Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
10/11/2022, 06:52
Behavioral task
behavioral1
Sample
684b62ef735f504178ef6455be50b2a6.exe
Resource
win7-20220812-en
General
-
Target
684b62ef735f504178ef6455be50b2a6.exe
-
Size
32KB
-
MD5
684b62ef735f504178ef6455be50b2a6
-
SHA1
3ee91e1162e2925f896250545269f297bed06814
-
SHA256
ffe11c5c82b3e725526bf00b707e52cc713600436c5382868b46b4e4a96ba344
-
SHA512
3972bca78223e878e244ba191b86ffb993a69ef818613539b6d91d435436889b4e5d95260943d25cbf94250fa26abeff8870f6ca70f5558ec37e890a257f7c9c
-
SSDEEP
768:HqPzUdiJ8dayafVcCSWYVYnPrryFbnpoJo2zKc6lUZJFg:YLJ8dayaaupDobnpo24w
Malware Config
Extracted
systembc
45.182.189.231:443
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1264 fsuteo.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\Tasks\fsuteo.job 684b62ef735f504178ef6455be50b2a6.exe File created C:\Windows\Tasks\fsuteo.job 684b62ef735f504178ef6455be50b2a6.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1896 684b62ef735f504178ef6455be50b2a6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1940 wrote to memory of 1264 1940 taskeng.exe 29 PID 1940 wrote to memory of 1264 1940 taskeng.exe 29 PID 1940 wrote to memory of 1264 1940 taskeng.exe 29 PID 1940 wrote to memory of 1264 1940 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\684b62ef735f504178ef6455be50b2a6.exe"C:\Users\Admin\AppData\Local\Temp\684b62ef735f504178ef6455be50b2a6.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1896
-
C:\Windows\system32\taskeng.exetaskeng.exe {E795C970-2D52-40CB-9568-981640EA5A58} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\ProgramData\jtnctk\fsuteo.exeC:\ProgramData\jtnctk\fsuteo.exe start2⤵
- Executes dropped EXE
PID:1264
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5684b62ef735f504178ef6455be50b2a6
SHA13ee91e1162e2925f896250545269f297bed06814
SHA256ffe11c5c82b3e725526bf00b707e52cc713600436c5382868b46b4e4a96ba344
SHA5123972bca78223e878e244ba191b86ffb993a69ef818613539b6d91d435436889b4e5d95260943d25cbf94250fa26abeff8870f6ca70f5558ec37e890a257f7c9c
-
Filesize
32KB
MD5684b62ef735f504178ef6455be50b2a6
SHA13ee91e1162e2925f896250545269f297bed06814
SHA256ffe11c5c82b3e725526bf00b707e52cc713600436c5382868b46b4e4a96ba344
SHA5123972bca78223e878e244ba191b86ffb993a69ef818613539b6d91d435436889b4e5d95260943d25cbf94250fa26abeff8870f6ca70f5558ec37e890a257f7c9c