Analysis
-
max time kernel
122s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
14-10-2023 17:52
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.40978c68bf13c7eb897ad46bdef79e30.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.40978c68bf13c7eb897ad46bdef79e30.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.40978c68bf13c7eb897ad46bdef79e30.exe
-
Size
139KB
-
MD5
40978c68bf13c7eb897ad46bdef79e30
-
SHA1
0ae94e670ee6ffc890cb240f2dc70f7a800abbd4
-
SHA256
bcd9a6064c539b503fc4d0b6423b93dc46f762784db17f56a0d85673bb15d042
-
SHA512
277266ca43693ce6606edd0ae3a539e09c4e3ab26c60eaf49976e47a31f8d3fdbd927fc5f761edfac9334059cd564ce0c2f4963f007bd2cfc532bbd663bea49a
-
SSDEEP
3072:/taoHTRyhoAScL060gorCr04r1RHrvnTEMRPOyCHklq:0uTaGFgo+LzvYMB3CHklq
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2972 xvqykzi.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\xvqykzi.exe NEAS.40978c68bf13c7eb897ad46bdef79e30.exe File created C:\PROGRA~3\Mozilla\zyfdqqb.dll xvqykzi.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1924 wrote to memory of 2972 1924 taskeng.exe 31 PID 1924 wrote to memory of 2972 1924 taskeng.exe 31 PID 1924 wrote to memory of 2972 1924 taskeng.exe 31 PID 1924 wrote to memory of 2972 1924 taskeng.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.40978c68bf13c7eb897ad46bdef79e30.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.40978c68bf13c7eb897ad46bdef79e30.exe"1⤵
- Drops file in Program Files directory
PID:1208
-
C:\Windows\system32\taskeng.exetaskeng.exe {7B718089-E9F5-4FDF-AE8F-4021F01B4580} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\PROGRA~3\Mozilla\xvqykzi.exeC:\PROGRA~3\Mozilla\xvqykzi.exe -tkarfve2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2972
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
139KB
MD5a54e3113331d62af93e580675f26f762
SHA16b448db25e1ba18d10671c11a48b883619a0bc2d
SHA25611a2e370f73e463dc187c6eb4531e8f7af8aca51162448c81a4b8be156361b56
SHA5124476fa31d849edb2b8797cf88db518bc96392ecdf04007a0ddbcf73c019d670cf81fb2c1f76a38e7e648b7940a97a239a574e0a6169caba7068bf9ae9816ba2e
-
Filesize
139KB
MD5a54e3113331d62af93e580675f26f762
SHA16b448db25e1ba18d10671c11a48b883619a0bc2d
SHA25611a2e370f73e463dc187c6eb4531e8f7af8aca51162448c81a4b8be156361b56
SHA5124476fa31d849edb2b8797cf88db518bc96392ecdf04007a0ddbcf73c019d670cf81fb2c1f76a38e7e648b7940a97a239a574e0a6169caba7068bf9ae9816ba2e