22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73

Analysis

max time kernel
112s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73.exe
Size

211KB
MD5

69195b26668fda69e91402ff1be7ca20
SHA1

7ec9a3b8b9a45a4d15c038dc673f8381a7e186cf
SHA256

22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73
SHA512

43a6ae316c09fd6eddab6fc146d49d3e30fabc477dedae075d8503d27c38fa5f447b7f0b26c28708c49538eced8fff47bc213127a62d1c0c8f0053d7b1c82388
SSDEEP

3072:+c/1zMIQ+Q7VLRCYpzPUGmw3ag4afH+q6f15TGzhK1/zmKb:HMf+GVJzPX3ag4+HoLTGzIFmKb

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1604	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73.exe
"C:\Users\Admin\AppData\Local\Temp\22dfc353270415cef03388ad14ae5b1c63d3fa58a77e30473dc65e54733ecf73.exe"
1⤵
- Drops file in Program Files directory
PID:1648

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1604

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
211KB

MD5
bdf57604c4e8c187b8f4c80096c74a14

SHA1
e8e7aed7c441c20fcc567461517f51698488b588

SHA256
0038f77ed4455ef88e799b88b36435ea5f3ca497d21d586cbbc9083c98a3d571

SHA512
704d15467ec48ce7463d3645b4628ca1dc6fc5af14cca67c1686d23a9d26e1af3283c65e1dea000a2a35cd39f32211339f93deec1d0d5a15684b55bd5000fe8e

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
211KB

MD5
bdf57604c4e8c187b8f4c80096c74a14

SHA1
e8e7aed7c441c20fcc567461517f51698488b588

SHA256
0038f77ed4455ef88e799b88b36435ea5f3ca497d21d586cbbc9083c98a3d571

SHA512
704d15467ec48ce7463d3645b4628ca1dc6fc5af14cca67c1686d23a9d26e1af3283c65e1dea000a2a35cd39f32211339f93deec1d0d5a15684b55bd5000fe8e

Download Submit
memory/1604-137-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1604-138-0x00000000006F0000-0x000000000074B000-memory.dmp

Filesize
364KB

Download
memory/1604-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1648-132-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1648-133-0x00000000021D0000-0x000000000222B000-memory.dmp

Filesize
364KB

Download
memory/1648-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download