1be6116d53a823b5d633565205f3c770d356d2eec363e606b9e2d264d58e6768

Analysis

max time kernel
121s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1be6116d53a823b5d633565205f3c770d356d2eec363e606b9e2d264d58e6768.exe
Size

184KB
MD5

322bdd898950d99c7dcb097b0541ab00
SHA1

be6ccf5a95b2357a7d4d456a9f37ed983868571f
SHA256

1be6116d53a823b5d633565205f3c770d356d2eec363e606b9e2d264d58e6768
SHA512

ab6e6fe15206a585920c69ab90a08a6df5d38874537302277109ba46579d6f6e05c69c0f5c71daa3e786ad8ce1876a0064d081edd38ee3a52b5b539208894d21
SSDEEP

3072:pidj6ShhYRa3SXjF/HvD9hQU7OCyIjAYxRwmdPkmkWt+3t97SVKmHkAJbbvAKclI:pEjpvYc3YJ/HvD9hTKCyI7TwmdMlL99y

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
988	jydekdj.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\jydekdj.exe	1be6116d53a823b5d633565205f3c770d356d2eec363e606b9e2d264d58e6768.exe
File created	C:\PROGRA~3\Mozilla\xdldjol.dll	jydekdj.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 988	1324	taskeng.exe	28
PID 1324 wrote to memory of 988	1324	taskeng.exe	28
PID 1324 wrote to memory of 988	1324	taskeng.exe	28
PID 1324 wrote to memory of 988	1324	taskeng.exe	28

C:\Users\Admin\AppData\Local\Temp\1be6116d53a823b5d633565205f3c770d356d2eec363e606b9e2d264d58e6768.exe
"C:\Users\Admin\AppData\Local\Temp\1be6116d53a823b5d633565205f3c770d356d2eec363e606b9e2d264d58e6768.exe"
1⤵
- Drops file in Program Files directory
PID:1144

C:\Windows\system32\taskeng.exe
taskeng.exe {B46A396F-C66B-45F3-9B0C-FEFF5535564C} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\PROGRA~3\Mozilla\jydekdj.exe
  C:\PROGRA~3\Mozilla\jydekdj.exe -vamlaul
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\jydekdj.exe

Filesize
184KB

MD5
72718a6855aa282c6e7c6b82f35e5a2c

SHA1
e76fb2386770581a631bf3c73ed94781934f1c66

SHA256
56378d8270a524f7fd9b7b98875074e16daa4f2f33b76091a1a19e81f4bc9845

SHA512
86512c8b2665b9860f0d84e720ec80c31171bfa249c84afe75c9aae02c2b09fdd4f73c1c80dbe7b9c01f9bde125d7cfc4a57f09f21f6a317fc0b05ad1a1f7e2e

Download Submit
C:\PROGRA~3\Mozilla\jydekdj.exe

Filesize
184KB

MD5
72718a6855aa282c6e7c6b82f35e5a2c

SHA1
e76fb2386770581a631bf3c73ed94781934f1c66

SHA256
56378d8270a524f7fd9b7b98875074e16daa4f2f33b76091a1a19e81f4bc9845

SHA512
86512c8b2665b9860f0d84e720ec80c31171bfa249c84afe75c9aae02c2b09fdd4f73c1c80dbe7b9c01f9bde125d7cfc4a57f09f21f6a317fc0b05ad1a1f7e2e

Download Submit
memory/988-65-0x0000000000910000-0x000000000096B000-memory.dmp

Filesize
364KB

Download
memory/1144-54-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1144-55-0x00000000759C1000-0x00000000759C3000-memory.dmp

Filesize
8KB

Download
memory/1144-56-0x0000000001C80000-0x0000000001CDB000-memory.dmp

Filesize
364KB

Download