6644071ffa5cb116ddd79a633d34c7e6d5cf9eacd09b62509663a5257e333c21

Analysis

max time kernel
92s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6644071ffa5cb116ddd79a633d34c7e6d5cf9eacd09b62509663a5257e333c21.exe
Size

136KB
MD5

9056c1942f1ed9a80fe1f1a39da09d90
SHA1

e54941af62967c7618577fe080b04c32f808bf50
SHA256

6644071ffa5cb116ddd79a633d34c7e6d5cf9eacd09b62509663a5257e333c21
SHA512

1b2eff258bb0f6e416b3e37b2f34fde4fe5ff4ba7fcffd97543cec3397c81b119607269fc24d2aeebcdd7f4e5a7390c107715d53e6fa08cece1fe45554466ebf
SSDEEP

3072:pZ3sQnKWE58kSL5BybtSarantYanMFxmQOOgVw1c8oNAEEn:z3sQf4SHybt35XFxHOVw7oeE0

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1956	nkvxlye.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\nkvxlye.exe	6644071ffa5cb116ddd79a633d34c7e6d5cf9eacd09b62509663a5257e333c21.exe
File created	C:\PROGRA~3\Mozilla\mmpvyam.dll	nkvxlye.exe

C:\Users\Admin\AppData\Local\Temp\6644071ffa5cb116ddd79a633d34c7e6d5cf9eacd09b62509663a5257e333c21.exe
"C:\Users\Admin\AppData\Local\Temp\6644071ffa5cb116ddd79a633d34c7e6d5cf9eacd09b62509663a5257e333c21.exe"
1⤵
- Drops file in Program Files directory
PID:4992

C:\PROGRA~3\Mozilla\nkvxlye.exe
C:\PROGRA~3\Mozilla\nkvxlye.exe -xqialii
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1956

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\nkvxlye.exe

Filesize
136KB

MD5
3fe37a85444c1c30e6520b79c64e10cb

SHA1
6d6d8cc10c4ea0d212207c738b7b01453cc927af

SHA256
8c8fe183e1bfc4c80114b1be42be27e53a0911599d31f0163f41b9b682b91736

SHA512
48371b63f7b4cf70968a711dfe9067cb832126d64777edbd728568a258b128844bcfc8b4948d78b158a3bb4fa34db41fe37b5f97ed3c928c712c7de36f2dfea0

Download Submit
C:\ProgramData\Mozilla\nkvxlye.exe

Filesize
136KB

MD5
3fe37a85444c1c30e6520b79c64e10cb

SHA1
6d6d8cc10c4ea0d212207c738b7b01453cc927af

SHA256
8c8fe183e1bfc4c80114b1be42be27e53a0911599d31f0163f41b9b682b91736

SHA512
48371b63f7b4cf70968a711dfe9067cb832126d64777edbd728568a258b128844bcfc8b4948d78b158a3bb4fa34db41fe37b5f97ed3c928c712c7de36f2dfea0

Download Submit
memory/1956-138-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/4992-132-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/4992-133-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download