f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242.exe
Size

178KB
MD5

7b4dd70b0019b5d3215eb264ac449e20
SHA1

1dab2decd602a482b936beee6f2768460d8b7351
SHA256

f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242
SHA512

8b51b207c2d91a3d813dbca4a588122541025fd3a083739f71523ecb4c7ffb79cac72872a13e4e2d97e28ca8fa27de078b228e1f4ed8ef4090732f5be470d299
SSDEEP

3072:LchyinW3kt6ncDvnTHR6u1AIxjnw89JnszQcJdXI:pin4kpx6ujxF52dXI

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2184	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242.exe
"C:\Users\Admin\AppData\Local\Temp\f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242.exe"
1⤵
- Drops file in Program Files directory
PID:4636

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
178KB

MD5
db96316cde64c76980e2510ac8601da2

SHA1
088e205b5710be7689e106a0552f1d41ba43a07c

SHA256
413e423f399b3566528e23e3e462be9c39969e31c32e1a64b9de849977514f7f

SHA512
63d1f0d10797433b67fd7bb5b516649cd805b90c3efcf883f8f5fdb72a002fdd070dc7e7cee23ed4c82dde08201c601bbf34fcc39fc639abcb6699813c7533c9

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
178KB

MD5
db96316cde64c76980e2510ac8601da2

SHA1
088e205b5710be7689e106a0552f1d41ba43a07c

SHA256
413e423f399b3566528e23e3e462be9c39969e31c32e1a64b9de849977514f7f

SHA512
63d1f0d10797433b67fd7bb5b516649cd805b90c3efcf883f8f5fdb72a002fdd070dc7e7cee23ed4c82dde08201c601bbf34fcc39fc639abcb6699813c7533c9

Download Submit
memory/2184-137-0x0000000000C90000-0x0000000000CEB000-memory.dmp

Filesize
364KB

Download
memory/2184-138-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2184-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4636-132-0x00000000021E0000-0x000000000223B000-memory.dmp

Filesize
364KB

Download
memory/4636-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4636-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download