Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20/01/2025, 09:05
General
-
Target
d65d57a258c4368c36bd93aa3cc0c0867c1e85114d1a72e343e827a58ebbb5acN.exe
-
Size
50KB
-
MD5
ef3dc60438fdbcdb1524313da1247300
-
SHA1
4004084391d6d82de8a1c319f2f9d2335ffc209c
-
SHA256
d65d57a258c4368c36bd93aa3cc0c0867c1e85114d1a72e343e827a58ebbb5ac
-
SHA512
0abd145abccaea1104f6072e45eb2957300f09259cd2e9dc22deff7554866b8f34b6c5d33c5a7bf53868a74618b8f1773b5f0cf397117d29dd5db21a7defbf8d
-
SSDEEP
1536:e6q10k0EFjed6rqJ+6vghzwYu7vih9GueIh9j2IoHAjUvJQ/2SmXhyoulhYhZhd9:E1oEFlt6vghzwYu7vih9GueIh9j2IoH9
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d65d57a258c4368c36bd93aa3cc0c0867c1e85114d1a72e343e827a58ebbb5acN.exe"C:\Users\Admin\AppData\Local\Temp\d65d57a258c4368c36bd93aa3cc0c0867c1e85114d1a72e343e827a58ebbb5acN.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51KB
MD59b449641d8427860da708bec5364db28
SHA1f4ecd79e4618c7b438be058a1a6a5950f306d089
SHA2564acf8e50bc9e726ef3462d355d15d056ba9c7ae72942ad40b43256d1d4433ca9
SHA512e641c0d0ee90a17241cdfddb6cae8d705ef2546b3321f16a9c7c8d754cdb337bf94f9d8931c741851288c5953bbaf54510bcca55af84e148ceead199c2e8993b
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
56KB