Overview

overview

8

Static

static

8edfe257eb...5f.exe

windows7-x64

8

8edfe257eb...5f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    59s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 00:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8edfe257ebea934a557ccc0b93067c9848ecaf296f2867360f8b2c9dbc88605f.exe

  • Size

    133KB

  • MD5

    6b185bda544097b7aaf8478f4093cc03

  • SHA1

    971aa147124566f0c329ab3e13818ed564be5a82

  • SHA256

    8edfe257ebea934a557ccc0b93067c9848ecaf296f2867360f8b2c9dbc88605f

  • SHA512

    4ac633e24b41199c516ed7e950b79e394dffa51fafa565915e7acfadce171a8f57a51e36aa6789b0ec9bfad40e0b3da16c6ddba846c8e92dffc7676f1f0dba61

  • SSDEEP

    3072:HAwEvRRdqcqpaiVPfGHO4xATzlypxd7CQn3pi+:TcRWcslXWRpjCS5R

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8edfe257ebea934a557ccc0b93067c9848ecaf296f2867360f8b2c9dbc88605f.exe
    "C:\Users\Admin\AppData\Local\Temp\8edfe257ebea934a557ccc0b93067c9848ecaf296f2867360f8b2c9dbc88605f.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1480
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {95588AF0-B56A-4D72-A92E-6215F4CBEA04} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1744

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\nswitkh.exe
          Filesize

          133KB

          MD5

          41b2f00fd230760e0eed1e87c1b33975

          SHA1

          74e56ff9e6d7d37f4d631205d5d0c52b15523910

          SHA256

          b4179182b85a088b06298fd25939fb1f39a21f5a7684c7d7b1670ebbad8b32c0

          SHA512

          4737195fb6dea494e4d70e0cc3e90d6c8b273460d43178da63d5db2cd50eb8de52c19fdbe6c2a13d671ed474a3f1e1386b35d3d2a8a041d047f33d0bc1d65006

          Download Submit

        • C:\PROGRA~3\Mozilla\nswitkh.exe
          Filesize

          133KB

          MD5

          41b2f00fd230760e0eed1e87c1b33975

          SHA1

          74e56ff9e6d7d37f4d631205d5d0c52b15523910

          SHA256

          b4179182b85a088b06298fd25939fb1f39a21f5a7684c7d7b1670ebbad8b32c0

          SHA512

          4737195fb6dea494e4d70e0cc3e90d6c8b273460d43178da63d5db2cd50eb8de52c19fdbe6c2a13d671ed474a3f1e1386b35d3d2a8a041d047f33d0bc1d65006

          Download Submit

        • memory/1480-54-0x0000000000400000-0x0000000000461000-memory.dmp

          Filesize

          388KB

          Download

        • memory/1480-55-0x0000000076201000-0x0000000076203000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1480-56-0x0000000000400000-0x0000000000461000-memory.dmp

          Filesize

          388KB

          Download