e0e3a032299045338d8a19e805946eccbd3435cb06e3a4e85ac90174d7e486ce

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0e3a032299045338d8a19e805946eccbd3435cb06e3a4e85ac90174d7e486ce.exe
Size

394KB
MD5

804b1df0574de4df8959293ce412f7a0
SHA1

300745479ad1ef09e7c865eca72456ce4daaec15
SHA256

e0e3a032299045338d8a19e805946eccbd3435cb06e3a4e85ac90174d7e486ce
SHA512

bbab4b5db2b52f9069223ccdcb2d5db897d8cf7e17c35990c58926573110127aaa0060ef94cc19e4ae5629cdbc1b6d721c995296aec2925e8dd02da8a9c282c2
SSDEEP

12288:51i/ljo6d94Z2NC+H07HQP4pgIHy0/GqBcL4DG/:51i9Igs57HQPzIXGqy0K/

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
988	jwufxge.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\jwufxge.exe	e0e3a032299045338d8a19e805946eccbd3435cb06e3a4e85ac90174d7e486ce.exe
File created	C:\PROGRA~3\Mozilla\hvkykah.dll	jwufxge.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 988	1776	taskeng.exe	27
PID 1776 wrote to memory of 988	1776	taskeng.exe	27
PID 1776 wrote to memory of 988	1776	taskeng.exe	27
PID 1776 wrote to memory of 988	1776	taskeng.exe	27

C:\Users\Admin\AppData\Local\Temp\e0e3a032299045338d8a19e805946eccbd3435cb06e3a4e85ac90174d7e486ce.exe
"C:\Users\Admin\AppData\Local\Temp\e0e3a032299045338d8a19e805946eccbd3435cb06e3a4e85ac90174d7e486ce.exe"
1⤵
- Drops file in Program Files directory
PID:1184

C:\Windows\system32\taskeng.exe
taskeng.exe {C7F0F604-95BE-472E-A407-F8BDFD8F269F} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1776
- C:\PROGRA~3\Mozilla\jwufxge.exe
  C:\PROGRA~3\Mozilla\jwufxge.exe -kqepohf
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\jwufxge.exe

Filesize
394KB

MD5
ad2b896c6ad8acb9b1f64f173a67a0d4

SHA1
7f4bf3f8d15a8082937318947d157b8c82f35a95

SHA256
d5d25202fcb9a0107aa0aa571fb5030d983755be5a49642a0ea5b843a85e9953

SHA512
0e5066bbf238f18b81c1870e2e939f16273a17a7279f64ec109ecd0c0f8727f5623d54ecd71e4816be94b23216cb3bdc23f5f49d17d0a0823170f1e0e03154e2

Download Submit
C:\PROGRA~3\Mozilla\jwufxge.exe

Filesize
394KB

MD5
ad2b896c6ad8acb9b1f64f173a67a0d4

SHA1
7f4bf3f8d15a8082937318947d157b8c82f35a95

SHA256
d5d25202fcb9a0107aa0aa571fb5030d983755be5a49642a0ea5b843a85e9953

SHA512
0e5066bbf238f18b81c1870e2e939f16273a17a7279f64ec109ecd0c0f8727f5623d54ecd71e4816be94b23216cb3bdc23f5f49d17d0a0823170f1e0e03154e2

Download Submit
memory/1184-54-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1184-55-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/1184-56-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download