Overview

overview

8

Static

static

3

20b4a7836e...38.exe

windows7-x64

8

20b4a7836e...38.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 18:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    20b4a7836ef3fb6d50dc468838d121fbaa1372b4627d5ecca4ab2e6e2300ce38.exe

  • Size

    235KB

  • MD5

    263f1451d06ff3005ee452357bc775f8

  • SHA1

    00f6dd1335fdf260a34d39d88871c1ad2edebbd1

  • SHA256

    20b4a7836ef3fb6d50dc468838d121fbaa1372b4627d5ecca4ab2e6e2300ce38

  • SHA512

    2ebfe594be10caf6072cfc126e9ac788c91eabc5e7d7f9246d970d2c6cb411242f558891b3cee88d69ac09f622db9ff30c93d3005234f16141ff238e8e55b59a

  • SSDEEP

    3072:aJOcumc7+5DHhH0qjuIWvJ2XVYxVJ/PWiud3uWHWABIippBIbLk5:cOCcq3BjunvJ2lYjJ/PWiuvBRppB0k5

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20b4a7836ef3fb6d50dc468838d121fbaa1372b4627d5ecca4ab2e6e2300ce38.exe
    "C:\Users\Admin\AppData\Local\Temp\20b4a7836ef3fb6d50dc468838d121fbaa1372b4627d5ecca4ab2e6e2300ce38.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4008
  • C:\PROGRA~3\Mozilla\qhdqeom.exe
    C:\PROGRA~3\Mozilla\qhdqeom.exe -tgbfvga
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:3016

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\qhdqeom.exe
          Filesize

          235KB

          MD5

          320e6f88a2a74cab420ce5fa7c9292d5

          SHA1

          cee6b26bb0e9e9d4723d3cb43c1d8783b865c77e

          SHA256

          63ead29f529eeae2e5ece376a0bf327d90ca391efcb15da0c89969fae61c37bc

          SHA512

          5a84f72bc96fe6877ccd941b1523163994941473a676a2124c6c260a61c36e7d6a7d94e9541704bff9e9879c18b517056976cd0b4592134bb9733935fd9f75c7

          Download Submit

        • memory/3016-9-0x0000000000D60000-0x0000000000DBB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3016-10-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3016-12-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3016-14-0x0000000000D60000-0x0000000000DBB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/4008-0-0x0000000000400000-0x000000000045E000-memory.dmp

          Filesize

          376KB

          Download

        • memory/4008-1-0x00000000021E0000-0x000000000223B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/4008-2-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/4008-6-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/4008-8-0x00000000021E0000-0x000000000223B000-memory.dmp

          Filesize

          364KB

          Download