438031b33af6171a939b374f7843618c1cbe275254eb96c43a180f5ad65ba439

Analysis

max time kernel
114s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

438031b33af6171a939b374f7843618c1cbe275254eb96c43a180f5ad65ba439.exe
Size

196KB
MD5

a34c4ce6e7c35c0014ac892996d41690
SHA1

57e5e9d131bbf67603b2f855194aad3e46a1d8d7
SHA256

438031b33af6171a939b374f7843618c1cbe275254eb96c43a180f5ad65ba439
SHA512

8b9f5aa0eb5993cc11dd7516a65a30aa7aff1dc5f3b7510234eda8759340f4acb2b6aa8c72e2ee8c258fc539d1da6db5ff1d205ced0ceda17bd8512e5bcbd087
SSDEEP

3072:+eDJHh2QdP8cIltNnTbNf1TTU0cl4UdbI3Cdic1h6qFs3DXwUSxgx:hNwmoNnTd1vqTI3H6h60wDAKx

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1360	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	438031b33af6171a939b374f7843618c1cbe275254eb96c43a180f5ad65ba439.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\438031b33af6171a939b374f7843618c1cbe275254eb96c43a180f5ad65ba439.exe
"C:\Users\Admin\AppData\Local\Temp\438031b33af6171a939b374f7843618c1cbe275254eb96c43a180f5ad65ba439.exe"
1⤵
- Drops file in Program Files directory
PID:4316

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
196KB

MD5
66b44e2b77faf27033cb33f61bf15ddc

SHA1
a6df947217b814de611348cc8b5ff563a82fc177

SHA256
1c255aaf8c5d64ed8de216dc342f757cb125c83eef7f721a1c8a8b4739fb09ad

SHA512
985b90e55386c8be934cc0b66eec9b216cbe3f9bd2c16281941ad8215b78d6af1206802369f62c4ac1324ed0e52ce921470f33f8d98c8fd51646b4d3836d3490

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
196KB

MD5
66b44e2b77faf27033cb33f61bf15ddc

SHA1
a6df947217b814de611348cc8b5ff563a82fc177

SHA256
1c255aaf8c5d64ed8de216dc342f757cb125c83eef7f721a1c8a8b4739fb09ad

SHA512
985b90e55386c8be934cc0b66eec9b216cbe3f9bd2c16281941ad8215b78d6af1206802369f62c4ac1324ed0e52ce921470f33f8d98c8fd51646b4d3836d3490

Download Submit
memory/1360-137-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1360-138-0x0000000000520000-0x000000000057B000-memory.dmp

Filesize
364KB

Download
memory/1360-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4316-132-0x00000000021E0000-0x000000000223B000-memory.dmp

Filesize
364KB

Download
memory/4316-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4316-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download