60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
Size

168KB
MD5

554e65fc297fb631094fbbc15be61730
SHA1

8e9d910c321d588b72daaaf801b4c37101ca270c
SHA256

60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9
SHA512

2a840df37f7b25257320b26d3cb4570c66c33b30384959616f4c9effcefce66dbbc3c1486704d04e5218e05335714c0f0667d9ebb389cbfeb69dcd19f06b25ff
SSDEEP

3072:Q1uis3Hb+Q5Xq8+5zQWFDsJrmVyzACeJwi72jlQpBW/RsFPPtuui/g20NdyPOB:y0bR1+5kWFQBYAcJDpo6FPPt6g2Bi

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
240	jwufxge.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\jwufxge.exe	60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
File created	C:\PROGRA~3\Mozilla\hvkykah.dll	jwufxge.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 240	1852	taskeng.exe	28
PID 1852 wrote to memory of 240	1852	taskeng.exe	28
PID 1852 wrote to memory of 240	1852	taskeng.exe	28
PID 1852 wrote to memory of 240	1852	taskeng.exe	28

C:\Users\Admin\AppData\Local\Temp\60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
"C:\Users\Admin\AppData\Local\Temp\60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe"
1⤵
- Drops file in Program Files directory
PID:944

C:\Windows\system32\taskeng.exe
taskeng.exe {24553973-1762-4224-A222-4F7116E7B248} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\PROGRA~3\Mozilla\jwufxge.exe
  C:\PROGRA~3\Mozilla\jwufxge.exe -kqepohf
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\jwufxge.exe

Filesize
168KB

MD5
44ac4f9adff245d2a018b8827cdd9216

SHA1
4e1dc7454262f39d90e8e6df8b056e2dd716ebed

SHA256
abf64b3ae57972dcef28f02fa5b04e36e587426b99a7817b05158bd8c5e89db0

SHA512
2148f1e4fa6bb03b7fa44fefc5208128807f9fb698fcf3e75d11881b5169958e56e721631defc8040dd1b48e969929a1a56da7b9a5a4ee92c6302c76333e3bf9

Download Submit
C:\PROGRA~3\Mozilla\jwufxge.exe

Filesize
168KB

MD5
44ac4f9adff245d2a018b8827cdd9216

SHA1
4e1dc7454262f39d90e8e6df8b056e2dd716ebed

SHA256
abf64b3ae57972dcef28f02fa5b04e36e587426b99a7817b05158bd8c5e89db0

SHA512
2148f1e4fa6bb03b7fa44fefc5208128807f9fb698fcf3e75d11881b5169958e56e721631defc8040dd1b48e969929a1a56da7b9a5a4ee92c6302c76333e3bf9

Download Submit
memory/944-54-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/944-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/944-56-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download