Overview

overview

8

Static

static

86c54b4aad...52.exe

windows7-x64

8

86c54b4aad...52.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    38s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86c54b4aad53ab7fbc0aadac37189c5607405cb60be5f1f3bfa73e46bd00c752.exe

  • Size

    341KB

  • MD5

    0f57cd960adada72e12dcb678de287c0

  • SHA1

    9fe684203259c338ce0d34e0ec9b82616337d7b9

  • SHA256

    86c54b4aad53ab7fbc0aadac37189c5607405cb60be5f1f3bfa73e46bd00c752

  • SHA512

    84fc9a05972a4b9a2805615a865713207412e72858b5c436240a2203622f6bf964bb2b945240ca650170349af8f9ffc6330358af1187ca111e793904f6c38bd5

  • SSDEEP

    6144:lHEagZcctnCqhPHe7TuXeQOkF7YH62LIHO8OIANZwtvTvrKA:lHEagZccMIPHe7TuXMxH61O8OIs0aA

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86c54b4aad53ab7fbc0aadac37189c5607405cb60be5f1f3bfa73e46bd00c752.exe
    "C:\Users\Admin\AppData\Local\Temp\86c54b4aad53ab7fbc0aadac37189c5607405cb60be5f1f3bfa73e46bd00c752.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2020
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {2A63D31B-6602-4EED-8C4F-0443C88AD2B1} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1016
    • C:\PROGRA~3\Mozilla\jwufxge.exe
      C:\PROGRA~3\Mozilla\jwufxge.exe -kqepohf
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:1076

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jwufxge.exe
    Filesize

    341KB

    MD5

    0b47a557ceb2145c0693be30363e31ee

    SHA1

    d66f05f1bb5db9446e369e78749b964c08bfcc96

    SHA256

    832042c8a756d5a16063a84c4a0b77a57dccebde42377a31f72220866a41a046

    SHA512

    fbbff7c4facbeac97269d4b113f8541b4e2a8b0284e50cc2e23d13bd602934c40f7b7523faf4c30ad011026230925b5c95eccbffd19f8c9572dce460c75ab151

    Download Submit

  • C:\PROGRA~3\Mozilla\jwufxge.exe
    Filesize

    341KB

    MD5

    0b47a557ceb2145c0693be30363e31ee

    SHA1

    d66f05f1bb5db9446e369e78749b964c08bfcc96

    SHA256

    832042c8a756d5a16063a84c4a0b77a57dccebde42377a31f72220866a41a046

    SHA512

    fbbff7c4facbeac97269d4b113f8541b4e2a8b0284e50cc2e23d13bd602934c40f7b7523faf4c30ad011026230925b5c95eccbffd19f8c9572dce460c75ab151

    Download Submit

  • memory/1076-62-0x0000000000290000-0x00000000002EB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1076-63-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1076-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2020-54-0x0000000075451000-0x0000000075453000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2020-55-0x00000000002E0000-0x000000000033B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2020-56-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2020-57-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download