Overview

overview

8

Static

static

849d4b46ae...57.exe

windows7-x64

8

849d4b46ae...57.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2022 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    849d4b46ae1bc6ce3fa959b30a9f0338a5f6a21c4eaee44da46811326d418c57.exe

  • Size

    156KB

  • MD5

    96e059a6fc1885be1094bde412d86640

  • SHA1

    931938dccb7ac9c72c6f368ccb2d780b90fbfef6

  • SHA256

    849d4b46ae1bc6ce3fa959b30a9f0338a5f6a21c4eaee44da46811326d418c57

  • SHA512

    690e4d25a4b9e4d352265c5f00ad44a5768f385317f1353183c4327da01acba2bd325c5ae8fcbd3bd27aac5ce569a19f406aa394da0e6fe08b352cc8bc154601

  • SSDEEP

    1536:JKcASE+BqEku1utkZOWD3Gjvs3TfKcLzAFJJsksvaWtmqb3Cb4p8zHMTNch8eCWn:l1BqxuUaKjU3TicAHJsow3zpEENchbB

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\849d4b46ae1bc6ce3fa959b30a9f0338a5f6a21c4eaee44da46811326d418c57.exe
    "C:\Users\Admin\AppData\Local\Temp\849d4b46ae1bc6ce3fa959b30a9f0338a5f6a21c4eaee44da46811326d418c57.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1600
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {22F76AFA-3E76-4AA0-8486-AFFD666B5C1F} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\PROGRA~3\Mozilla\jjruejn.exe
      C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1284

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    156KB

    MD5

    81b14f4fe6ab6624967a9c9b5a227ff2

    SHA1

    3be4b63f3bf9687d1770f2faf779a23dd19c4f5d

    SHA256

    c4da6174c1f79d6c2d6be64530d38105321bd8f3517f3e89f51ff9df44e99f07

    SHA512

    739e61b81e818548eb6341a8630ea722595c7df67d238cb5d5fa19bcefcb31e0ce9277fb4c1e069006e364426c866e2accde26854d8e6236ea5f96c035a2b4fc

    Download Submit

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    156KB

    MD5

    81b14f4fe6ab6624967a9c9b5a227ff2

    SHA1

    3be4b63f3bf9687d1770f2faf779a23dd19c4f5d

    SHA256

    c4da6174c1f79d6c2d6be64530d38105321bd8f3517f3e89f51ff9df44e99f07

    SHA512

    739e61b81e818548eb6341a8630ea722595c7df67d238cb5d5fa19bcefcb31e0ce9277fb4c1e069006e364426c866e2accde26854d8e6236ea5f96c035a2b4fc

    Download Submit

  • memory/1284-62-0x0000000000000000-mapping.dmp

    Download

  • memory/1284-65-0x00000000002E0000-0x000000000033B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1600-54-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1600-55-0x0000000076461000-0x0000000076463000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1600-56-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download