Overview

overview

8

Static

static

f715637e52...88.exe

windows7-x64

8

f715637e52...88.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    53s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f715637e52886a1874894fa732009a7dae39ea2d37fa0a795393a128531dc888.exe

  • Size

    173KB

  • MD5

    6d140a3f1a156435e177a5c2a7e60ef5

  • SHA1

    fd3c0dc497f6b167414d2796e52d3909f9305f08

  • SHA256

    f715637e52886a1874894fa732009a7dae39ea2d37fa0a795393a128531dc888

  • SHA512

    894860dfe79b31ab8ae699d307cfbf90b9720bbc64f5154d91c7b304781514a479075bb294e06356fc23f204b35433084cf395698fd0dc069cbab9e1cdab4ab5

  • SSDEEP

    3072:pidj6ShhYRa3SXjF/HvD9hQU7OCyIjAYxRwmdPkmkWt+3t97SVKmHkAJbbvAKclk:pEjpvYc3YJ/HvD9hTKCyI7TwmdMlL99a

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f715637e52886a1874894fa732009a7dae39ea2d37fa0a795393a128531dc888.exe
    "C:\Users\Admin\AppData\Local\Temp\f715637e52886a1874894fa732009a7dae39ea2d37fa0a795393a128531dc888.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2004
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {15CD5328-37FC-4AD2-9F4A-B007E8C8A588} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:624

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    173KB

    MD5

    7e61d5584482bd0a795c10c7237365cb

    SHA1

    b29d0de4f92f0eb5fd3bb7399fa92022270db700

    SHA256

    d584cee7c479800a9f820e69818d58300f9f7ce1654fee1c4a19b4a7d342f12d

    SHA512

    bce204c410a50895da3acbede79322d80bb23bafe2de7f5c604ba280a4d19669c10007d4624c89693f5ce626b25d1d78bbcc2621c9ff02dda5359569511b4780

    Download Submit

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    173KB

    MD5

    7e61d5584482bd0a795c10c7237365cb

    SHA1

    b29d0de4f92f0eb5fd3bb7399fa92022270db700

    SHA256

    d584cee7c479800a9f820e69818d58300f9f7ce1654fee1c4a19b4a7d342f12d

    SHA512

    bce204c410a50895da3acbede79322d80bb23bafe2de7f5c604ba280a4d19669c10007d4624c89693f5ce626b25d1d78bbcc2621c9ff02dda5359569511b4780

    Download Submit

  • memory/624-67-0x000000000043A000-0x000000000047D000-memory.dmp

    Filesize

    268KB

    Download

  • memory/624-68-0x0000000000430000-0x000000000048B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2004-54-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2004-56-0x0000000000370000-0x00000000003CB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2004-55-0x0000000075811000-0x0000000075813000-memory.dmp

    Filesize

    8KB

    Download