Overview

overview

10

Static

static

10

Job Interv...nt.dll

windows7-x64

1

Job Interv...nt.dll

windows10-2004-x64

1

Job Interv...ew.exe

windows7-x64

7

Job Interv...ew.exe

windows10-2004-x64

7

Job Interv...rm.dll

windows7-x64

6

Job Interv...rm.dll

windows10-2004-x64

6

Job Interv...gs.dll

windows7-x64

1

Job Interv...gs.dll

windows10-2004-x64

6

Job Interv...al.exe

windows7-x64

9

Job Interv...al.exe

windows10-2004-x64

9

Job Interv...40.dll

windows7-x64

3

Job Interv...40.dll

windows10-2004-x64

3

Job Interv...32.dll

windows7-x64

1

Job Interv...32.dll

windows10-2004-x64

6

Job Interv...40.dll

windows7-x64

3

Job Interv...40.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-02-2024 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Job Interview/Interview.exe

  • Size

    582KB

  • MD5

    ce1054d542dbd999401236f2ce20f826

  • SHA1

    df07ed235ee93f44f4f0e4dd73f0e8af068a7791

  • SHA256

    81716b54cb34ef6d6938c042e30c847742dcffeb8ed4e67268387fed040b9315

  • SHA512

    efe21b9393084e098b9e3baafcd7467e25d764b70a8f34d071de9c4f3e8f1ead3974c9fe3d98152eb16dbd17e7f6bed985939d6b305441cec4ac548284c9716b

  • SSDEEP

    12288:x1ziebuYdvx24mGeamdda+W2JyaslYC1JL9PcSCfB:x1mohzmHamuCJyasaCVP6fB

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Job Interview\Interview.exe
    "C:\Users\Admin\AppData\Local\Temp\Job Interview\Interview.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\cache\logger\FileCoAuth.exe
      "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\cache\logger\FileCoAuth.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1944
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3548 --field-trial-handle=2264,i,7010714054498059916,1862725710331979271,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3888

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\cache\logger\FileCoAuth.exe
      Filesize

      582KB

      MD5

      ce1054d542dbd999401236f2ce20f826

      SHA1

      df07ed235ee93f44f4f0e4dd73f0e8af068a7791

      SHA256

      81716b54cb34ef6d6938c042e30c847742dcffeb8ed4e67268387fed040b9315

      SHA512

      efe21b9393084e098b9e3baafcd7467e25d764b70a8f34d071de9c4f3e8f1ead3974c9fe3d98152eb16dbd17e7f6bed985939d6b305441cec4ac548284c9716b

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\cache\logger\LoggingPlatform.DLL
      Filesize

      450KB

      MD5

      b54858b7357303dbd5582ea44abeeab8

      SHA1

      f3ba1d65f855d61dce13efbc42ce60ca8548a49c

      SHA256

      cc912e37802cd5c128c19949d4529e7d48266d67dd7b6dfedfd9c493d94cbe64

      SHA512

      b364ee1019e215c10030834cca4ca6436568e6ef25d2bee877b908bbf68f7c004559ff5317275b17c2f221c0daedbf50e11ec1bfe29c96cb61389cba75bb2295

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\cache\logger\UpdateRingSettings.dll
      Filesize

      377KB

      MD5

      9f950504d5ea22c6f1ee20f7c2ed3b7b

      SHA1

      5090de783322847e6395567e7449fc4200b054a5

      SHA256

      37253093d3c8ed1d56b3a50f31f8944888ff38b714097637c5372a0ad19c337b

      SHA512

      ae80c7778304140d4476d42f6ef4439c61c2ec4ff42958007b93418a53908fb516544c57e1db99b7a6d79ae501f49c46f6636d8f967b033e744feb33879e0734

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\cache\logger\VCRUNTIME140.dll
      Filesize

      77KB

      MD5

      f686e2331a83d20798cfc2734729e531

      SHA1

      c7e6398f5a735039baabf22712c5a8aee5a945e1

      SHA256

      535f74f446a1b7b53da24a742d02369cbcc609003a6b4a8175491aa71c5481b4

      SHA512

      30ea339ec845dbc9aa7b323ed25e516cb04f3e17789cd28f54646c82395f0b42eb4a5d4d4aa06c4d39b9602c37590b31ca5c0bfa22a514a73ec45e39c0d8e31a

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\cache\logger\msvcp140.dll
      Filesize

      438KB

      MD5

      a1b3963e1766c5266d94b171a4595cee

      SHA1

      9283a813774f2e310997ba08bca9ec96282a85d1

      SHA256

      0f5aeae55bf6d7b37e5582ec60bbdb93bf24adf648f9fa342cdba1b0a754e403

      SHA512

      ef0a3cb33902eb0dd3d80b688f5e23b4192ebafb131b30c56f27221412daf72b40c3e17670ec1ca8209775369f93bf66a3a75ae5acff45e629e732464d3972b8

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\cache\logger\secur32.dll
      Filesize

      147KB

      MD5

      05fcace605b525f1bece1813bb18a56c

      SHA1

      a3218432f34aaeabe253d07efab27bb7fff2061c

      SHA256

      720afa3e1216a9eb68b66858d50de0326f52afa279ef9ee0521aee98b312382f

      SHA512

      bcce1ea35ec0422895d7ed1ca9139ab7f695b101c2667e596dfb8d5488f695a9171df674ab2e9c8dd66f4b620fd1853caf8f4f3123acaf81a1a714b583bb009d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\DeviceHealthSummaryConfiguration.ini
      Filesize

      77B

      MD5

      7c2e2a669bca89c3306cca7ea1762146

      SHA1

      16fc643249bfc74a7fb04e5d0ec399aa535d3f67

      SHA256

      08f8f0f714c37ece0cac7736bd4119949f874e786623edd12112bf2ca70765ac

      SHA512

      d95f33efcca3e13e50bae87ce4e1a7891d7bfd3656bb3fee2f14529cb61f513590d0d395c8691471387707774aad3af77c8c7e39c4dda0b689210dc5c6d6f980

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\telemetry-dll-ramp-value.txt
      Filesize

      10B

      MD5

      9dce95ff107bc042fd5779428639ee61

      SHA1

      f11fa1b440d6fdd103d4332aad93fc6e72662309

      SHA256

      76ac2a4c5c88e8778320680074cb6bae74517e663cb744ff82d2a7d164a73b86

      SHA512

      c28f6bb241168cba3a9a8b4b6a5a97a35af087d167835677d4b1bca2efdc290226888df923f9148f8c69b4fb592a7b39f369d8f3d3a7d0afb11519c023e1097b

      Download Submit