243ed09915517dacdc6b84bb199bd245a4c9dfd2fef37cc108e98b75b3638f3c

Analysis

max time kernel
56s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

243ed09915517dacdc6b84bb199bd245a4c9dfd2fef37cc108e98b75b3638f3c.exe
Size

248KB
MD5

42c1e52c76cd9d58ce95a8f2896f11b0
SHA1

b0b22226779282eb5a62479e9c39462d8e50383b
SHA256

243ed09915517dacdc6b84bb199bd245a4c9dfd2fef37cc108e98b75b3638f3c
SHA512

d0d8ac8003e2084d1fb21b5ec9e0c24601791a4d1be87c1aee2603477d2fd21dad75a84152d81e83fc6bf80163f8a60559d1753107d7e5fe6943fd9540b38ece
SSDEEP

3072:aIJ8MJJ/pqo6Xjy1wXesId9H8gVQO+5/c2ddLM6hMLIokjwrhpcSvMrq5kUL2ia:t5XMoi2wO+FdddLM6njNSqmda

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
588	suxbtjf.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\wkvogyf.dll	suxbtjf.exe
File created	C:\PROGRA~3\Mozilla\suxbtjf.exe	243ed09915517dacdc6b84bb199bd245a4c9dfd2fef37cc108e98b75b3638f3c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
688	243ed09915517dacdc6b84bb199bd245a4c9dfd2fef37cc108e98b75b3638f3c.exe
588	suxbtjf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 592 wrote to memory of 588	592	taskeng.exe	29
PID 592 wrote to memory of 588	592	taskeng.exe	29
PID 592 wrote to memory of 588	592	taskeng.exe	29
PID 592 wrote to memory of 588	592	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\243ed09915517dacdc6b84bb199bd245a4c9dfd2fef37cc108e98b75b3638f3c.exe
"C:\Users\Admin\AppData\Local\Temp\243ed09915517dacdc6b84bb199bd245a4c9dfd2fef37cc108e98b75b3638f3c.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:688

C:\Windows\system32\taskeng.exe
taskeng.exe {71937B36-2C7B-4BBF-8CF2-488E724C8439} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:592
- C:\PROGRA~3\Mozilla\suxbtjf.exe
  C:\PROGRA~3\Mozilla\suxbtjf.exe -wukznwj
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of UnmapMainImage
  PID:588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
248KB

MD5
8e5aad0debf5ab1f60df3f5c22a293f2

SHA1
dd772ba211d4074a51e78bd2c32d3d839fc1bd6e

SHA256
1d1898833902a72af40856feb29af2f9471feea5b24de8f2f96611e5f81faada

SHA512
e48d53d26735f1539c1e9ae00a76fab3609103bf96a87aa1476246c30e1cb142fd3566344e62b631b3ff538f0fb6c24bcb523df7d3ff8fa91f8d3875835691a9

Download Submit
C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
248KB

MD5
8e5aad0debf5ab1f60df3f5c22a293f2

SHA1
dd772ba211d4074a51e78bd2c32d3d839fc1bd6e

SHA256
1d1898833902a72af40856feb29af2f9471feea5b24de8f2f96611e5f81faada

SHA512
e48d53d26735f1539c1e9ae00a76fab3609103bf96a87aa1476246c30e1cb142fd3566344e62b631b3ff538f0fb6c24bcb523df7d3ff8fa91f8d3875835691a9

Download Submit
memory/588-63-0x0000000000250000-0x00000000002AB000-memory.dmp

Filesize
364KB

Download
memory/588-64-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/588-65-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/688-54-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download
memory/688-55-0x0000000000310000-0x000000000036B000-memory.dmp

Filesize
364KB

Download
memory/688-56-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/688-57-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/688-58-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download