Overview

overview

10

Static

static

10

4a7791351d...8f.exe

windows7-x64

9

4a7791351d...8f.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a7791351d597338387d751dbe800a8adbc9ecf6c37842b9e324604dd9e3d48f.exe

  • Size

    3.7MB

  • MD5

    0603d95b045b8f2dde176bbb5f0db19b

  • SHA1

    e3cb28e81ed1a50345fa5f8e9cc763ae614e859d

  • SHA256

    4a7791351d597338387d751dbe800a8adbc9ecf6c37842b9e324604dd9e3d48f

  • SHA512

    af62fa46ea2b1ff73f1aafd4060a9fad39a8c784bf6862d92c2db2001dba8be532fc8e94ed723d1f6595bf699831e52caf79c439bf08f6bdaed65e9c06c8590f

  • SSDEEP

    98304:saxhT3TGYWVcAmJx9ulhF10jnBwzykKlZyGm4fea0JGr6IYu9:saxFCY6mJih30jnOzykKlEGm04J0t

Score
9/10
persistence

Malware Config

Signatures

  • Detects executables packed with VMProtect. 5 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a7791351d597338387d751dbe800a8adbc9ecf6c37842b9e324604dd9e3d48f.exe
    "C:\Users\Admin\AppData\Local\Temp\4a7791351d597338387d751dbe800a8adbc9ecf6c37842b9e324604dd9e3d48f.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2240
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {E520C627-3C26-4DCF-8453-10D1A9A02595} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\PROGRA~3\Mozilla\pfwoyhh.exe
      C:\PROGRA~3\Mozilla\pfwoyhh.exe -zhxzcvh
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\pfwoyhh.exe
    Filesize

    3.7MB

    MD5

    8510f1c8cf1d96fe934a70790a569e0a

    SHA1

    d7ffab765fe7dade16b95613db39bbac83934942

    SHA256

    8d547d27bd2406a9a368edecf290da01dfa868dbed9ab0005f3c65506d5ac250

    SHA512

    7ae5bda242790d6da1b848a5e058344997aed39aff05b2ce8bdf6ae22a7315d63d0fe4fe584ca460efd84ee32fad74f9494d95f92a03bdf6d1ed5155e395c276

    Download Submit

  • memory/2240-0-0x0000000000400000-0x00000000009A3000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2240-1-0x0000000000400000-0x00000000009A3000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2240-3-0x00000000009B0000-0x0000000000A0C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2240-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2240-7-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2632-10-0x0000000000400000-0x00000000009A3000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2632-11-0x0000000000400000-0x00000000009A3000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2632-13-0x0000000000A20000-0x0000000000A7C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2632-14-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2632-16-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download