749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4

Analysis

max time kernel
56s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe
Size

936KB
MD5

042d8ef1ade21c43d1006727dd404c50
SHA1

d6042778d75156db157f6ca9df82236c2ec5effe
SHA256

749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4
SHA512

9eb93194f123619749f5fa2643a54291b6f76d98f47037b643a45a5859aa886284cad87d898a1420487892ed0a1ed8dc6b6d86bc358f1fbb75db1f12e87c8633
SSDEEP

12288:CDJM/bXntAh+nhZoqQEHvVIzJPz//DdvdYkNQX1NYtFX0jPDl5pudl1lnNRybMYY:Cd6atqLHNk5TdvKX1NYtFXOMNwQ4/8X

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
472	suxbtjf.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\suxbtjf.exe	749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe
File created	C:\PROGRA~3\Mozilla\wkvogyf.dll	suxbtjf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 472	1092	taskeng.exe	29
PID 1092 wrote to memory of 472	1092	taskeng.exe	29
PID 1092 wrote to memory of 472	1092	taskeng.exe	29
PID 1092 wrote to memory of 472	1092	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe
"C:\Users\Admin\AppData\Local\Temp\749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe"
1⤵
- Drops file in Program Files directory
PID:1380

C:\Windows\system32\taskeng.exe
taskeng.exe {2CB390E2-725B-45EA-B04E-E3D665B52092} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\PROGRA~3\Mozilla\suxbtjf.exe
  C:\PROGRA~3\Mozilla\suxbtjf.exe -wukznwj
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
936KB

MD5
d6281d4652bb3a35003dee7d0a999b7b

SHA1
6f692a56437514b56adc1762e8a884245ad99e7a

SHA256
6422aca623dd9070d295fe9353ceb0b5b7d4cc4e9a15264a3d43cd0dbcd41702

SHA512
f76c33c6b41c8cf7249a6ff1d8a6fdc7e5d91d4a930c38de9bdb4a30169bc358e8084347303cd4e67e2e61bad2f3db66b5aaefdd50bdbe6481e94dcce713dfcf

Download Submit
C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
936KB

MD5
d6281d4652bb3a35003dee7d0a999b7b

SHA1
6f692a56437514b56adc1762e8a884245ad99e7a

SHA256
6422aca623dd9070d295fe9353ceb0b5b7d4cc4e9a15264a3d43cd0dbcd41702

SHA512
f76c33c6b41c8cf7249a6ff1d8a6fdc7e5d91d4a930c38de9bdb4a30169bc358e8084347303cd4e67e2e61bad2f3db66b5aaefdd50bdbe6481e94dcce713dfcf

Download Submit
memory/472-64-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/472-66-0x0000000000350000-0x00000000003AB000-memory.dmp

Filesize
364KB

Download
memory/1380-54-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1380-55-0x00000000764C1000-0x00000000764C3000-memory.dmp

Filesize
8KB

Download
memory/1380-58-0x000000000043A000-0x000000000047D000-memory.dmp

Filesize
268KB

Download
memory/1380-59-0x0000000000430000-0x000000000048B000-memory.dmp

Filesize
364KB

Download