Overview

overview

8

Static

static

29ebdedf9d...60.exe

windows7-x64

8

29ebdedf9d...60.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    33s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/10/2022, 23:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    29ebdedf9d0b93f6ecb7d315df2c7f71da8ee6d3ab168f4b1c5ebf96d19f1e60.exe

  • Size

    529KB

  • MD5

    92412ce04c84034b30c53c7053c493a9

  • SHA1

    6fde8d318ea41f7a490fd39ffc5f9e8f3dbc8b60

  • SHA256

    29ebdedf9d0b93f6ecb7d315df2c7f71da8ee6d3ab168f4b1c5ebf96d19f1e60

  • SHA512

    7466f732a876431353a4ffd42798aaaa61326ff04627c6a9132e99aa092766a811f69a87115ff73f1fe5f6948eab3f961736561f2b7744139f5069448c705e06

  • SSDEEP

    12288:Iu3URWtsYf8PemjE8h0UxH9ND6fvhMrf1seW2/ag2nQ:IkQe8PemjTh0Ul/8vh+qUAQ

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29ebdedf9d0b93f6ecb7d315df2c7f71da8ee6d3ab168f4b1c5ebf96d19f1e60.exe
    "C:\Users\Admin\AppData\Local\Temp\29ebdedf9d0b93f6ecb7d315df2c7f71da8ee6d3ab168f4b1c5ebf96d19f1e60.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:1200
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {4C7D1597-C693-4AF6-A6B8-B691C2B6ADED} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:1052

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\nswitkh.exe
          Filesize

          529KB

          MD5

          aec596ae778cffb942878ead6e3cc4c9

          SHA1

          6d66055c26b6f2a4053b54f0195f0ba83a858d4a

          SHA256

          261cd32d928ff6412457b39841d9fd0446a344e204e2f08ed8fc053d7b8a508c

          SHA512

          e4ade5fba04ef153a386283788c31020ba83c3677ca00b45a50a821e08cad968232933e2ac7d9fa521f718ea69bccc28bf0a7998511ede3c0a05e8d8d355b905

          Download Submit

        • C:\PROGRA~3\Mozilla\nswitkh.exe
          Filesize

          529KB

          MD5

          aec596ae778cffb942878ead6e3cc4c9

          SHA1

          6d66055c26b6f2a4053b54f0195f0ba83a858d4a

          SHA256

          261cd32d928ff6412457b39841d9fd0446a344e204e2f08ed8fc053d7b8a508c

          SHA512

          e4ade5fba04ef153a386283788c31020ba83c3677ca00b45a50a821e08cad968232933e2ac7d9fa521f718ea69bccc28bf0a7998511ede3c0a05e8d8d355b905

          Download Submit

        • memory/1052-63-0x00000000008A0000-0x00000000008FB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1052-64-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1052-65-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1200-54-0x0000000075091000-0x0000000075093000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-55-0x0000000000460000-0x00000000004BB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1200-56-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1200-57-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1200-58-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download