Overview

overview

8

Static

static

3

0a4b50e51c...67.exe

windows7-x64

8

0a4b50e51c...67.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a4b50e51c633dd177821bb8662c8b76de8fc0d5d9b50846b1ac3fd1e749c467.exe

  • Size

    278KB

  • MD5

    3c90c04e5d8039132797b8ff2cc5ba4e

  • SHA1

    f7a8279383da93729efe498a5c4a840ebee396c3

  • SHA256

    0a4b50e51c633dd177821bb8662c8b76de8fc0d5d9b50846b1ac3fd1e749c467

  • SHA512

    962dc3edc31e0c219fae7f39af460bcb3d6c85af1bdf75bf0a7912ba951e7ba9a2d5d8df8baa095cf5caae77496467b312c16e463d196f7ed79d2dc252ea4f2c

  • SSDEEP

    6144:jn5V/TLgOnNvGFWz3SW9Wv1ZwjKIzyQb01RTcM:H/vgavGFWz3SMu4jpfbNM

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a4b50e51c633dd177821bb8662c8b76de8fc0d5d9b50846b1ac3fd1e749c467.exe
    "C:\Users\Admin\AppData\Local\Temp\0a4b50e51c633dd177821bb8662c8b76de8fc0d5d9b50846b1ac3fd1e749c467.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2252
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {F66C5EBB-AAE7-4D0F-8E7A-1E54FEF482AC} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\PROGRA~3\Mozilla\gjsfhjk.exe
      C:\PROGRA~3\Mozilla\gjsfhjk.exe -tuxiydl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\gjsfhjk.exe
    Filesize

    278KB

    MD5

    004da5ba8d1f0fe733423370eb21845a

    SHA1

    6eda3a2e6821f014bf6a1fbb86493626863038fe

    SHA256

    ee464826bbb9151546c4eb7411595d5269587540e6c18f088a20aadce8ddfdd7

    SHA512

    bbcd4899bc68604c0b754f6f47904009f4c17abe14e94bdb8e8a76603f2874c2aefdfa670ae42cd64f8993e39a9214c7f38bb055b6333af7e74b4adc7478ffed

    Download Submit

  • memory/2252-0-0x0000000000401000-0x0000000000405000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2252-1-0x0000000000430000-0x000000000048B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2252-7-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2252-8-0x0000000000401000-0x0000000000405000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2688-11-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2688-12-0x0000000000800000-0x000000000085B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2688-18-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download