60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9

Analysis

max time kernel
73s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
Size

168KB
MD5

554e65fc297fb631094fbbc15be61730
SHA1

8e9d910c321d588b72daaaf801b4c37101ca270c
SHA256

60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9
SHA512

2a840df37f7b25257320b26d3cb4570c66c33b30384959616f4c9effcefce66dbbc3c1486704d04e5218e05335714c0f0667d9ebb389cbfeb69dcd19f06b25ff
SSDEEP

3072:Q1uis3Hb+Q5Xq8+5zQWFDsJrmVyzACeJwi72jlQpBW/RsFPPtuui/g20NdyPOB:y0bR1+5kWFQBYAcJDpo6FPPt6g2Bi

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4256	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
"C:\Users\Admin\AppData\Local\Temp\60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe"
1⤵
- Drops file in Program Files directory
PID:3608

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4256

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
168KB

MD5
768cb4c0b636659ba30e1af0050ba657

SHA1
71e9cf3bc2ed71aa578c99650f8ff78e06f889b4

SHA256
300a972a2acfa09eb5280c5af7a790888db587728416ad2505a900bf41b7f9cd

SHA512
4cf283aa9b20465467816e62d947bece41a591c91ade73d49b7321aeae3ac31be3d0af799fb7622d1038aa938ca131e5c65b5580d4df147d98409ad7b6f92d83

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
168KB

MD5
768cb4c0b636659ba30e1af0050ba657

SHA1
71e9cf3bc2ed71aa578c99650f8ff78e06f889b4

SHA256
300a972a2acfa09eb5280c5af7a790888db587728416ad2505a900bf41b7f9cd

SHA512
4cf283aa9b20465467816e62d947bece41a591c91ade73d49b7321aeae3ac31be3d0af799fb7622d1038aa938ca131e5c65b5580d4df147d98409ad7b6f92d83

Download Submit
memory/3608-132-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/3608-133-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4256-138-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4256-139-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download