73757d2a55f25dfbc43b9dd974fded589fbea3346ae468a73df005c7704b5ab9

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73757d2a55f25dfbc43b9dd974fded589fbea3346ae468a73df005c7704b5ab9.exe
Size

138KB
MD5

935a833bbd19c15e155cd14a57d10730
SHA1

9b6ffe363ee8d6706e600b84c53f9f9ac55525f3
SHA256

73757d2a55f25dfbc43b9dd974fded589fbea3346ae468a73df005c7704b5ab9
SHA512

4e8f288a4d67c427d71cfa1086989099020b945b89b4b8e4de347fb7217d61684ba55409fa59a8bdbffccb16f13a2e6917f7d79e00b25932a863dda48eb593ff
SSDEEP

3072:mc9XTpcvocFIALdm3vL5wI1G6OoBQXTmy5xEKJ9W8NR1o:F9X1qoEd2v9wI1XOoTDHER1o

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
688	jjruejn.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\jjruejn.exe	73757d2a55f25dfbc43b9dd974fded589fbea3346ae468a73df005c7704b5ab9.exe
File created	C:\PROGRA~3\Mozilla\segfnra.dll	jjruejn.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 688	1276	taskeng.exe	28
PID 1276 wrote to memory of 688	1276	taskeng.exe	28
PID 1276 wrote to memory of 688	1276	taskeng.exe	28
PID 1276 wrote to memory of 688	1276	taskeng.exe	28

C:\Users\Admin\AppData\Local\Temp\73757d2a55f25dfbc43b9dd974fded589fbea3346ae468a73df005c7704b5ab9.exe
"C:\Users\Admin\AppData\Local\Temp\73757d2a55f25dfbc43b9dd974fded589fbea3346ae468a73df005c7704b5ab9.exe"
1⤵
- Drops file in Program Files directory
PID:1600

C:\Windows\system32\taskeng.exe
taskeng.exe {0D61F962-27AF-43C7-A3A4-F3D51B0028C7} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\PROGRA~3\Mozilla\jjruejn.exe
  C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:688

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\jjruejn.exe

Filesize
138KB

MD5
f7b7824e54f4d86a399c1ee87b05d9c8

SHA1
86e4ce1e18810804988c86034554295648999d61

SHA256
e064d0f9168603898f05c429f66d4a971ef01cf826315ac1024dc82d449e5f33

SHA512
d0e3ce20f149f9921a10e85c37e0ca6f439c2cd2c538fe2ad3290299edc23621463df519016316a4ec720ca59445f99866c8eebce99ad0d76f1a247558c5ceff

Download Submit
C:\PROGRA~3\Mozilla\jjruejn.exe

Filesize
138KB

MD5
f7b7824e54f4d86a399c1ee87b05d9c8

SHA1
86e4ce1e18810804988c86034554295648999d61

SHA256
e064d0f9168603898f05c429f66d4a971ef01cf826315ac1024dc82d449e5f33

SHA512
d0e3ce20f149f9921a10e85c37e0ca6f439c2cd2c538fe2ad3290299edc23621463df519016316a4ec720ca59445f99866c8eebce99ad0d76f1a247558c5ceff

Download Submit
memory/688-64-0x0000000000200000-0x000000000025B000-memory.dmp

Filesize
364KB

Download
memory/1600-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1600-55-0x0000000000260000-0x00000000002BB000-memory.dmp

Filesize
364KB

Download