Overview

overview

8

Static

static

3

103c8782a2...e2.exe

windows7-x64

8

103c8782a2...e2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-04-2024 05:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    103c8782a2a64c3af45a8cfd93e684e2.exe

  • Size

    255KB

  • MD5

    103c8782a2a64c3af45a8cfd93e684e2

  • SHA1

    e652c33d62a9e1bc0cbee4cdd9d2df529dd582a6

  • SHA256

    a6aabd2933686f10a1ebbd7d5713b931c5f7b2ac237d4bb023fa55b4f1309e30

  • SHA512

    f7d3d2fcfb421e74b75b773f1b8e90571420e5533eddbd2cbe3983cc555377d5c9a2ec6fffb3f0c3e2009678460d9cbc19cb3ce19ef55ff4fed691e084d7c28c

  • SSDEEP

    6144:ET1/g8+JxNc/VPGHgoyOAqsQ70RAJBAwUrOrh0IRuO:olMNuVPGDyOAqw+TAFqvX

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\103c8782a2a64c3af45a8cfd93e684e2.exe
    "C:\Users\Admin\AppData\Local\Temp\103c8782a2a64c3af45a8cfd93e684e2.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2020
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {701E6F6A-9E2D-4412-B04C-AF911B066D35} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\PROGRA~3\Mozilla\iajbwsg.exe
      C:\PROGRA~3\Mozilla\iajbwsg.exe -zqrqjuc
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\iajbwsg.exe
    Filesize

    255KB

    MD5

    5fdc1fd3dbcc5eded2ceb38b188c90dd

    SHA1

    0738a4f866921c3ae636185640c0021ebbc875e3

    SHA256

    1e15dbe8c76d1c4d046fa49d9475f9e5b244672cba6d84bb491769d9e977e002

    SHA512

    ed387900e39fff6bc284176bf2e6132de9fd46cc3d1797680c8af5f4d9b8bedd7470958360880ae81ce112865029396ee01ede75c0702d3f52ace7b53b2a0887

    Download Submit

  • memory/2020-0-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2020-1-0x0000000001D00000-0x0000000001D5B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2020-7-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2024-10-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2024-11-0x00000000003A0000-0x00000000003FB000-memory.dmp

    Filesize

    364KB

    Download