Analysis
-
max time kernel
146s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08/11/2022, 06:55
Behavioral task
behavioral1
Sample
597b728407b2c1a91d5a49d0bc9a9c55.exe
Resource
win7-20220812-en
General
-
Target
597b728407b2c1a91d5a49d0bc9a9c55.exe
-
Size
32KB
-
MD5
597b728407b2c1a91d5a49d0bc9a9c55
-
SHA1
a3589bc875751b10363ba56c559948781429a57a
-
SHA256
4eceaf21c15e9755c7ea6dae9613bebe2462f4e85322a8e7d521e277e8bb1f13
-
SHA512
964c7e5e90c96e2fd286cfee1f8d115abbdccf5cc8068a075fba2f964a1594b78dd69daa42ba8ad2fac58a99d6f9b3ee76f2d1d6a9d1ee744a5330cb9d978c43
-
SSDEEP
768:HqPzUdiJ8dayafVcCSWYVYnPrryFbnpoJo2ECpKc6lUZ1Fg:YLJ8dayaaupDobnpo2Ip0
Malware Config
Extracted
systembc
45.182.189.231:443
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1112 njfdvsf.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\Tasks\njfdvsf.job 597b728407b2c1a91d5a49d0bc9a9c55.exe File opened for modification C:\Windows\Tasks\njfdvsf.job 597b728407b2c1a91d5a49d0bc9a9c55.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1928 597b728407b2c1a91d5a49d0bc9a9c55.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1860 wrote to memory of 1112 1860 taskeng.exe 27 PID 1860 wrote to memory of 1112 1860 taskeng.exe 27 PID 1860 wrote to memory of 1112 1860 taskeng.exe 27 PID 1860 wrote to memory of 1112 1860 taskeng.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\597b728407b2c1a91d5a49d0bc9a9c55.exe"C:\Users\Admin\AppData\Local\Temp\597b728407b2c1a91d5a49d0bc9a9c55.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1928
-
C:\Windows\system32\taskeng.exetaskeng.exe {E2DF8F9A-C242-48A2-85E1-1B50737A6552} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1860 -
C:\ProgramData\sxnjs\njfdvsf.exeC:\ProgramData\sxnjs\njfdvsf.exe start2⤵
- Executes dropped EXE
PID:1112
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5597b728407b2c1a91d5a49d0bc9a9c55
SHA1a3589bc875751b10363ba56c559948781429a57a
SHA2564eceaf21c15e9755c7ea6dae9613bebe2462f4e85322a8e7d521e277e8bb1f13
SHA512964c7e5e90c96e2fd286cfee1f8d115abbdccf5cc8068a075fba2f964a1594b78dd69daa42ba8ad2fac58a99d6f9b3ee76f2d1d6a9d1ee744a5330cb9d978c43
-
Filesize
32KB
MD5597b728407b2c1a91d5a49d0bc9a9c55
SHA1a3589bc875751b10363ba56c559948781429a57a
SHA2564eceaf21c15e9755c7ea6dae9613bebe2462f4e85322a8e7d521e277e8bb1f13
SHA512964c7e5e90c96e2fd286cfee1f8d115abbdccf5cc8068a075fba2f964a1594b78dd69daa42ba8ad2fac58a99d6f9b3ee76f2d1d6a9d1ee744a5330cb9d978c43