Overview

overview

8

Static

static

3

54599f21bf...1b.exe

windows7-x64

8

54599f21bf...1b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54599f21bf07a9a69e092e0ae8076fe7b684bbcea69a879b70eb26513bb2fb1b.exe

  • Size

    163KB

  • MD5

    fe3b91771e63f93253f6c590d4a5f065

  • SHA1

    6a74979c9b271cef0a89428d96bac5079ba09a93

  • SHA256

    54599f21bf07a9a69e092e0ae8076fe7b684bbcea69a879b70eb26513bb2fb1b

  • SHA512

    fa9c57db90973f90f2eb1f10e683e28bf2fa761c3c40f5ca507cf13a67a39003fafe7f751bfe257f27ad68d4dd7901628ee9c1544aea31248ee44f0f0905932b

  • SSDEEP

    3072:mnWjfso0f5z9f57jr07r3g4zEhiOzl0LEnFvUf4FnWRYCGisH/rsqEb:mnCp0f5z77jIdMlzl0L0dUf2WRNMfAq+

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54599f21bf07a9a69e092e0ae8076fe7b684bbcea69a879b70eb26513bb2fb1b.exe
    "C:\Users\Admin\AppData\Local\Temp\54599f21bf07a9a69e092e0ae8076fe7b684bbcea69a879b70eb26513bb2fb1b.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2944
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {1922D1A1-C084-4BA4-8A6A-F1CC8149F1DC} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\PROGRA~3\Mozilla\mgbxiii.exe
      C:\PROGRA~3\Mozilla\mgbxiii.exe -ccvrhxi
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\mgbxiii.exe
    Filesize

    163KB

    MD5

    6c1cd23b5302251683e6faa0ab784c49

    SHA1

    4a3e4dcdf2f8f387ea8ca5abf8619ea1e80f2101

    SHA256

    096be6cf9a57561918dc7584119ef07c578567384a3c372ab1b7905fdc457d2b

    SHA512

    10c5ac2231279d5a19892376fa9f6c9825aeda5edc73f2b6f72268b076072a3238a23ca428db927f09a167fb28f76505888f0235322e1a70424330f10adebb1a

    Download Submit

  • memory/2548-10-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2548-11-0x00000000003A0000-0x00000000003FB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2944-0-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2944-1-0x0000000000430000-0x000000000048B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2944-7-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download