479fa26de93db373245a32df72d989934973c8563e79a3d1124b88f971f3a397

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

479fa26de93db373245a32df72d989934973c8563e79a3d1124b88f971f3a397.exe
Size

181KB
MD5

818b62040e19b4ddff375f6200a7c580
SHA1

23040576c767076e3ca2ff1fab93cce4caf4bad3
SHA256

479fa26de93db373245a32df72d989934973c8563e79a3d1124b88f971f3a397
SHA512

83cbdbd3f30913fd1a81d35816ef7be23f8553cf42c84f32112abde82caead69012cd76397d79635932cdf0326513b07522584899bdf2802b3273a6eb5f7c434
SSDEEP

3072:pidj6ShhYRa3SXjF/HvD9hQU7OCyIjAYxRwmdPkmkWt+3t97SVKmHkAJbbvAKclo:pEjpvYc3YJ/HvD9hTKCyI7TwmdMlL99e

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4424	nkvxlye.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\mmpvyam.dll	nkvxlye.exe
File created	C:\PROGRA~3\Mozilla\nkvxlye.exe	479fa26de93db373245a32df72d989934973c8563e79a3d1124b88f971f3a397.exe

C:\Users\Admin\AppData\Local\Temp\479fa26de93db373245a32df72d989934973c8563e79a3d1124b88f971f3a397.exe
"C:\Users\Admin\AppData\Local\Temp\479fa26de93db373245a32df72d989934973c8563e79a3d1124b88f971f3a397.exe"
1⤵
- Drops file in Program Files directory
PID:1044

C:\PROGRA~3\Mozilla\nkvxlye.exe
C:\PROGRA~3\Mozilla\nkvxlye.exe -xqialii
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4424

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\nkvxlye.exe

Filesize
181KB

MD5
8803a156afbda546041aa343b8d54882

SHA1
b2b17b454b1b6c38c460814f9b9f7ed3e5656b24

SHA256
de7dca35e43ad9c297c5efac07a8cf82c775a8f9dd74a5aab2bd8302e3ad29f0

SHA512
fffc2b841036eeb2ddf9a237b88ab7114d5d6796514b34e6d3b047bccd304d92175f427d5fc1ec31ae727a790e9f8349d5507c2061c9106fc74d41b68ff732a5

Download Submit
C:\ProgramData\Mozilla\nkvxlye.exe

Filesize
181KB

MD5
8803a156afbda546041aa343b8d54882

SHA1
b2b17b454b1b6c38c460814f9b9f7ed3e5656b24

SHA256
de7dca35e43ad9c297c5efac07a8cf82c775a8f9dd74a5aab2bd8302e3ad29f0

SHA512
fffc2b841036eeb2ddf9a237b88ab7114d5d6796514b34e6d3b047bccd304d92175f427d5fc1ec31ae727a790e9f8349d5507c2061c9106fc74d41b68ff732a5

Download Submit
memory/1044-132-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1044-133-0x00000000025C0000-0x000000000261B000-memory.dmp

Filesize
364KB

Download
memory/4424-140-0x0000000000180000-0x00000000001DB000-memory.dmp

Filesize
364KB

Download
memory/4424-145-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download