Overview

overview

8

Static

static

227d2de9b1...a4.exe

windows7-x64

8

227d2de9b1...a4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 10:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    227d2de9b1d81793c0eb92e759e3b5cf848a5982ed044f94ff10642941ea00a4.exe

  • Size

    140KB

  • MD5

    2dc51894de6ddc0f2917e7133f204ca0

  • SHA1

    84af8133d1d8a0619c9922fb137d07edae849c9e

  • SHA256

    227d2de9b1d81793c0eb92e759e3b5cf848a5982ed044f94ff10642941ea00a4

  • SHA512

    db1b1d92327794af80726472226d5b6a9194505be6d7f137ccd9d9b1375960dd7f1ca3b1234452330b627fe9d7b36da33bd9a7d09ad56847b6542aaefcf595a8

  • SSDEEP

    3072:pidj6ShhYRa3SXjF/HvD9hQU7OCyIjAYxRwmdPkmkWt+3t97SVKmHkp:pEjpvYc3YJ/HvD9hTKCyI7TwmdMlL99N

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\227d2de9b1d81793c0eb92e759e3b5cf848a5982ed044f94ff10642941ea00a4.exe
    "C:\Users\Admin\AppData\Local\Temp\227d2de9b1d81793c0eb92e759e3b5cf848a5982ed044f94ff10642941ea00a4.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1308
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {EEF67EFF-EEF1-45C6-B426-0AFD5E438F3E} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\PROGRA~3\Mozilla\jjruejn.exe
      C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1096

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    140KB

    MD5

    14f5829076a835852109f9e3a6fe7b7c

    SHA1

    cbdf289234b118c1b192bd8eafa3adffc4c919f1

    SHA256

    3408b41c1f3b4e42d3001e31ce3037943f0ad6f53f57cfded7ce4468e5e8563f

    SHA512

    e89ea7bf2fe9cfe3eebb0163905040e89aa597598f5a0a99478d7459d0041668d3a114b0f06966d83d86c0fda7d455771bfb7906268e8a8b96c30724d4b0aa30

    Download Submit

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    140KB

    MD5

    14f5829076a835852109f9e3a6fe7b7c

    SHA1

    cbdf289234b118c1b192bd8eafa3adffc4c919f1

    SHA256

    3408b41c1f3b4e42d3001e31ce3037943f0ad6f53f57cfded7ce4468e5e8563f

    SHA512

    e89ea7bf2fe9cfe3eebb0163905040e89aa597598f5a0a99478d7459d0041668d3a114b0f06966d83d86c0fda7d455771bfb7906268e8a8b96c30724d4b0aa30

    Download Submit

  • memory/1308-54-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1308-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1308-58-0x000000000043A000-0x000000000047D000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1308-59-0x0000000000430000-0x000000000048B000-memory.dmp

    Filesize

    364KB

    Download