Overview

overview

8

Static

static

8b960e0acf...35.exe

windows7-x64

8

8b960e0acf...35.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 01:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935.exe

  • Size

    274KB

  • MD5

    1e2ea698c40a70c1b35447ea545fbca0

  • SHA1

    b3720067216f01299f8cfff2dd692319d2223e7e

  • SHA256

    8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935

  • SHA512

    81673f0fc6f842ecde8dc41366b7acf077660412fa73179ef6f7e237bea82f485314677585c25df577a67e91a90ddf7ad5bc84bfa72a1f875c402ef8692273c9

  • SSDEEP

    3072:aIJ8MJJ/pqo6Xjy1wXesId9H8gVQO+5/c2ddLM6hMLIokjwrhpcSvMrq5kUL2iZ+:t5XMoi2wO+FdddLM6njNSqmdOasnqIN

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935.exe
    "C:\Users\Admin\AppData\Local\Temp\8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:1444
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {85A65E4D-F3DE-4BA4-9A67-A0973EC996AB} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\PROGRA~3\Mozilla\jjruejn.exe
      C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    274KB

    MD5

    07bddee3c7279aed97d9eb63b0586c34

    SHA1

    76a71e7ca108824d7115ec99593076daa0ebab8f

    SHA256

    b8f8f6eacac7bc1a40b83138124681e9a401d9d63677f0d55ea83a2358c46b81

    SHA512

    3e26d222afc95f858441733bae3f203b1cc667725dee88628a15fc5f91228ed0783cc88f20b4b44e5d9eda99053ee9d889e87024beac28f6077f525856a704e9

    Download Submit

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    274KB

    MD5

    07bddee3c7279aed97d9eb63b0586c34

    SHA1

    76a71e7ca108824d7115ec99593076daa0ebab8f

    SHA256

    b8f8f6eacac7bc1a40b83138124681e9a401d9d63677f0d55ea83a2358c46b81

    SHA512

    3e26d222afc95f858441733bae3f203b1cc667725dee88628a15fc5f91228ed0783cc88f20b4b44e5d9eda99053ee9d889e87024beac28f6077f525856a704e9

    Download Submit

  • memory/1444-54-0x0000000075D71000-0x0000000075D73000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1444-55-0x0000000000300000-0x000000000035B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1444-56-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1444-57-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2028-62-0x0000000000460000-0x00000000004BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2028-63-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2028-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download