Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11-05-2024 06:25
Static task
static1
Behavioral task
behavioral1
Sample
fa49a28474c274f7bd3473c41b76ffd1ab52b91c0445da2dc465bb2629ad165f.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
fa49a28474c274f7bd3473c41b76ffd1ab52b91c0445da2dc465bb2629ad165f.exe
Resource
win10v2004-20240508-en
General
-
Target
fa49a28474c274f7bd3473c41b76ffd1ab52b91c0445da2dc465bb2629ad165f.exe
-
Size
194KB
-
MD5
0d757542f5b409862453fd0f8398f339
-
SHA1
3f94aac20eeaa793d83b88a336806d977461c370
-
SHA256
fa49a28474c274f7bd3473c41b76ffd1ab52b91c0445da2dc465bb2629ad165f
-
SHA512
6faed79ab8ee57a5b334f4331f30ed9ea42cfea4d6dc982b395fa6a4a2695e1c13bf75226563c782dd830b7841b393102afba2ecf69bc924d1b92512a7b3082e
-
SSDEEP
3072:4VNgTsDAJJRjO/h3OR9C6YuwbyYD5lzFmf7RELFZhh2D+0caj3kyRACLRTS:4VCJJ8r7uwz5lzFu7Wn9ozQ
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2268 banehvg.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\banehvg.exe fa49a28474c274f7bd3473c41b76ffd1ab52b91c0445da2dc465bb2629ad165f.exe File created C:\PROGRA~3\Mozilla\xwmsnym.dll banehvg.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1736 fa49a28474c274f7bd3473c41b76ffd1ab52b91c0445da2dc465bb2629ad165f.exe 2268 banehvg.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2356 wrote to memory of 2268 2356 taskeng.exe 29 PID 2356 wrote to memory of 2268 2356 taskeng.exe 29 PID 2356 wrote to memory of 2268 2356 taskeng.exe 29 PID 2356 wrote to memory of 2268 2356 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\fa49a28474c274f7bd3473c41b76ffd1ab52b91c0445da2dc465bb2629ad165f.exe"C:\Users\Admin\AppData\Local\Temp\fa49a28474c274f7bd3473c41b76ffd1ab52b91c0445da2dc465bb2629ad165f.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1736
-
C:\Windows\system32\taskeng.exetaskeng.exe {7E978D73-58BA-41C4-BEA3-6089BFA72418} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\PROGRA~3\Mozilla\banehvg.exeC:\PROGRA~3\Mozilla\banehvg.exe -tlnruii2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2268
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
194KB
MD5013b4a885d78f091918c2d097581b85a
SHA12bd609e3549d02dac135d2f4a5e987c148958555
SHA25629298beecb6f0a16a5aa1047a9dce70d78d420017af620769a3a403d81c0ed43
SHA51254651ba6eb7d334ecbc65e47bd133c46a6ea7ac24f92b6e2749c3c6cadb2c9ab1ee20dec22f7e08ad8605ac3864f0919ec649e92abfa8ab3f45d46bdcf6e289b