8nwfavjes

  • MD5

    5cf6310748d3e1b931e5727677c6df90

  • SHA1

    ffd05fe333e155f30c4cfa269fd24ed02f673c6e

  • SHA256

    ef8ccf60bec725ce175ba76c221b221d8370dadf92d0ac5f3ea7cae146dbd1aa

  • SHA512

    537ff2d4c6bc7dd535f044f755b4ca165d23cc2da03d76a502781a50f4546d7d6b6e40e84d8afb0d1634c15cc034131640ebad32ad91dd1ea38db501cf7acbb5

  • SSDEEP

    24576:EN3zUdZNcvbhnKTCwPPo3g/PYfBo4rcRIPiGax:ENcNubhnKT3O2YfW4wIP2

Score
8/10
discoveryexecutionupx

Malware Config

Targets

    • Target

      WinHelpc32.exe

    • Size

      1.5MB

    • MD5

      4df31cd1a0ede3a4d35e720c81f8f970

    • SHA1

      f8930d6dc53bfb43aa53ca089a94d3d4c6e85c08

    • SHA256

      b5b2d5f9800ecf5a4d542c3b3c0812d2fb0f6ffe4333424797d2dbc13ef7739a

    • SHA512

      8f43c75fa83e86ec910b7ca25065aa240124034ebe4f16696890e7e79c33b7f0bf741184d8dc7c1e0b50712841b695bf3d48cf85bed8f46e7214f911e835be95

    • SSDEEP

      24576:BogQT+D6LJgmzhAhxviiQVd2WAKhhr1AvdCLPatt3AaYfqaP+C5F2oeENHQQBmOT:QTnchxvoVdNo0L0aa/aPd5pFBmOADS

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks