Overview

overview

8

Static

static

23b1109a96...18.exe

windows7-x64

8

23b1109a96...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    54s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23b1109a9683c25ef153c1efbf78093fd46aa75fe22d2ebf207b229a4b025018.exe

  • Size

    173KB

  • MD5

    4d0f4d5e943ed4f7f611174eaebb4230

  • SHA1

    d8e06abad3796a4d904350e0045a17f2feb22794

  • SHA256

    23b1109a9683c25ef153c1efbf78093fd46aa75fe22d2ebf207b229a4b025018

  • SHA512

    9ff81f5849e15181b78978df36152f8338fa563579cab06e309743b80aab43b0660e3a1669d958b28f60b193693cbdbdf0e82d9d9541139ef747094d13145320

  • SSDEEP

    3072:olLCHXaCdhv4DVwveIa1PU1hN6OhFHU1XsQoTN3uDuFdUsu1oME/w:4Cv3W71PUJ6OhFHU+QSNHR7w

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23b1109a9683c25ef153c1efbf78093fd46aa75fe22d2ebf207b229a4b025018.exe
    "C:\Users\Admin\AppData\Local\Temp\23b1109a9683c25ef153c1efbf78093fd46aa75fe22d2ebf207b229a4b025018.exe"
    1⤵
    • Drops file in Program Files directory
    • Enumerates system info in registry
    PID:1948
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {2BB7F528-FA61-4242-846A-A6D2211E971B} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\PROGRA~3\Mozilla\sgfgrig.exe
      C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Enumerates system info in registry
      PID:1492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    173KB

    MD5

    88749594428b82c3315fa74f8fb65489

    SHA1

    b95459a10b333efdbdcce748909298290cbc8714

    SHA256

    44db64c25f9ac740641452b9791c0f4fda040da50c0c7a4ac7c23a971a263409

    SHA512

    2de966e8f50d01f530aa2222ba3c7cc31b8a0bc56e4cb6792af193e27cddf301aae995ed4c346dc46c1ed9b7b7a1407ac21592b0f18fe4781eca1510d87be66f

    Download Submit

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    173KB

    MD5

    88749594428b82c3315fa74f8fb65489

    SHA1

    b95459a10b333efdbdcce748909298290cbc8714

    SHA256

    44db64c25f9ac740641452b9791c0f4fda040da50c0c7a4ac7c23a971a263409

    SHA512

    2de966e8f50d01f530aa2222ba3c7cc31b8a0bc56e4cb6792af193e27cddf301aae995ed4c346dc46c1ed9b7b7a1407ac21592b0f18fe4781eca1510d87be66f

    Download Submit

  • memory/1492-64-0x0000000000390000-0x00000000003EB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1948-54-0x0000000074F01000-0x0000000074F03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1948-55-0x00000000001D0000-0x000000000022B000-memory.dmp

    Filesize

    364KB

    Download