Overview

overview

8

Static

static

3

cc5870e7e4...0N.exe

windows7-x64

8

cc5870e7e4...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 06:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cc5870e7e49d0c28d2ba13c3b2919950N.exe

  • Size

    276KB

  • MD5

    cc5870e7e49d0c28d2ba13c3b2919950

  • SHA1

    af11da1445161134934b63b773781bd28e674fe7

  • SHA256

    3e432d21e97ec643840d10e318d68b0fa44874f7b8378da0b1b579ca86504c42

  • SHA512

    2b91c374f02b029ab76327e49a4bdd804d02ac2b41930aaab9b1a429effefb8037ce62cbe0ff562e20a92fd601206c4916f8009fb12f84041f8e85e44b542020

  • SSDEEP

    6144:5ST/k0YujFn2CfBoZG3gLm5WelllPJ7ImcN:AsxujcCfOBoDN9Im6

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc5870e7e49d0c28d2ba13c3b2919950N.exe
    "C:\Users\Admin\AppData\Local\Temp\cc5870e7e49d0c28d2ba13c3b2919950N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    PID:1820
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {54BA3576-C608-4B3F-8CE5-3A23D51C8A4D} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\PROGRA~3\Mozilla\ivkvwya.exe
      C:\PROGRA~3\Mozilla\ivkvwya.exe -flefszf
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:1452

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\ivkvwya.exe
          Filesize

          276KB

          MD5

          82a2c40a98fc9b9769515223394d3251

          SHA1

          450b2c137d49b3f0e81f34b913a36e6ea49fa5ed

          SHA256

          a3f2e79d1b29756889d813f413f2f2c4ecd49cbcb2dd9611736bf025fdd45513

          SHA512

          66d1d3d85eff4f97cb652741bb3268fd778b53a2bee9f6250b14aa1d7ab7c00c6648f6b7d4c6b70567388e53b684a625e0f3a7db811acc4e3438fb40225d249e

          Download Submit

        • memory/1452-8-0x0000000000400000-0x0000000000461000-memory.dmp

          Filesize

          388KB

          Download

        • memory/1452-9-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1452-11-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1820-0-0x0000000000400000-0x0000000000461000-memory.dmp

          Filesize

          388KB

          Download

        • memory/1820-1-0x0000000000340000-0x000000000039B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1820-2-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1820-5-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download