b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c

Analysis

max time kernel
93s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 12:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c.exe
Size

428KB
MD5

65569fa26caf76f574bffbfaa7bed1f0
SHA1

2c993848f0db43a6e5c018e882eac7c0f101e310
SHA256

b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c
SHA512

76a40271606dc0429f7914ea0f9ebbf4e05802aff2bdb33f8c947166e1b441e9ecb0e397a3ef78fb9b5cb044d608926be1b8fb974b00fe4e306857c4ae53dc08
SSDEEP

12288:4Ve/v5hGCyB3R20YnzgNJaeD9oBAS2b31V4o0wN6:4VgBi3dY4JX9qM3H8i6

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4952	nkvxlye.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\nkvxlye.exe	b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c.exe
File created	C:\PROGRA~3\Mozilla\mmpvyam.dll	nkvxlye.exe

C:\Users\Admin\AppData\Local\Temp\b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c.exe
"C:\Users\Admin\AppData\Local\Temp\b957d5108eb9683c8ac3792d0ce050223443b641341ef3242238eb403d1e0c0c.exe"
1⤵
- Drops file in Program Files directory
PID:5068

C:\PROGRA~3\Mozilla\nkvxlye.exe
C:\PROGRA~3\Mozilla\nkvxlye.exe -xqialii
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\nkvxlye.exe

Filesize
428KB

MD5
7234c155590ab57e55f0deade9b2f9f8

SHA1
1060c748129c90097a21ef64fc3450a5d5237def

SHA256
389961bf3b1567c1dc94022683122b25243909c1f145d769128173c8fb887b27

SHA512
503fdc28dad9e8d6322cdd8c1df062e52ec6b0e16dbd8ff4eb3be78bd6fc306b001b17b7e6e08e2e0d38f98a1b7bddf5d87bd9dcae685ef3651505252b1c3ec6

Download Submit
C:\ProgramData\Mozilla\nkvxlye.exe

Filesize
428KB

MD5
7234c155590ab57e55f0deade9b2f9f8

SHA1
1060c748129c90097a21ef64fc3450a5d5237def

SHA256
389961bf3b1567c1dc94022683122b25243909c1f145d769128173c8fb887b27

SHA512
503fdc28dad9e8d6322cdd8c1df062e52ec6b0e16dbd8ff4eb3be78bd6fc306b001b17b7e6e08e2e0d38f98a1b7bddf5d87bd9dcae685ef3651505252b1c3ec6

Download Submit
memory/4952-140-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4952-141-0x0000000001050000-0x00000000010AB000-memory.dmp

Filesize
364KB

Download
memory/5068-132-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5068-133-0x00000000006C0000-0x000000000071B000-memory.dmp

Filesize
364KB

Download