Overview

overview

8

Static

static

3

95da9850b2...32.exe

windows7-x64

8

95da9850b2...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    240s
  • max time network
    297s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2023, 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95da9850b28e32890dfbd97054554e40_exe32.exe

  • Size

    295KB

  • MD5

    95da9850b28e32890dfbd97054554e40

  • SHA1

    15552c3ee4b723ec75fbcd152f7dbffcb2e04060

  • SHA256

    2ea1af8d0824a90a00350e1d6f2df3d0f8c86e013cddd93d6cd63768ac08339f

  • SHA512

    9a6bf2285cc0063f0beef1ea79e552e0f6dc31aa05b94950369c3c6104b839b74f2e1731b0cde9cc1dc68bd4a01b9ce6bdd9a496668408ea9a56c50ab070fe20

  • SSDEEP

    6144:PBqxbamcAHJ636+chb9YOwImcUZUP6a0I8yj0B8a:5q8AH9+hOwnY6rp4xa

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95da9850b28e32890dfbd97054554e40_exe32.exe
    "C:\Users\Admin\AppData\Local\Temp\95da9850b28e32890dfbd97054554e40_exe32.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2640
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {70C1B205-AD30-4C23-A9EE-6CF0ED005986} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\PROGRA~3\Mozilla\yzgwzlh.exe
      C:\PROGRA~3\Mozilla\yzgwzlh.exe -chuvxnb
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\yzgwzlh.exe
    Filesize

    295KB

    MD5

    a9aa93c2e3981d5f235dbacf3b29dbae

    SHA1

    2d011c037c45b625459479854069e3f308d1082a

    SHA256

    417e4b08fd6f04b31ecf95f9b9953ebc862d69a71c6a85baf1889a66f2a83b30

    SHA512

    02ebb56df774e8ccd895d7f28737c5123f8fb6a9c035e408139b396f223294df59f6637898e8ad32d58e7b91200f470d1f9af1af1fc2f49751d3fb5da34eb3da

    Download Submit

  • C:\PROGRA~3\Mozilla\yzgwzlh.exe
    Filesize

    295KB

    MD5

    a9aa93c2e3981d5f235dbacf3b29dbae

    SHA1

    2d011c037c45b625459479854069e3f308d1082a

    SHA256

    417e4b08fd6f04b31ecf95f9b9953ebc862d69a71c6a85baf1889a66f2a83b30

    SHA512

    02ebb56df774e8ccd895d7f28737c5123f8fb6a9c035e408139b396f223294df59f6637898e8ad32d58e7b91200f470d1f9af1af1fc2f49751d3fb5da34eb3da

    Download Submit

  • memory/2588-13-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2588-14-0x0000000000380000-0x00000000003DB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2640-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2640-1-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2640-7-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download