ce5051699ddbe80a27f7e822346961fe97fa1df3b914eb1fd6c6ded442b5aab8

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce5051699ddbe80a27f7e822346961fe97fa1df3b914eb1fd6c6ded442b5aab8.exe
Size

151KB
MD5

90e8c2c1de4c4c5d0a277c52f59ee750
SHA1

6373a208f4a3d70b5186d990482e6feb7d01e3d5
SHA256

ce5051699ddbe80a27f7e822346961fe97fa1df3b914eb1fd6c6ded442b5aab8
SHA512

7033e7ccee9db4c853407c811c227539e8c69cda4f6999229bb23559b4a890b2cc49c6c8609382cfa342cb138e6326ab558e6f96a58648abcc708c68ff58de20
SSDEEP

3072:ZVMfMIbIaw3J9U/X41GxGn2+BC3K5eqU+BC3K5eqYroGidM7obu:kfMmMeo1Gx7K70K7

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1072	nkvxlye.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\nkvxlye.exe	ce5051699ddbe80a27f7e822346961fe97fa1df3b914eb1fd6c6ded442b5aab8.exe
File created	C:\PROGRA~3\Mozilla\mmpvyam.dll	nkvxlye.exe

C:\Users\Admin\AppData\Local\Temp\ce5051699ddbe80a27f7e822346961fe97fa1df3b914eb1fd6c6ded442b5aab8.exe
"C:\Users\Admin\AppData\Local\Temp\ce5051699ddbe80a27f7e822346961fe97fa1df3b914eb1fd6c6ded442b5aab8.exe"
1⤵
- Drops file in Program Files directory
PID:1216

C:\PROGRA~3\Mozilla\nkvxlye.exe
C:\PROGRA~3\Mozilla\nkvxlye.exe -xqialii
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1072

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\nkvxlye.exe

Filesize
151KB

MD5
24ec716f4b6afe99ccc0b4d660c86d34

SHA1
787aff9921456fd38c3d9baf0eca6890eab14d4e

SHA256
3c749a76540ccfaa1601c7e3c84fecdaba72becc99ce0e3e733bf009e580161c

SHA512
3a1425a09818a067de91fbcfc281f5f4800f947ac264012118181245c3cfe5c6af6d2888406767e385149411db6a86e13588407a613ebae18713249b78bfd9ae

Download Submit
C:\ProgramData\Mozilla\nkvxlye.exe

Filesize
151KB

MD5
24ec716f4b6afe99ccc0b4d660c86d34

SHA1
787aff9921456fd38c3d9baf0eca6890eab14d4e

SHA256
3c749a76540ccfaa1601c7e3c84fecdaba72becc99ce0e3e733bf009e580161c

SHA512
3a1425a09818a067de91fbcfc281f5f4800f947ac264012118181245c3cfe5c6af6d2888406767e385149411db6a86e13588407a613ebae18713249b78bfd9ae

Download Submit