Overview

overview

8

Static

static

3

ca8f9b9bd3...32.exe

windows7-x64

8

ca8f9b9bd3...32.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2024 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca8f9b9bd36906f10a3b358375dee4c877ce2806c0d696c269bda932e7a4e632.exe

  • Size

    314KB

  • MD5

    e001f245442dddb4ffa43ab9dfa7128e

  • SHA1

    746dfbc1ceefd6744fa8ff22a5f371ad10d80ec1

  • SHA256

    ca8f9b9bd36906f10a3b358375dee4c877ce2806c0d696c269bda932e7a4e632

  • SHA512

    ac85d6b8dae10c4232266581942359ffad89459672ba2811a642415a5cdb196c983e8a3af73075be19998a30bd997d7f009d2157187f38ddd36e5923c53a8558

  • SSDEEP

    6144:v4E31UUn9SXHt3zvLq6r9j4E31UUn9SXHt3zvLD:v4i1dn9qtZrx4i1dn9qtj

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca8f9b9bd36906f10a3b358375dee4c877ce2806c0d696c269bda932e7a4e632.exe
    "C:\Users\Admin\AppData\Local\Temp\ca8f9b9bd36906f10a3b358375dee4c877ce2806c0d696c269bda932e7a4e632.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    PID:2388
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {F9D677E8-DC16-4ACB-8EEE-3241B1CAEC77} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\PROGRA~3\Mozilla\vuhvodg.exe
      C:\PROGRA~3\Mozilla\vuhvodg.exe -nwlnhvb
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\vuhvodg.exe
    Filesize

    314KB

    MD5

    603700f0025fe1fcf044e0ecf879e80e

    SHA1

    359052d1527c3e99f32880fbae282439ce900e78

    SHA256

    36d8f4d57b4e580f73e053e1105493da43c59d3813a7c59c170b56b0636514ac

    SHA512

    903a14f906094de68ffefc0a36a7fb42ca4394b09c4c2d53a8cf397d96d54344c844dfcdb5202514ee49c760ccc77020b90d63b9470210672da1897e9083413e

    Download Submit

  • memory/2388-1-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2388-0-0x00000000002F0000-0x000000000034B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2388-3-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2536-6-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2536-7-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2536-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download