Overview

overview

8

Static

static

330285cda5...e8.exe

windows7-x64

8

330285cda5...e8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    59s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    330285cda5d7730ef883d7a3b7274c90de71c6be3c86a7a484297587db6e45e8.exe

  • Size

    269KB

  • MD5

    4821bb65e5179abd91d1a118315432c0

  • SHA1

    1b8dea4709a6d090bb37ca2ca153bd8836f06f68

  • SHA256

    330285cda5d7730ef883d7a3b7274c90de71c6be3c86a7a484297587db6e45e8

  • SHA512

    d9b37d60f385d7936cea8143639f6f7236c0a8d0aa25baf289224382cf1254f7d8ce0f5edd916458c1cb3e39d84b94f3d5ae0e67fbad25dd6ceb98adf40ff02b

  • SSDEEP

    6144:CDJVazMKV31FdaQvXluxqU+A/0y+nt75voqQEnHv0CxN8H9RJPa:CDJM/bXntAh+nhZoqQEHvVIzJPa

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\330285cda5d7730ef883d7a3b7274c90de71c6be3c86a7a484297587db6e45e8.exe
    "C:\Users\Admin\AppData\Local\Temp\330285cda5d7730ef883d7a3b7274c90de71c6be3c86a7a484297587db6e45e8.exe"
    1⤵
    • Drops file in Program Files directory
    PID:944
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {A2C24052-5E69-4E1F-A4CE-4A5C4B60A5BC} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\PROGRA~3\Mozilla\sgfgrig.exe
      C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:820

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    269KB

    MD5

    45c45c09daeb45a8a15e11c6ba6eb3fa

    SHA1

    e0f59d7cb0e7d7674f68a9d34f54fc833374dcea

    SHA256

    fdd2d9d20a1f9a1a932efc529b8655ebfa22b803380b74ded60af525725ea584

    SHA512

    63a73f45da08c94823aac745948f5fd1e4a06d7a28ea0be32577bb37665ce9f7e88eb9ec0030c2bd9f4e16cd3457773be6bd090428bdffdb43cac7f4d41310f0

    Download Submit

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    269KB

    MD5

    45c45c09daeb45a8a15e11c6ba6eb3fa

    SHA1

    e0f59d7cb0e7d7674f68a9d34f54fc833374dcea

    SHA256

    fdd2d9d20a1f9a1a932efc529b8655ebfa22b803380b74ded60af525725ea584

    SHA512

    63a73f45da08c94823aac745948f5fd1e4a06d7a28ea0be32577bb37665ce9f7e88eb9ec0030c2bd9f4e16cd3457773be6bd090428bdffdb43cac7f4d41310f0

    Download Submit

  • memory/820-63-0x0000000000000000-mapping.dmp

    Download

  • memory/820-65-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/820-67-0x00000000002F0000-0x000000000034B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/944-54-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/944-55-0x0000000075141000-0x0000000075143000-memory.dmp

    Filesize

    8KB

    Download

  • memory/944-56-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/944-61-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download