4a1f3e5fabe7bf7565a7140b0533e54dca813011ab8b9d919c228c669a88dadf

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45aeef82f3d09d56ce652983453fac61.exe
Size

145KB
MD5

45aeef82f3d09d56ce652983453fac61
SHA1

8d50dc7f6a16868977b81dfc9655f9a6446ef0b9
SHA256

4a1f3e5fabe7bf7565a7140b0533e54dca813011ab8b9d919c228c669a88dadf
SHA512

d56dd71882aece36575b389408505a6648985084ba935345404d29731431b1c2851f22a2edc7b112c9ad5a29469d2a4f9f448c588149153b1665d7b534821093
SSDEEP

3072:ywoo1becnWzsDLidFY6/otFJEd/jCxRZaLWHLrMOrFIunsJFl3J3:yjo0m/LO+6SFmdbCxR0CHLrrrFIunY3t

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2496	gjsfhjk.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\eurgebe.dll	gjsfhjk.exe
File created	C:\PROGRA~3\Mozilla\gjsfhjk.exe	45aeef82f3d09d56ce652983453fac61.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2496	2528	taskeng.exe	29
PID 2528 wrote to memory of 2496	2528	taskeng.exe	29
PID 2528 wrote to memory of 2496	2528	taskeng.exe	29
PID 2528 wrote to memory of 2496	2528	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\45aeef82f3d09d56ce652983453fac61.exe
"C:\Users\Admin\AppData\Local\Temp\45aeef82f3d09d56ce652983453fac61.exe"
1⤵
- Drops file in Program Files directory
PID:2164

C:\Windows\system32\taskeng.exe
taskeng.exe {4C64C986-ED2B-4EA0-A4F5-1834C5ECBF30} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\PROGRA~3\Mozilla\gjsfhjk.exe
  C:\PROGRA~3\Mozilla\gjsfhjk.exe -tuxiydl
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\gjsfhjk.exe

Filesize
145KB

MD5
1ad66f0fa5b13b800f7d54fd3cc9f3dc

SHA1
b36535f2fc0e118b4e7352b01c7d859074f15913

SHA256
6d8ec536f8f32173e6b02c95fcff1f91076c4d2aaa4171741541624149d671c6

SHA512
2671f5dfd9cd031fda2ade849085f2728e2a0e9257ec337523676fd914318fff33ae31a3a556475d26da14bf05791f7dd8c7209bb1ef65574ac0f5c819a3056f

Download Submit
memory/2164-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2164-1-0x0000000000C90000-0x0000000000CEB000-memory.dmp

Filesize
364KB

Download
memory/2164-7-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2496-10-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2496-11-0x00000000002C0000-0x000000000031B000-memory.dmp

Filesize
364KB

Download
memory/2496-17-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download