Overview

overview

8

Static

static

3d2bd3caed...76.exe

windows7-x64

8

3d2bd3caed...76.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    33s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 04:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d2bd3caed6ee2becc904125b65ae844f9c0836abfec2ccb3ba01e89d8f79876.exe

  • Size

    222KB

  • MD5

    59745df1a6e1fee6eac597faac149350

  • SHA1

    1ad70a654728128885f6a07a5af7d0dd6b17aa67

  • SHA256

    3d2bd3caed6ee2becc904125b65ae844f9c0836abfec2ccb3ba01e89d8f79876

  • SHA512

    ad8010ca82577666dec6818797addbfeb9404e6cfe3bfd72f3c671237d3919b4ce56f5f7b7c4dd01eddacd37c660bff97fa0dbb3e79f189ab63ca2659401c039

  • SSDEEP

    3072:dt8wWP9K8zfINLZmEg7xO7NlbylZ5y3ady1U8MsxbCMjqc0o4a:dt8L9KWQNkEbL2lMu8pxT8w

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d2bd3caed6ee2becc904125b65ae844f9c0836abfec2ccb3ba01e89d8f79876.exe
    "C:\Users\Admin\AppData\Local\Temp\3d2bd3caed6ee2becc904125b65ae844f9c0836abfec2ccb3ba01e89d8f79876.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:1952
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {2A86CF48-86DC-4CEA-BDB4-BE1884E3C0BC} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\PROGRA~3\Mozilla\jwufxge.exe
      C:\PROGRA~3\Mozilla\jwufxge.exe -kqepohf
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:1420

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jwufxge.exe
    Filesize

    222KB

    MD5

    9e2c1541713a5e1465e5451c09f69728

    SHA1

    49efe0342745446a40b6399f74d53f50a58735a0

    SHA256

    a4af8b2ce80ecdd6b5aeab7d9c4596e4c8089b7e5754ee8c3c3b50feaefde540

    SHA512

    e5544bccd2bf6a673658a7518b7a471f70aeccfd153b649a3517c04660a3db7d002d95ccef8598ae06a8e22aeb39f8bc40762f6913d3b7546c300bbe3da9245a

    Download Submit

  • C:\PROGRA~3\Mozilla\jwufxge.exe
    Filesize

    222KB

    MD5

    9e2c1541713a5e1465e5451c09f69728

    SHA1

    49efe0342745446a40b6399f74d53f50a58735a0

    SHA256

    a4af8b2ce80ecdd6b5aeab7d9c4596e4c8089b7e5754ee8c3c3b50feaefde540

    SHA512

    e5544bccd2bf6a673658a7518b7a471f70aeccfd153b649a3517c04660a3db7d002d95ccef8598ae06a8e22aeb39f8bc40762f6913d3b7546c300bbe3da9245a

    Download Submit

  • memory/1420-62-0x0000000000890000-0x00000000008EB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1420-63-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1420-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1952-54-0x00000000750A1000-0x00000000750A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1952-55-0x0000000000250000-0x00000000002AB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1952-56-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1952-57-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download