d10e886d53b71dd48fc31ed6b929b75ad1d3eb21c737c261ce0f1f133eaa9a04

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 21:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d10e886d53b71dd48fc31ed6b929b75ad1d3eb21c737c261ce0f1f133eaa9a04.exe
Size

243KB
MD5

30161a52be12c23cdc656d8f06f128d1
SHA1

7c466c57b78231b7c98dfbb551917eae2fa1f964
SHA256

d10e886d53b71dd48fc31ed6b929b75ad1d3eb21c737c261ce0f1f133eaa9a04
SHA512

d47d3227056a6af7f56874bdcfc6c7b8ad2a53c7f9127ba2ecba0d5ee37dcf82b6749b7a62613f89ab48774bf875a867225e6b33549e42804dcfbf091456333f
SSDEEP

3072:hHk9UjrL5vSfmQcs3/Mp9jKsKKA1PQrVZXAUN1zHXyLlnem+eDlbn:h4UTxSfmQcs3+hKsXGKVZ11ziIm7l7

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
1912	gjsfhjk.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\eurgebe.dll	gjsfhjk.exe
File created	C:\PROGRA~3\Mozilla\gjsfhjk.exe	d10e886d53b71dd48fc31ed6b929b75ad1d3eb21c737c261ce0f1f133eaa9a04.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
360	d10e886d53b71dd48fc31ed6b929b75ad1d3eb21c737c261ce0f1f133eaa9a04.exe
1912	gjsfhjk.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 1912	1512	taskeng.exe	29
PID 1512 wrote to memory of 1912	1512	taskeng.exe	29
PID 1512 wrote to memory of 1912	1512	taskeng.exe	29
PID 1512 wrote to memory of 1912	1512	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\d10e886d53b71dd48fc31ed6b929b75ad1d3eb21c737c261ce0f1f133eaa9a04.exe
"C:\Users\Admin\AppData\Local\Temp\d10e886d53b71dd48fc31ed6b929b75ad1d3eb21c737c261ce0f1f133eaa9a04.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:360

C:\Windows\system32\taskeng.exe
taskeng.exe {9492E525-2B16-4E65-AAD9-2D5B0F235069} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\PROGRA~3\Mozilla\gjsfhjk.exe
  C:\PROGRA~3\Mozilla\gjsfhjk.exe -tuxiydl
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of UnmapMainImage
  PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\gjsfhjk.exe

Filesize
243KB

MD5
0109482e03c3ebee334e069ab1855048

SHA1
0683f9c705f9d06eccaebc0ed1af83be13bb08ba

SHA256
53c3f7f5d577f0d04aae6d2a1621140ad1b0a5b74a6435e6a65514597db367cc

SHA512
5f681d3ccc9adbb6df032fd0cd405579ae77b8b80a1b62b5b9a7668aea3745b481dfb02386a57e9d1879bdf8aecc0388e0843768497d2bdf27934723a65f4c5b

Download Submit
memory/360-1-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/360-0-0x0000000000270000-0x00000000002CB000-memory.dmp

Filesize
364KB

Download
memory/360-3-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1912-6-0x0000000000460000-0x00000000004BB000-memory.dmp

Filesize
364KB

Download
memory/1912-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1912-9-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download