Overview

overview

8

Static

static

9ed43b2135...2a.exe

windows7-x64

8

9ed43b2135...2a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    57s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19-10-2022 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ed43b21352259b519bce8406c6054106329d736856c1ddb8f0eb37ea186992a.exe

  • Size

    131KB

  • MD5

    91f9a9168fa484fdd9911e7108ec6200

  • SHA1

    8a0dc260c11910f74158f41c14fd60cfef3b40ba

  • SHA256

    9ed43b21352259b519bce8406c6054106329d736856c1ddb8f0eb37ea186992a

  • SHA512

    d730f3b8234048f753d4ecede710e23ff22711b769354956c13ba5ac3b2aa0983a5e50b1e8ac75584f7eea3575530dd3c0b5b7c8d8cacd9ff822708e121669e1

  • SSDEEP

    3072:XDn7CoWd07esc3BUWGldDymdnZylqQFB07N:fCoWd0kSWSzZc1B07N

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ed43b21352259b519bce8406c6054106329d736856c1ddb8f0eb37ea186992a.exe
    "C:\Users\Admin\AppData\Local\Temp\9ed43b21352259b519bce8406c6054106329d736856c1ddb8f0eb37ea186992a.exe"
    1⤵
    • Drops file in Program Files directory
    PID:908
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {E8514208-E8DE-4A86-86A3-94A7A84EF02B} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1748

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    131KB

    MD5

    07de938666ca62aec0139251eb749899

    SHA1

    0133451c4a65fa0bc855317e75103d15c1ab0e06

    SHA256

    7be3807781e69840ef4d6f5a960c70d5c9eb67b8ec4cb56ef48dc5bf1bf3eb9f

    SHA512

    afd59dcef61bfb38a8d6367221ed2b74af5afc66e78377089e4a7450a23e049930a9fb4e8d53d61062d42473f7e953f69820aba9d7444fc1aef37e6b5df4b26d

    Download Submit

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    131KB

    MD5

    07de938666ca62aec0139251eb749899

    SHA1

    0133451c4a65fa0bc855317e75103d15c1ab0e06

    SHA256

    7be3807781e69840ef4d6f5a960c70d5c9eb67b8ec4cb56ef48dc5bf1bf3eb9f

    SHA512

    afd59dcef61bfb38a8d6367221ed2b74af5afc66e78377089e4a7450a23e049930a9fb4e8d53d61062d42473f7e953f69820aba9d7444fc1aef37e6b5df4b26d

    Download Submit

  • memory/908-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/908-55-0x0000000000330000-0x000000000038B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1748-61-0x0000000000000000-mapping.dmp

    Download

  • memory/1748-66-0x000000000043A000-0x000000000047D000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1748-67-0x0000000000430000-0x000000000048B000-memory.dmp

    Filesize

    364KB

    Download