8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09.exe
Size

153KB
MD5

067275a3173b1cd26428f62ac90d8fbf
SHA1

e2d607b453172828d563f9659c79691f2fc64d04
SHA256

8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09
SHA512

706a13b1b2bec43b3c8aed50646a90612be0c0a6a4733763eb9b4c08572c4778e0d89a5e9f9bab194ba98d63e1df641fc6c36a09689c8bffd3de992f84a6945f
SSDEEP

3072:LMftVuhLI/Y34erRHjtWrNf/SQhYFAM5vTK3clMdisNDtI1rmU:t0Y3JdjIrNHFHIOiWDKrmU

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2604	iajbwsg.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\iajbwsg.exe	8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09.exe
File created	C:\PROGRA~3\Mozilla\rnnqqck.dll	iajbwsg.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2604	2492	taskeng.exe	29
PID 2492 wrote to memory of 2604	2492	taskeng.exe	29
PID 2492 wrote to memory of 2604	2492	taskeng.exe	29
PID 2492 wrote to memory of 2604	2492	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09.exe
"C:\Users\Admin\AppData\Local\Temp\8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09.exe"
1⤵
- Drops file in Program Files directory
PID:2176

C:\Windows\system32\taskeng.exe
taskeng.exe {2A0024FB-7473-4709-821D-3E7336653DF9} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\PROGRA~3\Mozilla\iajbwsg.exe
  C:\PROGRA~3\Mozilla\iajbwsg.exe -zqrqjuc
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\iajbwsg.exe

Filesize
153KB

MD5
be8baf6121b07cffe2581c691799ef8a

SHA1
ec1b57653d9ba3ab70b72968276004c31e151d5e

SHA256
211e88ca72f90b6842b106a26227cc7bad3732d86aeb27cfe69d2166fe237455

SHA512
40784f0d5bcdcceb4007b3bd9b63d85ab45655f61b2ef71c7f6ab67572d137706bb0aab5ccb54dbda0fd02a410a39d2aeefdde6a6e0df2ddae835e057119e226

Download Submit
memory/2176-0-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2176-1-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2176-2-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2176-3-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2176-7-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2176-8-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2604-12-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2604-17-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download