6a1d5d9fce90cde67f48aa600e00dea78b165ecbf95d170edb08c55591e95790

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 04:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a1d5d9fce90cde67f48aa600e00dea78b165ecbf95d170edb08c55591e95790.exe
Size

227KB
MD5

49ee034f33180bdd1e8d3e74887eafe0
SHA1

34f6e2d3dca282224e72bfc4368270ac56361611
SHA256

6a1d5d9fce90cde67f48aa600e00dea78b165ecbf95d170edb08c55591e95790
SHA512

a12bbc2192af96df9ec789a9e756d855899ffed71d9e679887a00cf7cc6348bb9bd8e67179a285969c74ea0485262d795764f9b39cd89ed2e0bdbaa1f989bd24
SSDEEP

6144:g6Uo7/Eu19O18HNv3TqkKGt5Db4j1ZZ1LMQ/:gC/Eq418HRDqkZkBZ/M0

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1544	jjruejn.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\jjruejn.exe	6a1d5d9fce90cde67f48aa600e00dea78b165ecbf95d170edb08c55591e95790.exe
File created	C:\PROGRA~3\Mozilla\segfnra.dll	jjruejn.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1492	6a1d5d9fce90cde67f48aa600e00dea78b165ecbf95d170edb08c55591e95790.exe
1544	jjruejn.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1544	1160	taskeng.exe	28
PID 1160 wrote to memory of 1544	1160	taskeng.exe	28
PID 1160 wrote to memory of 1544	1160	taskeng.exe	28
PID 1160 wrote to memory of 1544	1160	taskeng.exe	28

C:\Users\Admin\AppData\Local\Temp\6a1d5d9fce90cde67f48aa600e00dea78b165ecbf95d170edb08c55591e95790.exe
"C:\Users\Admin\AppData\Local\Temp\6a1d5d9fce90cde67f48aa600e00dea78b165ecbf95d170edb08c55591e95790.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1492

C:\Windows\system32\taskeng.exe
taskeng.exe {56019283-6A09-4C33-82F5-9620522016AA} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\PROGRA~3\Mozilla\jjruejn.exe
  C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of UnmapMainImage
  PID:1544

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\jjruejn.exe

Filesize
227KB

MD5
375e5c81783e6cd5e0a326cd8074ea2e

SHA1
90b31a04c869f82eea045d18aef16961a04a02f3

SHA256
bc3ef188b4650ff10b9c96c1d65c3a541c0d31457f3a60e34cc061c46ea5a310

SHA512
2267296c80ac73984cbb17e899deaf8f7709bb89171f47a6c54a6de616280b29b99f9737223fe71c01e6bcd1a19ed23ff7bc03f6ddcf5c17c52a843de8fdc94d

Download Submit
C:\PROGRA~3\Mozilla\jjruejn.exe

Filesize
227KB

MD5
375e5c81783e6cd5e0a326cd8074ea2e

SHA1
90b31a04c869f82eea045d18aef16961a04a02f3

SHA256
bc3ef188b4650ff10b9c96c1d65c3a541c0d31457f3a60e34cc061c46ea5a310

SHA512
2267296c80ac73984cbb17e899deaf8f7709bb89171f47a6c54a6de616280b29b99f9737223fe71c01e6bcd1a19ed23ff7bc03f6ddcf5c17c52a843de8fdc94d

Download Submit
memory/1492-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1492-55-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1492-56-0x0000000000260000-0x00000000002BB000-memory.dmp

Filesize
364KB

Download
memory/1492-57-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1544-61-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1544-63-0x0000000000260000-0x00000000002BB000-memory.dmp

Filesize
364KB

Download
memory/1544-64-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1544-65-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download