Overview

overview

8

Static

static

66f3af32b0...17.exe

windows7-x64

8

66f3af32b0...17.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    56s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 08:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    66f3af32b02e561761cb2610a40e819d8662f294c71e6e6f3f4e3ff333f9ed17.exe

  • Size

    469KB

  • MD5

    1cda9c98d834cca721567b6f27a30650

  • SHA1

    ec89438da6450a6bd35b58221eb3b408ae9a4763

  • SHA256

    66f3af32b02e561761cb2610a40e819d8662f294c71e6e6f3f4e3ff333f9ed17

  • SHA512

    157f4a30cc96692acb9e2686f42e4cf353ff99b6478cc20e802f34a8ab9751626a6fb94a1aa9b0ccba686d2de455ddd8fafa215a9888d45d0e4107667bb8a904

  • SSDEEP

    12288:CyhwfA1dYAMbtrvRqNVAUDY5JQsKmD0qIZSqLOQHve:C25a552VAUDaaKAOq6QHve

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66f3af32b02e561761cb2610a40e819d8662f294c71e6e6f3f4e3ff333f9ed17.exe
    "C:\Users\Admin\AppData\Local\Temp\66f3af32b02e561761cb2610a40e819d8662f294c71e6e6f3f4e3ff333f9ed17.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1280
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {15CD5328-37FC-4AD2-9F4A-B007E8C8A588} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1760

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\nswitkh.exe
          Filesize

          469KB

          MD5

          84e729391efa267a068089948327e959

          SHA1

          a60bcfe3d9ca8a66ed475f79cabdabc66817e131

          SHA256

          3f10b69be26029e97a1822edb0093f58b0f25899ac05deeac4aace56e33884d5

          SHA512

          26c7337debee9ba40092a3821d05ea4aee92b49f60874d57a7e12c27bdb3eeb0c863aa6853fca32527de58835d518cdbe539a7763fa2940f38f8b8cda15be33f

          Download Submit

        • C:\PROGRA~3\Mozilla\nswitkh.exe
          Filesize

          469KB

          MD5

          84e729391efa267a068089948327e959

          SHA1

          a60bcfe3d9ca8a66ed475f79cabdabc66817e131

          SHA256

          3f10b69be26029e97a1822edb0093f58b0f25899ac05deeac4aace56e33884d5

          SHA512

          26c7337debee9ba40092a3821d05ea4aee92b49f60874d57a7e12c27bdb3eeb0c863aa6853fca32527de58835d518cdbe539a7763fa2940f38f8b8cda15be33f

          Download Submit

        • memory/1280-59-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1280-54-0x0000000075811000-0x0000000075813000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1280-60-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1280-61-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1280-56-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1280-55-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1760-66-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1760-67-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1760-70-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1760-71-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download