e8aaeeed4cd0c54757c0e637312af0e1cbeac91101e08a21cf5d44aab5f4c288

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00ab358cf3bfd4f6ca89272158e7eb87.exe
Size

135KB
MD5

00ab358cf3bfd4f6ca89272158e7eb87
SHA1

a7a5da2bf084a7d6193bdf11c6a286daaac2e67c
SHA256

e8aaeeed4cd0c54757c0e637312af0e1cbeac91101e08a21cf5d44aab5f4c288
SHA512

8d1ac166c06d15e0e4c2acd8b8c5734a1eceed8ee0f1b9c50746f0dddb226a262c27facb2d3b9cd995195f49d6ca51d2d7502a64d0101c11cfc78a9563aff91f
SSDEEP

3072:bgaqjuv8j6h+ZnuA5ErOOzdjY1aS9UXh02gfIbij6jXM:bLiuv8j7ZuA5ErOOze1QXh0jfLw8

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2764	fbgbeyh.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\bflpuaf.dll	fbgbeyh.exe
File created	C:\PROGRA~3\Mozilla\fbgbeyh.exe	00ab358cf3bfd4f6ca89272158e7eb87.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2764	2840	taskeng.exe	29
PID 2840 wrote to memory of 2764	2840	taskeng.exe	29
PID 2840 wrote to memory of 2764	2840	taskeng.exe	29
PID 2840 wrote to memory of 2764	2840	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\00ab358cf3bfd4f6ca89272158e7eb87.exe
"C:\Users\Admin\AppData\Local\Temp\00ab358cf3bfd4f6ca89272158e7eb87.exe"
1⤵
- Drops file in Program Files directory
PID:3024

C:\Windows\system32\taskeng.exe
taskeng.exe {A0DD9B84-40B8-4DC5-AFE7-A33731AF28E9} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\PROGRA~3\Mozilla\fbgbeyh.exe
  C:\PROGRA~3\Mozilla\fbgbeyh.exe -srvmkhi
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fbgbeyh.exe

Filesize
135KB

MD5
f5fb434e4312d8242da5c1959b3ea4ee

SHA1
f6b41bd15f173f6f662171aeaa9b90fb2c0fe27f

SHA256
53e8a117e35754898e760ba25a6d808c38ab8145bfccefb2f10b42ddc8648271

SHA512
f5194c26aceb73e419dad211c45b336e5e7c82394e194a6c37aa369e9134c8644b0d4f1fba857fea1e4ecc15b83dfbfa37f5ab5287d988c27a89b170194c06e3

Download Submit
memory/2764-10-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2764-11-0x0000000000390000-0x00000000003EB000-memory.dmp

Filesize
364KB

Download
memory/2764-17-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3024-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3024-1-0x0000000000250000-0x00000000002AB000-memory.dmp

Filesize
364KB

Download
memory/3024-7-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download