Overview

overview

8

Static

static

b957d5108e...0c.exe

windows7-x64

8

b957d5108e...0c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    47s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 12:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c.exe

  • Size

    428KB

  • MD5

    65569fa26caf76f574bffbfaa7bed1f0

  • SHA1

    2c993848f0db43a6e5c018e882eac7c0f101e310

  • SHA256

    b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c

  • SHA512

    76a40271606dc0429f7914ea0f9ebbf4e05802aff2bdb33f8c947166e1b441e9ecb0e397a3ef78fb9b5cb044d608926be1b8fb974b00fe4e306857c4ae53dc08

  • SSDEEP

    12288:4Ve/v5hGCyB3R20YnzgNJaeD9oBAS2b31V4o0wN6:4VgBi3dY4JX9qM3H8i6

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c.exe
    "C:\Users\Admin\AppData\Local\Temp\b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1768
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {5ED93F09-201D-428A-AF28-DDC6312CE32D} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\PROGRA~3\Mozilla\jjruejn.exe
      C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:856

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\jjruejn.exe
          Filesize

          428KB

          MD5

          379bdb6edaa616935c9201862d30dd38

          SHA1

          db23656978fe5b0dc540635fc277cd06fa65caf4

          SHA256

          9c4844b7ed0c9b6c487e204fe6dac06c9b78919c44514938d19a878501bb615b

          SHA512

          95f61df3a60d075c1ee6d6762ea60b11965752144384ccfe874e46eae8cbcdc0ef3502dd5d8bbfa691747c535865e37a1e550c83d2686e17287cd6806bc695dc

          Download Submit

        • C:\PROGRA~3\Mozilla\jjruejn.exe
          Filesize

          428KB

          MD5

          379bdb6edaa616935c9201862d30dd38

          SHA1

          db23656978fe5b0dc540635fc277cd06fa65caf4

          SHA256

          9c4844b7ed0c9b6c487e204fe6dac06c9b78919c44514938d19a878501bb615b

          SHA512

          95f61df3a60d075c1ee6d6762ea60b11965752144384ccfe874e46eae8cbcdc0ef3502dd5d8bbfa691747c535865e37a1e550c83d2686e17287cd6806bc695dc

          Download Submit

        • memory/856-67-0x000000000043A000-0x000000000047D000-memory.dmp

          Filesize

          268KB

          Download

        • memory/856-68-0x0000000000430000-0x000000000048B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1768-54-0x0000000000400000-0x0000000000427000-memory.dmp

          Filesize

          156KB

          Download

        • memory/1768-56-0x00000000006E0000-0x000000000073B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1768-55-0x0000000076961000-0x0000000076963000-memory.dmp

          Filesize

          8KB

          Download