64f5cdfd5a45e0a52689a6a72e8cd4e20f84f2fccafbc219aae4672013e6187b

Analysis

max time kernel
91s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 12:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

64f5cdfd5a45e0a52689a6a72e8cd4e20f84f2fccafbc219aae4672013e6187b.exe
Size

141KB
MD5

936b3e5722f4f4db9533549831d00f80
SHA1

a599675d113496378377b7056c9a1a9e42fd4b78
SHA256

64f5cdfd5a45e0a52689a6a72e8cd4e20f84f2fccafbc219aae4672013e6187b
SHA512

31bdf41f82524d65e44b70968cd7307ffad25a1848aaa04791957a4195e66b3f263bc314a756fe7173731763bfc826503049983448812abd6e2b4ad292cc1eac
SSDEEP

3072:8vlGJJc6bB7vF3McceUnriXHTGnu3vyiX1Xs:8kJc6LdceUrNuRXs

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4692	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	64f5cdfd5a45e0a52689a6a72e8cd4e20f84f2fccafbc219aae4672013e6187b.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\64f5cdfd5a45e0a52689a6a72e8cd4e20f84f2fccafbc219aae4672013e6187b.exe
"C:\Users\Admin\AppData\Local\Temp\64f5cdfd5a45e0a52689a6a72e8cd4e20f84f2fccafbc219aae4672013e6187b.exe"
1⤵
- Drops file in Program Files directory
PID:5044

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4692

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
141KB

MD5
bd927c109df1d4ead1d516b5dca26579

SHA1
5a90f6213e9eb7b5c599460aca535118060a8337

SHA256
ef92308df6eef53a1f9c97f69578e71bbc5f4f832a8b968b01e419f59ad46266

SHA512
e273a6cfdd738dfab42d1a0e501cdbc94a38e399c51c2fbffcfa856396519bcd8bfeaa8a946dc25329453f698d31c96f4d0b3f0bafba9f7f0d1afeacdf11e23a

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
141KB

MD5
bd927c109df1d4ead1d516b5dca26579

SHA1
5a90f6213e9eb7b5c599460aca535118060a8337

SHA256
ef92308df6eef53a1f9c97f69578e71bbc5f4f832a8b968b01e419f59ad46266

SHA512
e273a6cfdd738dfab42d1a0e501cdbc94a38e399c51c2fbffcfa856396519bcd8bfeaa8a946dc25329453f698d31c96f4d0b3f0bafba9f7f0d1afeacdf11e23a

Download Submit
memory/4692-140-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/4692-141-0x0000000000D10000-0x0000000000D6B000-memory.dmp

Filesize
364KB

Download
memory/5044-132-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/5044-133-0x0000000002160000-0x00000000021BB000-memory.dmp

Filesize
364KB

Download