Overview

overview

8

Static

static

e375aab3eb...ec.exe

windows7-x64

8

e375aab3eb...ec.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    66s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 06:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e375aab3eb3df76e1c73c066ab5bacd8e20ac9f94a43528862ca4b449238eaec.exe

  • Size

    491KB

  • MD5

    7b5c10623b9f287c410149d8771ca9c0

  • SHA1

    a3ff935f45966e583f0c7132a0a08695e32f928b

  • SHA256

    e375aab3eb3df76e1c73c066ab5bacd8e20ac9f94a43528862ca4b449238eaec

  • SHA512

    2c984a4945234a79709e45c8bee3bc190b68358116220ffa71cd42b8213d8bcc8707094585bb5a2e46b655ad19b6489b0faba8861774f5f730d78d835860e3bf

  • SSDEEP

    6144:VnVuleEtUSDDF9HMqvRlbfEtc2BI9hxCjem25BBGCVfHg9REQn9tt1oXtD2QTGMP:poVHsqvQNaYjemuOCZeR9n9ctmGgBKuc

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e375aab3eb3df76e1c73c066ab5bacd8e20ac9f94a43528862ca4b449238eaec.exe
    "C:\Users\Admin\AppData\Local\Temp\e375aab3eb3df76e1c73c066ab5bacd8e20ac9f94a43528862ca4b449238eaec.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1092
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {A292153E-ADC5-46A6-A2EA-059D46B050C9} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\PROGRA~3\Mozilla\sgfgrig.exe
      C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1744

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\sgfgrig.exe
          Filesize

          491KB

          MD5

          cc109cdd4c8037063de5873d3987e044

          SHA1

          078ca02a8a651a52f5c2b3a10cad0508b32eb2a1

          SHA256

          85e283f38f2edff194327b3fea6a1dd961ff90923449c7167170ffd5aa2cb0b3

          SHA512

          7c5f16c572a4567294ab9a03a76e4b0300fc891a33da3b29ae692bc35681c5c9560383054930dbb77b155d8e0bf17bcb152d6e1fa0565ad16d9afadd6703f088

          Download Submit

        • C:\PROGRA~3\Mozilla\sgfgrig.exe
          Filesize

          491KB

          MD5

          cc109cdd4c8037063de5873d3987e044

          SHA1

          078ca02a8a651a52f5c2b3a10cad0508b32eb2a1

          SHA256

          85e283f38f2edff194327b3fea6a1dd961ff90923449c7167170ffd5aa2cb0b3

          SHA512

          7c5f16c572a4567294ab9a03a76e4b0300fc891a33da3b29ae692bc35681c5c9560383054930dbb77b155d8e0bf17bcb152d6e1fa0565ad16d9afadd6703f088

          Download Submit

        • memory/1092-54-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/1092-55-0x0000000075201000-0x0000000075203000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1092-56-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/1744-62-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download

        • memory/1744-64-0x0000000000400000-0x0000000000462000-memory.dmp

          Filesize

          392KB

          Download