Overview

overview

8

Static

static

3

0a9f595779...02.exe

windows7-x64

8

0a9f595779...02.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 01:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0a9f5957795a4fc262c7c94616a9c402.exe

  • Size

    201KB

  • MD5

    0a9f5957795a4fc262c7c94616a9c402

  • SHA1

    8c826f7c5f7a42267a32e739943f6f56b6ef790a

  • SHA256

    a07b007e5d8b779a892bd7e61155ae66ddc8c0f79928d4138dbceaa573fb28dc

  • SHA512

    34730da8743acbb4faa24c80074adef428ae344cba90b1f58f49c79558fa96311edbf23a87dcd885367f30d1b00962fe0ded747c7a0155d655500ad48f1bedcb

  • SSDEEP

    3072:Bih0fMFfugUVg+/to3AbyaTzEfKi9Rv2PNpWJJpO3+KwIZxoUVVZWKbLqvTbI:0h0fUWgUVBWwWOErvEeof5ZzVeKPaTbI

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a9f5957795a4fc262c7c94616a9c402.exe
    "C:\Users\Admin\AppData\Local\Temp\0a9f5957795a4fc262c7c94616a9c402.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2220
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {3BCB17AD-43A2-4C59-A68B-CA0F6732E61D} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\PROGRA~3\Mozilla\gzwkojn.exe
      C:\PROGRA~3\Mozilla\gzwkojn.exe -mboiwvk
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2412

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\gzwkojn.exe
          Filesize

          4KB

          MD5

          96495207362441d9118cd4e31aa148c6

          SHA1

          d4cad4a042ebe31d868190fa621f0469c852498a

          SHA256

          1d9b784e3a97ba62a8bafd61c1efb88e4d3f8aa0f0934419c910a55414ebbda2

          SHA512

          42e76c3d8fad85ae53fb1c87e7ec55cb64544615f20fb5e223d243a40263c08ce20def162ada783cff7ee4ad4f0bc74fb5587aec8e3ead334640d5fb726fa6e8

          Download Submit

        • C:\PROGRA~3\Mozilla\gzwkojn.exe
          Filesize

          8KB

          MD5

          054efb5cf98e36d2956a45bef243ca60

          SHA1

          41b629a6d236d54d316940906e5c36348ff6a88c

          SHA256

          f5a1f698b85b023ab99f8a258621d87fa7a12d061a515e933e0ebc4f17ca2dc0

          SHA512

          8f2ca54888b2ab748bb3dc50612e9f56d3438d0745820ffe84f04b21556548197dec2d2e8d1cbdfdf7aa246279db5e97c68b332e5d73dea001d441eacf333b20

          Download Submit

        • memory/2220-0-0x0000000000460000-0x00000000004BB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2220-1-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2220-3-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2412-7-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2412-6-0x00000000009A0000-0x00000000009FB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2412-9-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download