54e4b1a34e73f1dc1626c77efb037b91b45e936d2dfe5396fda16d2fc7692967

Analysis

max time kernel
122s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 20:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

54e4b1a34e73f1dc1626c77efb037b91b45e936d2dfe5396fda16d2fc7692967.exe
Size

291KB
MD5

425f6468f180b18c60e8f060198a6abb
SHA1

1ad53ecd5ba76d62ab54a87a3f5788c6e6ee878a
SHA256

54e4b1a34e73f1dc1626c77efb037b91b45e936d2dfe5396fda16d2fc7692967
SHA512

df64b7f96c978e167c3f9e28e22d00ab451b725439b4fd6cc85839c374f1f70afa77814a7b143958eeee2af27d2311cf5626dc9026bee11ab5978e87ac7df15f
SSDEEP

6144:IiV3M7tydyE7ztsY4yTr8bjeJwj2EItHp4Pl6yzh0H0xH9V:Iu3URWtsYf8PemjE8h0UxH9V

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
832	nkvxlye.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\mmpvyam.dll	nkvxlye.exe
File created	C:\PROGRA~3\Mozilla\nkvxlye.exe	54e4b1a34e73f1dc1626c77efb037b91b45e936d2dfe5396fda16d2fc7692967.exe

C:\Users\Admin\AppData\Local\Temp\54e4b1a34e73f1dc1626c77efb037b91b45e936d2dfe5396fda16d2fc7692967.exe
"C:\Users\Admin\AppData\Local\Temp\54e4b1a34e73f1dc1626c77efb037b91b45e936d2dfe5396fda16d2fc7692967.exe"
1⤵
- Drops file in Program Files directory
PID:4932

C:\PROGRA~3\Mozilla\nkvxlye.exe
C:\PROGRA~3\Mozilla\nkvxlye.exe -xqialii
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\nkvxlye.exe

Filesize
291KB

MD5
cc982f8293a5b92cb33885b6885114ea

SHA1
999389d181bf47845475f1f5c55145b67549e036

SHA256
9ae87ddb5e53a88457a91bed090b1a887b317db79d1ae2207d4a4f26a526dfd7

SHA512
ce65d48e71bf6ccdad982a803f54a749bc56a236063f2d342d1048df44d17b28cfd34f5adda6fd4252d5746663af9aef5ac7c31820b83bbf957ea15d05a0a88e

Download Submit
C:\ProgramData\Mozilla\nkvxlye.exe

Filesize
291KB

MD5
cc982f8293a5b92cb33885b6885114ea

SHA1
999389d181bf47845475f1f5c55145b67549e036

SHA256
9ae87ddb5e53a88457a91bed090b1a887b317db79d1ae2207d4a4f26a526dfd7

SHA512
ce65d48e71bf6ccdad982a803f54a749bc56a236063f2d342d1048df44d17b28cfd34f5adda6fd4252d5746663af9aef5ac7c31820b83bbf957ea15d05a0a88e

Download Submit
memory/832-137-0x0000000000D60000-0x0000000000DBB000-memory.dmp

Filesize
364KB

Download
memory/832-138-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/832-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4932-132-0x00000000021D0000-0x000000000222B000-memory.dmp

Filesize
364KB

Download
memory/4932-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4932-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download