f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d

Analysis

max time kernel
57s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d.exe
Size

361KB
MD5

6c9bdaf8ca27f8ef0f1cc340d002ecb0
SHA1

3576ea4ef8f1e1d189000fb114a414572bafe310
SHA256

f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d
SHA512

083fc8887b05d758691f99c75cb0a96690dc4a509c7adaedefd0a788d0042cda6249714517677582c00937b4133f592420ba94039b929323d814f9e4e56ba175
SSDEEP

6144:ktAkOVfKzEdaqmGrEU+jqgPIOEnyyPWWMA9RPjf:yxEdpExqgwpnyyPWNA9RPjf

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
524	suxbtjf.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\suxbtjf.exe	f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d.exe
File created	C:\PROGRA~3\Mozilla\wkvogyf.dll	suxbtjf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1764	f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d.exe
524	suxbtjf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 472 wrote to memory of 524	472	taskeng.exe	29
PID 472 wrote to memory of 524	472	taskeng.exe	29
PID 472 wrote to memory of 524	472	taskeng.exe	29
PID 472 wrote to memory of 524	472	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d.exe
"C:\Users\Admin\AppData\Local\Temp\f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1764

C:\Windows\system32\taskeng.exe
taskeng.exe {2E15B87D-8B2C-4B82-AD7A-D42F5025D128} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:472
- C:\PROGRA~3\Mozilla\suxbtjf.exe
  C:\PROGRA~3\Mozilla\suxbtjf.exe -wukznwj
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of UnmapMainImage
  PID:524

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
361KB

MD5
a18526aaa9b99505da8990d0869805b6

SHA1
4242455c130e6ac2ec89cd212f36601f1daab496

SHA256
bff5c4b2c17c0dadc8af92ab435752ce0376eacd26fa27b90476a054801749f4

SHA512
2bbd90fdc4a7124192b8fb9c17a0d0dfc3c9216306e1d9e9f8dc90c929be8811123d5344c0b3e7e12f7a3bee4895a6a5335539ee8b00812b35f7a797a8118403

Download Submit
C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
361KB

MD5
a18526aaa9b99505da8990d0869805b6

SHA1
4242455c130e6ac2ec89cd212f36601f1daab496

SHA256
bff5c4b2c17c0dadc8af92ab435752ce0376eacd26fa27b90476a054801749f4

SHA512
2bbd90fdc4a7124192b8fb9c17a0d0dfc3c9216306e1d9e9f8dc90c929be8811123d5344c0b3e7e12f7a3bee4895a6a5335539ee8b00812b35f7a797a8118403

Download Submit
memory/524-63-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/524-64-0x0000000000350000-0x00000000003AB000-memory.dmp

Filesize
364KB

Download
memory/524-65-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1764-54-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download
memory/1764-55-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1764-56-0x0000000001BE0000-0x0000000001C3B000-memory.dmp

Filesize
364KB

Download
memory/1764-57-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1764-58-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download