Overview

overview

8

Static

static

4964c11855...e0.exe

windows7-x64

8

4964c11855...e0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    65s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 14:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4964c11855918b788062bfd801278d2d0db82e96f935994c310bcc4559d886e0.exe

  • Size

    173KB

  • MD5

    6bc73880e6227a6faf3a95296ea01dd0

  • SHA1

    55e1785c1377c3f792039260c85dd3ff0d925381

  • SHA256

    4964c11855918b788062bfd801278d2d0db82e96f935994c310bcc4559d886e0

  • SHA512

    2329e52aaefef0ebba6c92c10c4abc6e7651be32c1707df555354e484c9662eaacfb68e48c7f4ae8f19c538e96da417c8390e665b069389a73ac5de5ca871327

  • SSDEEP

    3072:g7KEcx/PGumsUbjdor/7BS4e9rPSFgLccpFQSZK+IyrfY2Nmo3bb0F:gGt/hU1YjBS4A7SqRhjrfYozLb0F

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4964c11855918b788062bfd801278d2d0db82e96f935994c310bcc4559d886e0.exe
    "C:\Users\Admin\AppData\Local\Temp\4964c11855918b788062bfd801278d2d0db82e96f935994c310bcc4559d886e0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1896
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {2F69890A-B441-45A3-8379-8D9F9FA99921} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1612

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    173KB

    MD5

    f51c235eff3de0756630fe3b83e208c2

    SHA1

    7f92000f0167ba7fbe18805fd974cb318afa3d96

    SHA256

    24f50a8881cc843b67e122a2a2519d250806abd04c91abd18787ac53acae0f73

    SHA512

    21f53ad4df595f933034540604676eef1abd6a1d85f2acbc9a2f9d2af0edb10fd349af820e3dfec3a2ae3f7d9152fed2b6d6906f2a46e6acc5fe72b6466d5a5c

    Download Submit

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    173KB

    MD5

    f51c235eff3de0756630fe3b83e208c2

    SHA1

    7f92000f0167ba7fbe18805fd974cb318afa3d96

    SHA256

    24f50a8881cc843b67e122a2a2519d250806abd04c91abd18787ac53acae0f73

    SHA512

    21f53ad4df595f933034540604676eef1abd6a1d85f2acbc9a2f9d2af0edb10fd349af820e3dfec3a2ae3f7d9152fed2b6d6906f2a46e6acc5fe72b6466d5a5c

    Download Submit

  • memory/1612-64-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1612-66-0x00000000002E0000-0x000000000033B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1896-54-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1896-55-0x0000000076041000-0x0000000076043000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1896-56-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download