Overview

overview

8

Static

static

e3893e5c3e...e1.exe

windows7-x64

8

e3893e5c3e...e1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    55s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-10-2022 05:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e3893e5c3e05d117f056edd7b3035f640fc0cb9179a579f2bcbc46246f7f0de1.exe

  • Size

    256KB

  • MD5

    92bca542bceeabd1db0a4e5ca6d024e0

  • SHA1

    b1827c7ae14fe16d53985ea6c9fb5b79be6c8122

  • SHA256

    e3893e5c3e05d117f056edd7b3035f640fc0cb9179a579f2bcbc46246f7f0de1

  • SHA512

    f4a592e9a3c0df0bdea1e2a9b59de7f249cbaa12abe3506b17e94da952b12ae68643f2d242096b5a941f0e200f7b4aa970043f27acaab41f98509ef7e6e4c053

  • SSDEEP

    3072:d5+iiVM2EB1GG/66WXrAdyUFVdhxDdiht1wNyY9y74q8Doh4:3FiVdI3S6EabFbiD11R0Xp

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e3893e5c3e05d117f056edd7b3035f640fc0cb9179a579f2bcbc46246f7f0de1.exe
    "C:\Users\Admin\AppData\Local\Temp\e3893e5c3e05d117f056edd7b3035f640fc0cb9179a579f2bcbc46246f7f0de1.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:1972
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {ABA13E8A-2F0F-49EC-8C27-8167C069E13F} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:1408

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    256KB

    MD5

    827cf8ca79c17a2f62e4b4c1b58090e3

    SHA1

    97171de5b80086b5f446f9eb214fd4c048f261bc

    SHA256

    67cf1a1d69b8111d380ff9e179fb616eaf80d5fc1092d32f731fab7171e88e1a

    SHA512

    9e4e275db066db3b3fb74bff183c4e577394dcc39c0494787257b68493c52d9b58fe12b9ec685a1bfdfc2c4525e7e7d322627b6e113afae680e03120fa3a112a

    Download Submit

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    256KB

    MD5

    827cf8ca79c17a2f62e4b4c1b58090e3

    SHA1

    97171de5b80086b5f446f9eb214fd4c048f261bc

    SHA256

    67cf1a1d69b8111d380ff9e179fb616eaf80d5fc1092d32f731fab7171e88e1a

    SHA512

    9e4e275db066db3b3fb74bff183c4e577394dcc39c0494787257b68493c52d9b58fe12b9ec685a1bfdfc2c4525e7e7d322627b6e113afae680e03120fa3a112a

    Download Submit

  • memory/1408-63-0x0000000000290000-0x00000000002EB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1408-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1408-65-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1972-54-0x00000000751A1000-0x00000000751A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1972-55-0x0000000000460000-0x00000000004BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1972-56-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1972-57-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1972-58-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download