Analysis
-
max time kernel
147s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 07:23
Static task
static1
Behavioral task
behavioral1
Sample
0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
Resource
win10v2004-20231215-en
General
-
Target
0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
-
Size
222KB
-
MD5
0e7ade8c12f0c6ef083d4a452bd7dfb5
-
SHA1
36ff6165bce937232a335ce7d165853c5f239cdf
-
SHA256
e33d33ca9654eb33b767b3d5f2491301fe2b18b3d8fff630dbd140fd7e1f0215
-
SHA512
9cc7eacddc5ae7c046524711937e3c161f9d9e26febd08ddb00ac4678d29b54ebdf623f3825a39822526485f9566c0460ffed25736ab4b3a884adfb2303f6610
-
SSDEEP
6144:SosZZfyqdnCIEfFutYRlUcUJDfNZ+kB/sM:SoKZfyKCIEZacGfNRH
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1992 Mmokoa.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Run\J40NOZ44HU = "C:\\Windows\\Mmokoa.exe" Mmokoa.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Mmokoa.exe 0e7ade8c12f0c6ef083d4a452bd7dfb5.exe File created C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job 0e7ade8c12f0c6ef083d4a452bd7dfb5.exe File opened for modification C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job 0e7ade8c12f0c6ef083d4a452bd7dfb5.exe File created C:\Windows\Mmokoa.exe 0e7ade8c12f0c6ef083d4a452bd7dfb5.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier 0e7ade8c12f0c6ef083d4a452bd7dfb5.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier Mmokoa.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main Mmokoa.exe Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\International Mmokoa.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe 1992 Mmokoa.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1992 Mmokoa.exe 1992 Mmokoa.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2688 wrote to memory of 1992 2688 0e7ade8c12f0c6ef083d4a452bd7dfb5.exe 28 PID 2688 wrote to memory of 1992 2688 0e7ade8c12f0c6ef083d4a452bd7dfb5.exe 28 PID 2688 wrote to memory of 1992 2688 0e7ade8c12f0c6ef083d4a452bd7dfb5.exe 28 PID 2688 wrote to memory of 1992 2688 0e7ade8c12f0c6ef083d4a452bd7dfb5.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\0e7ade8c12f0c6ef083d4a452bd7dfb5.exe"C:\Users\Admin\AppData\Local\Temp\0e7ade8c12f0c6ef083d4a452bd7dfb5.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Windows\Mmokoa.exeC:\Windows\Mmokoa.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1992
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
222KB
MD50e7ade8c12f0c6ef083d4a452bd7dfb5
SHA136ff6165bce937232a335ce7d165853c5f239cdf
SHA256e33d33ca9654eb33b767b3d5f2491301fe2b18b3d8fff630dbd140fd7e1f0215
SHA5129cc7eacddc5ae7c046524711937e3c161f9d9e26febd08ddb00ac4678d29b54ebdf623f3825a39822526485f9566c0460ffed25736ab4b3a884adfb2303f6610
-
Filesize
162KB
MD56cca2363a363df3bfa252c2adbfb6c26
SHA17b818a90a3bd3ce86f94e12b0b93ff4e53da3ce7
SHA256d6f486459e0094c987c5badec44888ae8c6ed412c57ae2288bb5162a4afc65a3
SHA512d4b476aa38af030193f7460c34118afb1995cdb0b2f5c2543a1ccb53b067fbc133d7250fa3e30669be63fb3e83aed70b70b4dd1cb8f1694a3ca4c02d9a44e2ae
-
Filesize
344B
MD585987eb9e39fe17bd746855ed694da2a
SHA17daea96ee0d1ca5357ca6457ad6182aa1a6cf83f
SHA256d0380dd282e256b1d6648997c444dedd55bafd6cee64072914707628d3953e7f
SHA51236295bc3d32c6d9d19818eb282930f6d7ff7cc8113133b5651f0beaf8c95f2fd0d0f128d29cb3b05bc46fa1a4a83179e8318eba37eea122fde736982835faca3