Overview

overview

8

Static

static

e79f3e71c2...db.exe

windows7-x64

8

e79f3e71c2...db.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db.exe

  • Size

    188KB

  • MD5

    5adb4b70dbb81b917f9e94fd01cb9350

  • SHA1

    dafe1575f5d20e1c13e4d3ed1e6fe9e7a5453f55

  • SHA256

    e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db

  • SHA512

    37a2f0cb9dd1c8d1671af951bcc89f97585678bc6e04eb0588aa8c76f98561d8702afd1d0de2f7e2a1abe81d2b03a19a8ccdb703656f5321c377a6b0e91cb1de

  • SSDEEP

    3072:g7KEcx/PGumsUbjdor/7BS4e9rPSFgLccpFQSZK+IyrfY2Nmo3bb0sBF:gGt/hU1YjBS4A7SqRhjrfYozLb0s/

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db.exe
    "C:\Users\Admin\AppData\Local\Temp\e79f3e71c21771fb490187e3332f86722ea5dc97c51e931b6a8880555d3578db.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1744
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {0222C0BD-8B70-46B2-B542-57FD621ECE14} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\PROGRA~3\Mozilla\sgfgrig.exe
      C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1716

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    188KB

    MD5

    bf228100da4c007ed079081f4de2d0f0

    SHA1

    45efe84cf85443a9f3713cd09657291bd20922be

    SHA256

    a426aa4f3dc2b7c64d85660333cc9749721cf24f64292d845b8839f11152242f

    SHA512

    dc3573b0dca1a100fe136cb4d4127ca535bb55a3f1a793d864512333de736fe6501b16473c7ab71ead75d327844db21ff2a4e4691111155f75b1a045812c30d4

    Download Submit

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    188KB

    MD5

    bf228100da4c007ed079081f4de2d0f0

    SHA1

    45efe84cf85443a9f3713cd09657291bd20922be

    SHA256

    a426aa4f3dc2b7c64d85660333cc9749721cf24f64292d845b8839f11152242f

    SHA512

    dc3573b0dca1a100fe136cb4d4127ca535bb55a3f1a793d864512333de736fe6501b16473c7ab71ead75d327844db21ff2a4e4691111155f75b1a045812c30d4

    Download Submit

  • memory/1716-64-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1716-66-0x0000000000360000-0x00000000003BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1744-54-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1744-55-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1744-56-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download