Overview

overview

8

Static

static

3

36702d7f7c...20.exe

windows7-x64

8

36702d7f7c...20.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    19-04-2024 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36702d7f7c5e023bce11ac8b446cf65bad75feb967c1ae21f0826b040a73cc20.exe

  • Size

    214KB

  • MD5

    b53f661eb323d623012a1b32c4c63f50

  • SHA1

    10285fb279aae68943aa8427fa0b8f9e0402cb2c

  • SHA256

    36702d7f7c5e023bce11ac8b446cf65bad75feb967c1ae21f0826b040a73cc20

  • SHA512

    b0b4ccb4d3dd429e1b4f986f639f87982a794c068ee70353223f25714cb037a0517464b76ae6c1b1e170f0e6e999f4f20c53bf8b9c006388369bf5f30851daad

  • SSDEEP

    3072:oWG3iCQjJTuIwSHkwoa8gkYjJcA78e2CvOP6ubRzjdpu5bFj:4UJ+woaFBv2qd6lS

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36702d7f7c5e023bce11ac8b446cf65bad75feb967c1ae21f0826b040a73cc20.exe
    "C:\Users\Admin\AppData\Local\Temp\36702d7f7c5e023bce11ac8b446cf65bad75feb967c1ae21f0826b040a73cc20.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2932
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {A1A31560-5452-4EA9-A6CB-2C5B4FD7ED39} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\PROGRA~3\Mozilla\wrvdfyg.exe
      C:\PROGRA~3\Mozilla\wrvdfyg.exe -hzyjzia
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\wrvdfyg.exe
    Filesize

    214KB

    MD5

    11a1c45995ad3aeeda55af9a907f8e75

    SHA1

    77b3cb7f09a44f984151844d4212a84a484de414

    SHA256

    f557358909e80c2406ed249a0d2ce2ab03310bb138e2225873ec1324658d2520

    SHA512

    248219cb5e144fcbb92ff22d4e243fe654beab40af4dcd3f9a47c969d297cde16873561a7424347dd88a51764d6eaef47c337969b563aee7653b2a173b616266

    Download Submit

  • memory/2932-1-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2932-0-0x00000000002A0000-0x00000000002FB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2932-3-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2980-6-0x00000000008A0000-0x00000000008FB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2980-7-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2980-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download