155fa636098441cfa5c112c091f939b80a7c62c1355e0053a61fec0ac29f3932

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

155fa636098441cfa5c112c091f939b80a7c62c1355e0053a61fec0ac29f3932.exe
Size

161KB
MD5

5b401eed7ea7f5cfc35c1c874d59c760
SHA1

9ad8977a3f607bf412dbc6e310ea307dc78794ed
SHA256

155fa636098441cfa5c112c091f939b80a7c62c1355e0053a61fec0ac29f3932
SHA512

5029246f11a0b8daf32631ea9329debf7986d2bd8161a6cb2f7b2f69ccbe3c03d2869cd50b57ac1f207a9329ce22066f2d5168ca1cc54a6bd751f2fa8f61dbc0
SSDEEP

3072:ZliwDUWyFcB9fu+JMl2uU82Ws7f9sjboPACTQembG4hY/i1vL:ZldD1Yc7GIBgbzjbfLhRV

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1552	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	155fa636098441cfa5c112c091f939b80a7c62c1355e0053a61fec0ac29f3932.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\155fa636098441cfa5c112c091f939b80a7c62c1355e0053a61fec0ac29f3932.exe
"C:\Users\Admin\AppData\Local\Temp\155fa636098441cfa5c112c091f939b80a7c62c1355e0053a61fec0ac29f3932.exe"
1⤵
- Drops file in Program Files directory
PID:1152

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
161KB

MD5
e50e418d7fce43059a518235134f8c09

SHA1
9f935dfbc5e0d04400d15d9789c4bad83dfcccf2

SHA256
091b5da57c22ee3d5f5103f9f9112d36e30466aeb35d25a92c534815960681b5

SHA512
c6ce57125d32b56d700d9acc62426a82fa148efdfa75bb89af14f8a0a15251bb736db6dd9ca4f6192ad615761dbf347d56251e5fc5b0a3861f7b47f466f5cf33

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
161KB

MD5
e50e418d7fce43059a518235134f8c09

SHA1
9f935dfbc5e0d04400d15d9789c4bad83dfcccf2

SHA256
091b5da57c22ee3d5f5103f9f9112d36e30466aeb35d25a92c534815960681b5

SHA512
c6ce57125d32b56d700d9acc62426a82fa148efdfa75bb89af14f8a0a15251bb736db6dd9ca4f6192ad615761dbf347d56251e5fc5b0a3861f7b47f466f5cf33

Download Submit
memory/1152-132-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1152-133-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1152-134-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1152-139-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1552-140-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1552-141-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1552-142-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1552-145-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download