Analysis
-
max time kernel
47s -
max time network
53s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
04-10-2022 01:22
Static task
static1
Behavioral task
behavioral1
Sample
c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe
Resource
win10v2004-20220812-en
General
-
Target
c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe
-
Size
131KB
-
MD5
60f84ed9b140e85faf127a8ca438043d
-
SHA1
f19b6d1025c811acb8854296934ce6b050fb6af9
-
SHA256
c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066
-
SHA512
ea9d98aeca0c57d5e4e826b9df2735464630ddc01c477d48fb5225d7f008b8dd39075e8838d0aa3dada93c70244b383849d1b239d58c1c84eed1522d9f8fc8ec
-
SSDEEP
3072:1jxhM3kZOI2/Fs+fYLl288tOfk2MFVuIQ0DYpwm:Fxh9XRXLl2KfDWuIQ0Mpwm
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1732 jjruejn.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\jjruejn.exe c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe File created C:\PROGRA~3\Mozilla\segfnra.dll jjruejn.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1872 wrote to memory of 1732 1872 taskeng.exe 27 PID 1872 wrote to memory of 1732 1872 taskeng.exe 27 PID 1872 wrote to memory of 1732 1872 taskeng.exe 27 PID 1872 wrote to memory of 1732 1872 taskeng.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe"C:\Users\Admin\AppData\Local\Temp\c0850b1bcf226b6f3500cf3235e78b8fa00e51db29de5a14c1dc5f9d44c44066.exe"1⤵
- Drops file in Program Files directory
PID:1376
-
C:\Windows\system32\taskeng.exetaskeng.exe {981D5DE6-BE12-40F8-9170-E01C780BC55F} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1872 -
C:\PROGRA~3\Mozilla\jjruejn.exeC:\PROGRA~3\Mozilla\jjruejn.exe -npivonl2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1732
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
131KB
MD558b1bbdc777f2ac62785622c7ea76356
SHA1fc6b01721f6c99b68deaf593726814e943230619
SHA2560eff917b57805d6e7c61a237172b6a5ddb2fe0a4aef2e52b60453b0d2d567212
SHA512d0df968b4f29492e2e392644e72f14c51e7759325a0ca9c2202098bae208ddcf9ceee06e1e46b0a75c18ce428fcf5bfdf1de9e325da53edc036b6e88a83b1340
-
Filesize
131KB
MD558b1bbdc777f2ac62785622c7ea76356
SHA1fc6b01721f6c99b68deaf593726814e943230619
SHA2560eff917b57805d6e7c61a237172b6a5ddb2fe0a4aef2e52b60453b0d2d567212
SHA512d0df968b4f29492e2e392644e72f14c51e7759325a0ca9c2202098bae208ddcf9ceee06e1e46b0a75c18ce428fcf5bfdf1de9e325da53edc036b6e88a83b1340