Overview

overview

8

Static

static

7ab9049182...e6.exe

windows7-x64

8

7ab9049182...e6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    80s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 18:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ab904918245e700001e4f1749a025f0a987353f5a1dd2c8ecc98f8a49aebbe6.exe

  • Size

    295KB

  • MD5

    07f5c6801c27a6a0fcf48f9e2cfa7e68

  • SHA1

    652fa0c2a850007b8e528a115e99cb5ec74da1e5

  • SHA256

    7ab904918245e700001e4f1749a025f0a987353f5a1dd2c8ecc98f8a49aebbe6

  • SHA512

    c5eb2d0ce6e84a3b8b8633634a41d05a199037954d09a2091940c18b1756dc5a7b103e175d4752c844eebdd14d7aeb5f44a585f159d9e89d3134f63adc29cb12

  • SSDEEP

    3072:ZbTGwhOzs6FnYhH7Fr/iIozgq7BPbvALztvZyBAlhDTkPQIbRNx:YzzCLiI/q7livZ3h3kPQ

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ab904918245e700001e4f1749a025f0a987353f5a1dd2c8ecc98f8a49aebbe6.exe
    "C:\Users\Admin\AppData\Local\Temp\7ab904918245e700001e4f1749a025f0a987353f5a1dd2c8ecc98f8a49aebbe6.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:848
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {B7E65110-1BEF-4276-B9CF-168492037858} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\PROGRA~3\Mozilla\jydekdj.exe
      C:\PROGRA~3\Mozilla\jydekdj.exe -vamlaul
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jydekdj.exe
    Filesize

    295KB

    MD5

    fbf82d4d170d88eea9f3f77daadd91bf

    SHA1

    77c701d6b15491beb4f31db1a1272531c4c60845

    SHA256

    d6ec7a2178c152d2fd311cea71cbca2ba5532caeef15fe8fb084915011ab9d0d

    SHA512

    7ce6052331a7bee744131c28ee8549aba5ca9f315d49bdc0a79d7e920d3dbae157ecb85868ba420270916ce8bb9c670fab925e9d6af7c73562953f942b3ef39f

    Download Submit

  • C:\PROGRA~3\Mozilla\jydekdj.exe
    Filesize

    295KB

    MD5

    fbf82d4d170d88eea9f3f77daadd91bf

    SHA1

    77c701d6b15491beb4f31db1a1272531c4c60845

    SHA256

    d6ec7a2178c152d2fd311cea71cbca2ba5532caeef15fe8fb084915011ab9d0d

    SHA512

    7ce6052331a7bee744131c28ee8549aba5ca9f315d49bdc0a79d7e920d3dbae157ecb85868ba420270916ce8bb9c670fab925e9d6af7c73562953f942b3ef39f

    Download Submit

  • memory/776-60-0x0000000000000000-mapping.dmp

    Download

  • memory/776-63-0x00000000003A0000-0x00000000003FB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/776-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/776-65-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/848-54-0x00000000766F1000-0x00000000766F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/848-56-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/848-55-0x0000000000250000-0x00000000002AB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/848-57-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/848-58-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download