Overview

overview

8

Static

static

3

79c78878bd...63.exe

windows7-x64

8

79c78878bd...63.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-04-2024 22:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79c78878bdd25f8318bfa7f89f653477cd0fcbfd302f5bf11b29b47871bc0a63.exe

  • Size

    148KB

  • MD5

    8aa0872076420c08de19c58dff6c03f9

  • SHA1

    9ed9030fe4e9d0420d5cd7d0a4acb7db71cbfda9

  • SHA256

    79c78878bdd25f8318bfa7f89f653477cd0fcbfd302f5bf11b29b47871bc0a63

  • SHA512

    4b1ad5edc7b45951328f7297754fb37e03a2adbd34e143ef8836bd1d7d8807f13949f1e2c0713156647ff3aeb8de517f573331006610e4d2c20a8d5a5ccea78b

  • SSDEEP

    3072:CDUp8yetaIBOvnMqllHQmkKtaY/JB/KMu0oS2rOaQn3OOXluZLq290LAP/0y+nMx:CDJVazMKV31FdaQvXluxqU+A/0y+nMI6

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79c78878bdd25f8318bfa7f89f653477cd0fcbfd302f5bf11b29b47871bc0a63.exe
    "C:\Users\Admin\AppData\Local\Temp\79c78878bdd25f8318bfa7f89f653477cd0fcbfd302f5bf11b29b47871bc0a63.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2312
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {8C650D15-5BEE-4964-AD28-FCF54807A2AE} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\PROGRA~3\Mozilla\ujnwrxk.exe
      C:\PROGRA~3\Mozilla\ujnwrxk.exe -eagoxym
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2256

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\ujnwrxk.exe
    Filesize

    148KB

    MD5

    1ec990cdde44e5e9802811f9e082441d

    SHA1

    1022634cb18248083c7b19c16ec99a124ab0ea38

    SHA256

    470ebf03e5fe653e953fd6dee099abd1fe8c7ee0227faad2ecb7ee553336300d

    SHA512

    32ed5872831ea229c7bee86c8008f83b8e34523b5c89df624f59090113a1bd953f7a24a0694d0aa5545330eb0ad17017dd8156b5fce5e268a64f206bf73d15f1

    Download Submit

  • memory/2256-10-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2256-11-0x0000000000320000-0x000000000037B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2256-17-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2312-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2312-1-0x00000000002B0000-0x000000000030B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2312-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download