Overview

overview

8

Static

static

1b62834e35...b4.exe

windows7-x64

8

1b62834e35...b4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    40s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 16:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b62834e351b1d9fbb419cbd2a26fc6b202a9de46b0e821900d8f538881928b4.exe

  • Size

    178KB

  • MD5

    2e8a00eadb1bad304b3fd838e4394065

  • SHA1

    8ca00cccbe760bd45b5c7b64a88a4082d7ec6d41

  • SHA256

    1b62834e351b1d9fbb419cbd2a26fc6b202a9de46b0e821900d8f538881928b4

  • SHA512

    99169d4e41ac9e04ddd8c31140bfc14fb3399f8a172d11ef9ef9c111f11d3e72e131823e1f1be7e95ce6e54a781e8e07c951061d8db0a14a6f06bfe5aa9fa6ba

  • SSDEEP

    3072:ETIw/g8ZIogicblSGPkxNem8sNAZtXGZi5ysdAMvI0ox5HyWTQs5R6bTWXS:ET1/g8+JxNc/VPGHgoyOAqsQ70i

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b62834e351b1d9fbb419cbd2a26fc6b202a9de46b0e821900d8f538881928b4.exe
    "C:\Users\Admin\AppData\Local\Temp\1b62834e351b1d9fbb419cbd2a26fc6b202a9de46b0e821900d8f538881928b4.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1504
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {190C66A0-FB44-444B-B7B3-1F0574B5D3D4} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2020

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    178KB

    MD5

    a4a02a381151729f0a3bf41ac7595a23

    SHA1

    e2bd5ac7640e979dd5dac8634fbccdb3c90cf8c0

    SHA256

    410cc2b7a48a38c56651fac8485432a4182a174e4b39061ff4e3e6d97447460d

    SHA512

    7fdf2f7f3b6d7c16dceae9ae5339e3768e5ea18f3eb828b7494c51609bc0a7f337dc07627422204ed4d9bb1c353862403b2d4cc60edac4199f11c3fccaacfdd5

    Download Submit
  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    178KB

    MD5

    a4a02a381151729f0a3bf41ac7595a23

    SHA1

    e2bd5ac7640e979dd5dac8634fbccdb3c90cf8c0

    SHA256

    410cc2b7a48a38c56651fac8485432a4182a174e4b39061ff4e3e6d97447460d

    SHA512

    7fdf2f7f3b6d7c16dceae9ae5339e3768e5ea18f3eb828b7494c51609bc0a7f337dc07627422204ed4d9bb1c353862403b2d4cc60edac4199f11c3fccaacfdd5

    Download Submit
  • memory/1504-54-0x0000000000400000-0x0000000000427000-memory.dmp
    Filesize

    156KB

    Download
  • memory/1504-55-0x0000000075FB1000-0x0000000075FB3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1504-56-0x0000000000320000-0x000000000037B000-memory.dmp
    Filesize

    364KB

    Download
  • memory/1504-61-0x0000000000400000-0x0000000000427000-memory.dmp
    Filesize

    156KB

    Download
  • memory/2020-63-0x0000000000000000-mapping.dmp
    Download
  • memory/2020-66-0x0000000000490000-0x00000000004EB000-memory.dmp
    Filesize

    364KB

    Download