Analysis
-
max time kernel
4294215s -
max time network
176s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
24-03-2022 23:58
Static task
static1
Behavioral task
behavioral1
Sample
c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exe
Resource
win7-20220311-en
General
-
Target
c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exe
-
Size
959KB
-
MD5
c27c43f48a7c4d0b96bc66255c0ae238
-
SHA1
6c3909b126000bb7ac3a68be1fba98235f9a60f6
-
SHA256
c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3
-
SHA512
8862df7c99dd72a62e5b4ea6f702d8dd912d656bd0a123800d3499ab31799c446e080b6d5e9bd628e4cb90b29a8c38c842727c617fc86e58230f7f833830d9b7
Malware Config
Extracted
systembc
179.43.178.96:4141
192.168.1.149:4141
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
usxjkfs.exepid process 848 usxjkfs.exe -
Drops file in Windows directory 2 IoCs
Processes:
c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exedescription ioc process File created C:\Windows\Tasks\usxjkfs.job c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exe File opened for modification C:\Windows\Tasks\usxjkfs.job c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
taskeng.exedescription pid process target process PID 1524 wrote to memory of 848 1524 taskeng.exe usxjkfs.exe PID 1524 wrote to memory of 848 1524 taskeng.exe usxjkfs.exe PID 1524 wrote to memory of 848 1524 taskeng.exe usxjkfs.exe PID 1524 wrote to memory of 848 1524 taskeng.exe usxjkfs.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exe"C:\Users\Admin\AppData\Local\Temp\c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exe"1⤵
- Drops file in Windows directory
PID:764
-
C:\Windows\system32\taskeng.exetaskeng.exe {4F6510B5-070D-4564-8D6C-792F3328C99A} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1524 -
C:\ProgramData\pdau\usxjkfs.exeC:\ProgramData\pdau\usxjkfs.exe start2⤵
- Executes dropped EXE
PID:848
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
c27c43f48a7c4d0b96bc66255c0ae238
SHA16c3909b126000bb7ac3a68be1fba98235f9a60f6
SHA256c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3
SHA5128862df7c99dd72a62e5b4ea6f702d8dd912d656bd0a123800d3499ab31799c446e080b6d5e9bd628e4cb90b29a8c38c842727c617fc86e58230f7f833830d9b7
-
MD5
c27c43f48a7c4d0b96bc66255c0ae238
SHA16c3909b126000bb7ac3a68be1fba98235f9a60f6
SHA256c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3
SHA5128862df7c99dd72a62e5b4ea6f702d8dd912d656bd0a123800d3499ab31799c446e080b6d5e9bd628e4cb90b29a8c38c842727c617fc86e58230f7f833830d9b7