e7436b2d8299561e2603956ff1a1a40f891f417d06fee090405f8490416b68df

Analysis

max time kernel
163s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
07/12/2022, 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7436b2d8299561e2603956ff1a1a40f891f417d06fee090405f8490416b68df.exe
Size

171KB
MD5

b8ee9b78c4ade258a67385d69732ae3d
SHA1

2ae775c66d9bdf78563fd82a054f6eb1a3426aae
SHA256

e7436b2d8299561e2603956ff1a1a40f891f417d06fee090405f8490416b68df
SHA512

534700a5d98c580d4cbc64ad6b942a64987b929e06166df681ca6721a35baac6b6b1bb2e34968d688852b3def74e0ac9d840a11d951674ac6c8a9537d09ad0ca
SSDEEP

3072:3JLkeg9pVM1orjoB+EgZuurc1qVel1/SB85CaHBtx3GOen6cF:5Lo3VMUjD1mwoj/SB85CaHBP9en1

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
772	suxbtjf.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\suxbtjf.exe	e7436b2d8299561e2603956ff1a1a40f891f417d06fee090405f8490416b68df.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
772	suxbtjf.exe
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE
1204	Explorer.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1204	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	772	suxbtjf.exe
Token: SeDebugPrivilege	1204	Explorer.EXE
Token: SeShutdownPrivilege	1204	Explorer.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1948	e7436b2d8299561e2603956ff1a1a40f891f417d06fee090405f8490416b68df.exe
772	suxbtjf.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 772	688	taskeng.exe	29
PID 688 wrote to memory of 772	688	taskeng.exe	29
PID 688 wrote to memory of 772	688	taskeng.exe	29
PID 688 wrote to memory of 772	688	taskeng.exe	29
PID 772 wrote to memory of 1204	772	suxbtjf.exe	18

C:\Users\Admin\AppData\Local\Temp\e7436b2d8299561e2603956ff1a1a40f891f417d06fee090405f8490416b68df.exe
"C:\Users\Admin\AppData\Local\Temp\e7436b2d8299561e2603956ff1a1a40f891f417d06fee090405f8490416b68df.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1948

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1204

C:\Windows\system32\taskeng.exe
taskeng.exe {C05E848A-9A9A-4785-91D8-D3F6DD1E1B99} S-1-5-21-3385717845-2518323428-350143044-1000:SABDUHNY\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:688
- C:\PROGRA~3\Mozilla\suxbtjf.exe
  C:\PROGRA~3\Mozilla\suxbtjf.exe -wukznwj
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
171KB

MD5
cbc97d598b7f365d9226659432d090a6

SHA1
05a3513908a460c350813b46c873e03cdf51bbe7

SHA256
b1acef82f6c2794ba218bfb69ecb62ca56b0d815d5142a3785eb754522c6a702

SHA512
44aa71ffda6432d5d56467dd0e2d90d78ba2adcb7b386ea85fdf9ba90c313f2a53b17f05370a2896e543dd36165422d2932a73e141a076e04f917d71eb16854f

Download Submit
C:\PROGRA~3\Mozilla\suxbtjf.exe

Filesize
171KB

MD5
cbc97d598b7f365d9226659432d090a6

SHA1
05a3513908a460c350813b46c873e03cdf51bbe7

SHA256
b1acef82f6c2794ba218bfb69ecb62ca56b0d815d5142a3785eb754522c6a702

SHA512
44aa71ffda6432d5d56467dd0e2d90d78ba2adcb7b386ea85fdf9ba90c313f2a53b17f05370a2896e543dd36165422d2932a73e141a076e04f917d71eb16854f

Download Submit
memory/772-64-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/772-63-0x0000000001CA0000-0x0000000001CFF000-memory.dmp

Filesize
380KB

Download
memory/772-68-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1204-65-0x00000000025C0000-0x00000000025DC000-memory.dmp

Filesize
112KB

Download
memory/1204-67-0x00000000025C0000-0x00000000025DC000-memory.dmp

Filesize
112KB

Download
memory/1948-57-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1948-58-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1948-56-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1948-55-0x0000000001C20000-0x0000000001C7F000-memory.dmp

Filesize
380KB

Download
memory/1948-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download