8d2566fb5d72f9ab8848d6cd852bb9ff6d9e2d73d149b2f96e9fe5ff92885820

Analysis

max time kernel
57s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d2566fb5d72f9ab8848d6cd852bb9ff6d9e2d73d149b2f96e9fe5ff92885820.exe
Size

221KB
MD5

1ad0ca209f067b504eb97667bf3fe260
SHA1

05fbfa374b2abd4c351861783e56adc3e950e9c7
SHA256

8d2566fb5d72f9ab8848d6cd852bb9ff6d9e2d73d149b2f96e9fe5ff92885820
SHA512

f7ec84bf7d4a359f317ecb66f7518fc5f20db02ebe9f39ae07a99b2804087e121caf8f46c77ba4a76a370da3157a30da4af5321c9e13dd4fbddab83f98b401a7
SSDEEP

6144:IiV3M7tydyE7ztsY4yTr8bjeJwj2EItHpk:Iu3URWtsYf8PemjE2

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
544	suxbtjf.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\suxbtjf.exe	8d2566fb5d72f9ab8848d6cd852bb9ff6d9e2d73d149b2f96e9fe5ff92885820.exe
File created	C:\PROGRA~3\Mozilla\wkvogyf.dll	suxbtjf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1776	8d2566fb5d72f9ab8848d6cd852bb9ff6d9e2d73d149b2f96e9fe5ff92885820.exe
544	suxbtjf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 544	1488	taskeng.exe	29
PID 1488 wrote to memory of 544	1488	taskeng.exe	29
PID 1488 wrote to memory of 544	1488	taskeng.exe	29
PID 1488 wrote to memory of 544	1488	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\8d2566fb5d72f9ab8848d6cd852bb9ff6d9e2d73d149b2f96e9fe5ff92885820.exe
"C:\Users\Admin\AppData\Local\Temp\8d2566fb5d72f9ab8848d6cd852bb9ff6d9e2d73d149b2f96e9fe5ff92885820.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1776

C:\Windows\system32\taskeng.exe
taskeng.exe {E0FDD646-D612-4016-AC51-B63861294024} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\PROGRA~3\Mozilla\suxbtjf.exe
  C:\PROGRA~3\Mozilla\suxbtjf.exe -wukznwj
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of UnmapMainImage
  PID:544

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
221KB

MD5
c5f0f03a5609ce8dc1751004e93fb033

SHA1
6d4f741ab2eb73ae80ff617ec3c6c16f906aff08

SHA256
ecadb2e798e68440f02cb97d43452f309ad5686054d097b3d10b9a3c63520560

SHA512
e32b5013140585307df3cd73986e372639fa590118f3d06e19f0df414465a7aa84475aba7e67e34c926d957d6c9cb22faa0dbf1e7768fadfca5d6c2a63130ec6

Download Submit
C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
221KB

MD5
c5f0f03a5609ce8dc1751004e93fb033

SHA1
6d4f741ab2eb73ae80ff617ec3c6c16f906aff08

SHA256
ecadb2e798e68440f02cb97d43452f309ad5686054d097b3d10b9a3c63520560

SHA512
e32b5013140585307df3cd73986e372639fa590118f3d06e19f0df414465a7aa84475aba7e67e34c926d957d6c9cb22faa0dbf1e7768fadfca5d6c2a63130ec6

Download Submit
memory/544-63-0x0000000000460000-0x00000000004BB000-memory.dmp

Filesize
364KB

Download
memory/544-64-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/544-65-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1776-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1776-55-0x0000000000250000-0x00000000002AB000-memory.dmp

Filesize
364KB

Download
memory/1776-56-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1776-57-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1776-58-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download