Overview

overview

8

Static

static

49b0d6b10e...17.exe

windows7-x64

8

49b0d6b10e...17.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    36s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49b0d6b10ebd58157e34f3675eb441c28a0fbec362f14eb3e7e68639d6f3e917.exe

  • Size

    156KB

  • MD5

    03d1ae89ce07e7fbbd577b60586fa8c0

  • SHA1

    c99feeede72f8fe7cf8899755492cce10e22d0cd

  • SHA256

    49b0d6b10ebd58157e34f3675eb441c28a0fbec362f14eb3e7e68639d6f3e917

  • SHA512

    d6dd210801601a336e86ec857cb09937cf2ea3d789be3ddaaa492917c811e04d117c690c730d0b3cf65b1b6147cf17195a5a077022b467ff0ca4974db79b3e89

  • SSDEEP

    3072:lf1AH52h0MAu13T8MXR7CwwjuUkpBmz/BHR9iT+8h2f:lfghMAGBmdGOx9iT+IM

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49b0d6b10ebd58157e34f3675eb441c28a0fbec362f14eb3e7e68639d6f3e917.exe
    "C:\Users\Admin\AppData\Local\Temp\49b0d6b10ebd58157e34f3675eb441c28a0fbec362f14eb3e7e68639d6f3e917.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1348
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {9BE98138-A32F-4735-894E-C62717FC8556} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\PROGRA~3\Mozilla\jwufxge.exe
      C:\PROGRA~3\Mozilla\jwufxge.exe -kqepohf
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1904

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jwufxge.exe
    Filesize

    156KB

    MD5

    61c99ef21b747bcdc8d75dd87fafad8e

    SHA1

    142797bc225a5181d80fdfd644a86221e26151f0

    SHA256

    b01acd9576453a874b4dffc7b7893a598e24e8e6cdf482502e9a7ed4ab695801

    SHA512

    d7c53d2a7ca151e24e2a8cc31f8f1ba8d92dcc51d3aa17b7655ee3b70117eb86656cc980afc1e2ff4d1875dcd731cd40ef56a1138f11218822fe780267554606

    Download Submit

  • C:\PROGRA~3\Mozilla\jwufxge.exe
    Filesize

    156KB

    MD5

    61c99ef21b747bcdc8d75dd87fafad8e

    SHA1

    142797bc225a5181d80fdfd644a86221e26151f0

    SHA256

    b01acd9576453a874b4dffc7b7893a598e24e8e6cdf482502e9a7ed4ab695801

    SHA512

    d7c53d2a7ca151e24e2a8cc31f8f1ba8d92dcc51d3aa17b7655ee3b70117eb86656cc980afc1e2ff4d1875dcd731cd40ef56a1138f11218822fe780267554606

    Download Submit

  • memory/1348-54-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1348-55-0x0000000074F41000-0x0000000074F43000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1348-58-0x000000000043A000-0x000000000047D000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1348-59-0x0000000000430000-0x000000000048B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1904-62-0x0000000000000000-mapping.dmp

    Download

  • memory/1904-64-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1904-66-0x0000000000910000-0x000000000096B000-memory.dmp

    Filesize

    364KB

    Download