8ebf0d8fe7350b534809e82c4553b1c8c7cb2f0fefb1e2f5fb9c9c9407e7c82c

Analysis

max time kernel
94s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ebf0d8fe7350b534809e82c4553b1c8c7cb2f0fefb1e2f5fb9c9c9407e7c82c.exe
Size

539KB
MD5

436cb37fb536ae0440bb4cba66897680
SHA1

06f7ed79f7223e54a10bb1fafc0b904cf564aa78
SHA256

8ebf0d8fe7350b534809e82c4553b1c8c7cb2f0fefb1e2f5fb9c9c9407e7c82c
SHA512

18b494a060de1fb7dfb4a91109f385cc2499c223568b64137e2ad7530869f65787c8247e2de25ea878cc340117fd2f41ca2d3e5dcaf61adec71117c2f153ccf3
SSDEEP

12288:21iSNkjo6dHkM7dTd7g5dtPG6ia5fpJsnBpxKU:21iJRkMBp7Wte6slKU

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1776	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	8ebf0d8fe7350b534809e82c4553b1c8c7cb2f0fefb1e2f5fb9c9c9407e7c82c.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\8ebf0d8fe7350b534809e82c4553b1c8c7cb2f0fefb1e2f5fb9c9c9407e7c82c.exe
"C:\Users\Admin\AppData\Local\Temp\8ebf0d8fe7350b534809e82c4553b1c8c7cb2f0fefb1e2f5fb9c9c9407e7c82c.exe"
1⤵
- Drops file in Program Files directory
PID:2156

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
539KB

MD5
70326681063cefd3ea48fdce1eeb122e

SHA1
753193314888441df4b9c6817a4bb6140d180ea6

SHA256
6dbc161767253a624426d9cd0bde8ff4907bc0235680bfa306a0505b9072e6c2

SHA512
ca262667b28e62bc02d0e5029335be72c7fba020500e4dc0607bb22b1cdd1d48b6564d4ecdbe6e0413be6d7c90e2f6a28033529bbceb33759aba861ce9a5a6d8

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
539KB

MD5
70326681063cefd3ea48fdce1eeb122e

SHA1
753193314888441df4b9c6817a4bb6140d180ea6

SHA256
6dbc161767253a624426d9cd0bde8ff4907bc0235680bfa306a0505b9072e6c2

SHA512
ca262667b28e62bc02d0e5029335be72c7fba020500e4dc0607bb22b1cdd1d48b6564d4ecdbe6e0413be6d7c90e2f6a28033529bbceb33759aba861ce9a5a6d8

Download Submit
memory/1776-138-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1776-139-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2156-132-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2156-133-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download