Overview

overview

8

Static

static

6db0d81abb...e2.exe

windows7-x64

8

6db0d81abb...e2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    102s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 13:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6db0d81abb549b1e014d3a89162e934f074ac7b27f8a1d6289d18b4906e44de2.exe

  • Size

    205KB

  • MD5

    67dde794f0038485e85ce9adcdb40ee0

  • SHA1

    d3611d8686c457c86dffe844343a661b74c915f1

  • SHA256

    6db0d81abb549b1e014d3a89162e934f074ac7b27f8a1d6289d18b4906e44de2

  • SHA512

    b5c5bf625766af8165b05e5eccfbee328347e5af7296e8fe615b5184c984ed58674653ccfe38a196716440039d6c5fccaf89c36309dd316fb7963621484aa92c

  • SSDEEP

    6144:mdGsMQN05IsXU6POi7/aph0vJgH6NfNHfLmH6:mdGumnH/+myO1h

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6db0d81abb549b1e014d3a89162e934f074ac7b27f8a1d6289d18b4906e44de2.exe
    "C:\Users\Admin\AppData\Local\Temp\6db0d81abb549b1e014d3a89162e934f074ac7b27f8a1d6289d18b4906e44de2.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:1204
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {15004B2C-3DDC-48CA-AF08-6EB39B206FC0} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\PROGRA~3\Mozilla\sgfgrig.exe
      C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2020

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\sgfgrig.exe
          Filesize

          205KB

          MD5

          e21b691cfd2f4dc452cf333af4f13594

          SHA1

          bd32d0e15fc65cf2076a2d267e2282883de5001e

          SHA256

          ad13265fc006a605044b0822839ea172b0d26ca2ff8243996fff5aecd457f266

          SHA512

          503654e2f8fe9c663cc8611e09cdc7d4f968d7c78933be6c8b3e6feb798dfd469f666328adc64bc293d44fdbe2e9a68ceb7af31c9ad5806465093066aef473e8

          Download Submit

        • C:\PROGRA~3\Mozilla\sgfgrig.exe
          Filesize

          205KB

          MD5

          e21b691cfd2f4dc452cf333af4f13594

          SHA1

          bd32d0e15fc65cf2076a2d267e2282883de5001e

          SHA256

          ad13265fc006a605044b0822839ea172b0d26ca2ff8243996fff5aecd457f266

          SHA512

          503654e2f8fe9c663cc8611e09cdc7d4f968d7c78933be6c8b3e6feb798dfd469f666328adc64bc293d44fdbe2e9a68ceb7af31c9ad5806465093066aef473e8

          Download Submit

        • memory/1204-54-0x0000000075661000-0x0000000075663000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-55-0x0000000000260000-0x00000000002BB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1204-56-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1204-57-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1204-58-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2020-63-0x0000000000590000-0x00000000005EB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2020-64-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2020-65-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download