Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 03:47
General
-
Target
e2d76d8efe57b705d69dd92024588b4453edd1479e2dd2ebdbdc1bd61ae3c909.exe
-
Size
37KB
-
MD5
229c447b747ac660cca9ccde911dcbd3
-
SHA1
c16f45d00f4e030012e216baa9d2cfa11f4473a8
-
SHA256
e2d76d8efe57b705d69dd92024588b4453edd1479e2dd2ebdbdc1bd61ae3c909
-
SHA512
3684203fa7028511888f51b6bbfa5cc36b0d047c9fd82b675db273281a1f9b601e6cfec72cea9203a9a40d56a9e018a3e858a304745138d2cba42ac502c60060
-
SSDEEP
768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhi:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYC
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2d76d8efe57b705d69dd92024588b4453edd1479e2dd2ebdbdc1bd61ae3c909.exe"C:\Users\Admin\AppData\Local\Temp\e2d76d8efe57b705d69dd92024588b4453edd1479e2dd2ebdbdc1bd61ae3c909.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\microsofthelp.exeFilesize
38KB
MD5686c7dae02ac6b9c8f9bb6b1b3758554
SHA1728c7fe4ea7712d4d0e0ba6e257a37c9415dcf84
SHA256a682170b94161c0b9c05c9bfbb0e2bde02e586b8f58387e38f8a6e5cc37e0ebf
SHA512836470e4948a1ec394d10c7b418cbca2f8760627f1c543e4b553fbd8655a25b12950f192a80eb66e5b0ab00282b69942a6bb7b165ce8ffdb3633f6eb8dfb6992
-
memory/528-6-0x0000000000400000-0x0000000000403000-memory.dmpFilesize
12KB
-
memory/2508-0-0x0000000000400000-0x0000000000403000-memory.dmpFilesize
12KB
-
memory/2508-4-0x0000000000400000-0x0000000000403000-memory.dmpFilesize
12KB