57b22936f5d5118b64eae02f3ea30a529191d22f758fdf3c4778b9d4b638d0b3

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 13:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

57b22936f5d5118b64eae02f3ea30a529191d22f758fdf3c4778b9d4b638d0b3.exe
Size

211KB
MD5

6633470641ee1dff41fdc42cef797980
SHA1

3c231f66c7ebcc39a0dc09ddea1b00c3df07788b
SHA256

57b22936f5d5118b64eae02f3ea30a529191d22f758fdf3c4778b9d4b638d0b3
SHA512

a443e8eedc42f155c8b21dbe79a206a48ec71f1adffcba84698c03ceacd5332645cbe7049aa9e88dc47954dac451e2577b4108155d500ee3a61ea53dbfc76fd1
SSDEEP

3072:kiSp4183Sf3/pFq35ddwltSLFbHP5CSbs9L1qu/Ptm3Jqyd/4XKf:+4/QLtHP5bY9RqSs3JqyiXKf

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1812	nkvxlye.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\mmpvyam.dll	nkvxlye.exe
File created	C:\PROGRA~3\Mozilla\nkvxlye.exe	57b22936f5d5118b64eae02f3ea30a529191d22f758fdf3c4778b9d4b638d0b3.exe

C:\Users\Admin\AppData\Local\Temp\57b22936f5d5118b64eae02f3ea30a529191d22f758fdf3c4778b9d4b638d0b3.exe
"C:\Users\Admin\AppData\Local\Temp\57b22936f5d5118b64eae02f3ea30a529191d22f758fdf3c4778b9d4b638d0b3.exe"
1⤵
- Drops file in Program Files directory
PID:4936

C:\PROGRA~3\Mozilla\nkvxlye.exe
C:\PROGRA~3\Mozilla\nkvxlye.exe -xqialii
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1812

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\nkvxlye.exe

Filesize
211KB

MD5
f8e526634ee386ab299e904406b9b437

SHA1
5e002a0f018eb19f017c95281469a62ce6ac4f63

SHA256
7e5f4e839795fa01175d5e9d87ab93c126d5b6c6db587f9b0ed45f825fd4e7b3

SHA512
3c5c60e93562d327ac2954fe76c0053450e54d6e537066e5d2fb858083c1c2166bfdc29516c8b99d0f02a833f3142353b7ac1add9aa9b9fad3ac794423947e73

Download Submit
C:\ProgramData\Mozilla\nkvxlye.exe

Filesize
211KB

MD5
f8e526634ee386ab299e904406b9b437

SHA1
5e002a0f018eb19f017c95281469a62ce6ac4f63

SHA256
7e5f4e839795fa01175d5e9d87ab93c126d5b6c6db587f9b0ed45f825fd4e7b3

SHA512
3c5c60e93562d327ac2954fe76c0053450e54d6e537066e5d2fb858083c1c2166bfdc29516c8b99d0f02a833f3142353b7ac1add9aa9b9fad3ac794423947e73

Download Submit
memory/1812-138-0x0000000000D80000-0x0000000000DDB000-memory.dmp

Filesize
364KB

Download
memory/1812-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1812-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4936-132-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4936-133-0x0000000002220000-0x000000000227B000-memory.dmp

Filesize
364KB

Download
memory/4936-134-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4936-137-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download