Overview

overview

8

Static

static

3

2a7b026b06...b5.exe

windows7-x64

8

2a7b026b06...b5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 19:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2a7b026b064cf2cd5efdf70f7f94e27b592c0eec4283ab4d6b3651bfb403acb5.exe

  • Size

    299KB

  • MD5

    d69b1e4e284454cd4081cf4886b1ea72

  • SHA1

    f14e2745892161caffab2f0828ed83e444defafd

  • SHA256

    2a7b026b064cf2cd5efdf70f7f94e27b592c0eec4283ab4d6b3651bfb403acb5

  • SHA512

    67bb2166b0010a1a24979da988b385af464065cbf695022102712978b1a8342dfe12bf0fbaaf5e19e8ca0e34583150d3a7b053757c725dc8f237b8378726f07c

  • SSDEEP

    6144:xbF3pSw85DxsoKrlrPE3TtaoybMSeLng4Tl:xB3/YxsoKrlriTpSeLndTl

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a7b026b064cf2cd5efdf70f7f94e27b592c0eec4283ab4d6b3651bfb403acb5.exe
    "C:\Users\Admin\AppData\Local\Temp\2a7b026b064cf2cd5efdf70f7f94e27b592c0eec4283ab4d6b3651bfb403acb5.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:3048
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {37FDB0D5-1724-475F-8E8C-03FBEF8419AE} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\PROGRA~3\Mozilla\gjsfhjk.exe
      C:\PROGRA~3\Mozilla\gjsfhjk.exe -tuxiydl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:1052

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\gjsfhjk.exe
          Filesize

          299KB

          MD5

          01b4e581f1d7b8907fd627b05a0c56dd

          SHA1

          26cd3289fee3e8394fa2fa167c6ada63c7b9aa74

          SHA256

          f9d517f50abf420bf14e96eccad956aa2428a4b5005e221125922448da5b6cce

          SHA512

          d4632ccb48b9f2d7ec06855eb883b62e9a40787b7aed90a9fa56caea8f11b0c6234a1ccbcd95619828fd0debde2b10ffc65e630272b9b82dbc0a609a8362bb78

          Download Submit

        • memory/1052-7-0x0000000000400000-0x0000000000469000-memory.dmp

          Filesize

          420KB

          Download

        • memory/1052-8-0x00000000008D0000-0x000000000092B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1052-9-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1052-11-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3048-0-0x0000000000400000-0x0000000000469000-memory.dmp

          Filesize

          420KB

          Download

        • memory/3048-1-0x00000000002D0000-0x000000000032B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3048-2-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3048-4-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download