a7f6d045d1a78e7bb56ab8e5691c871985fd114ef10cfcb8e95f07c7936a5e95

Analysis

max time kernel
64s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7f6d045d1a78e7bb56ab8e5691c871985fd114ef10cfcb8e95f07c7936a5e95.exe
Size

200KB
MD5

7945743f3d02c4b1e3a3af2465590b10
SHA1

f15984509b5904ad705ac868970a1feafb95bbdd
SHA256

a7f6d045d1a78e7bb56ab8e5691c871985fd114ef10cfcb8e95f07c7936a5e95
SHA512

ffa3980d78554c2b26ced244dc2573de74ffcec2645cd010cafe13f35aa165212a07f92e6f68bcb5cf39d4a36b8ffdd5cd4e3d1091ade4e8d3a9e477d1e8d9c8
SSDEEP

3072:+eDJHh2QdP8cIltNnTbNf1TTU0cl4UdbI3Cdic1h6qFs3DXwUSxgBR:hNwmoNnTd1vqTI3H6h60wDAKBR

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5032	nkvxlye.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\nkvxlye.exe	a7f6d045d1a78e7bb56ab8e5691c871985fd114ef10cfcb8e95f07c7936a5e95.exe
File created	C:\PROGRA~3\Mozilla\mmpvyam.dll	nkvxlye.exe

C:\Users\Admin\AppData\Local\Temp\a7f6d045d1a78e7bb56ab8e5691c871985fd114ef10cfcb8e95f07c7936a5e95.exe
"C:\Users\Admin\AppData\Local\Temp\a7f6d045d1a78e7bb56ab8e5691c871985fd114ef10cfcb8e95f07c7936a5e95.exe"
1⤵
- Drops file in Program Files directory
PID:4848

C:\PROGRA~3\Mozilla\nkvxlye.exe
C:\PROGRA~3\Mozilla\nkvxlye.exe -xqialii
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\nkvxlye.exe

Filesize
200KB

MD5
8f77f99e3d9cd8f098b0dcdecd1bbda1

SHA1
1720bd264e2b217a74cb94f7a5ac9cdd7d8924ef

SHA256
61010a4a9f5760a0df8836c052ab7dd25226a7069f4670d392b1622c99bbe6db

SHA512
e6dfad985beea4d4f1f9788e4d7ed567f90be1e117da73cf1f74c41d81d012aed3510c1c28ac5134131ebd9abc7fcb9e3ebd26878c374e6f4a3cf62eebd9d4ad

Download Submit
C:\ProgramData\Mozilla\nkvxlye.exe

Filesize
200KB

MD5
8f77f99e3d9cd8f098b0dcdecd1bbda1

SHA1
1720bd264e2b217a74cb94f7a5ac9cdd7d8924ef

SHA256
61010a4a9f5760a0df8836c052ab7dd25226a7069f4670d392b1622c99bbe6db

SHA512
e6dfad985beea4d4f1f9788e4d7ed567f90be1e117da73cf1f74c41d81d012aed3510c1c28ac5134131ebd9abc7fcb9e3ebd26878c374e6f4a3cf62eebd9d4ad

Download Submit
memory/4848-132-0x0000000000740000-0x000000000079B000-memory.dmp

Filesize
364KB

Download
memory/4848-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4848-136-0x0000000000740000-0x000000000079B000-memory.dmp

Filesize
364KB

Download
memory/4848-137-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5032-138-0x00000000005B0000-0x000000000060B000-memory.dmp

Filesize
364KB

Download
memory/5032-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5032-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download