5f17b493c8562c4c1d4aef9236958b478412adb668b75ba6c52cff4db7da6aab

Analysis

max time kernel
91s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 01:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5f17b493c8562c4c1d4aef9236958b478412adb668b75ba6c52cff4db7da6aab.exe
Size

317KB
MD5

002bde0d5afb6a8dbb8ef8441497b180
SHA1

ad91f6e70a114b2f5b232deac908fd056a687854
SHA256

5f17b493c8562c4c1d4aef9236958b478412adb668b75ba6c52cff4db7da6aab
SHA512

2808c89ea5010add8dad4cb16f2662952e85c0dc780c95f614a70af2cdf67307fcff6f10e48b504cdc01fc4cddaf632d35c2ef6014955e5dee311b648c89366f
SSDEEP

3072:jANA6IMfSLilGMXEVP79SE8pve/RysNPDuIvT4FBDv1iS2jbxWGqJsyLc:siMF/X479SEAanPSIv0FB5iSbGqJ4

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
560	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	5f17b493c8562c4c1d4aef9236958b478412adb668b75ba6c52cff4db7da6aab.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\5f17b493c8562c4c1d4aef9236958b478412adb668b75ba6c52cff4db7da6aab.exe
"C:\Users\Admin\AppData\Local\Temp\5f17b493c8562c4c1d4aef9236958b478412adb668b75ba6c52cff4db7da6aab.exe"
1⤵
- Drops file in Program Files directory
PID:3916

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
317KB

MD5
036bca9c9cfcf20202b1f2771123c181

SHA1
946df06d5a77191bc20f2cbb8acecfa1cc610c8a

SHA256
ae16c5859ac4214bb7ac1ce4bff35aa785194d7bf046c91c69fa2ff55229aa36

SHA512
98eefefcc140d7ed5955951dab6c4ea9b766ec96664a39b84b240f8e3f7c0185cb27d3e2d118797cf22039648e8b336fda35370c37bf4b9d2aa45b06589e8ed6

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
317KB

MD5
036bca9c9cfcf20202b1f2771123c181

SHA1
946df06d5a77191bc20f2cbb8acecfa1cc610c8a

SHA256
ae16c5859ac4214bb7ac1ce4bff35aa785194d7bf046c91c69fa2ff55229aa36

SHA512
98eefefcc140d7ed5955951dab6c4ea9b766ec96664a39b84b240f8e3f7c0185cb27d3e2d118797cf22039648e8b336fda35370c37bf4b9d2aa45b06589e8ed6

Download Submit
memory/560-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/560-140-0x0000000000D90000-0x0000000000DEC000-memory.dmp

Filesize
368KB

Download
memory/560-141-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/560-142-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3916-132-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3916-133-0x0000000000520000-0x000000000057C000-memory.dmp

Filesize
368KB

Download
memory/3916-134-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3916-137-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3916-138-0x0000000000520000-0x000000000057C000-memory.dmp

Filesize
368KB

Download