f7f434055730468b2d259c9ec079db336f0ef5d2ae38e8cdf98a07873d5a6c48

Analysis

max time kernel
112s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 16:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f7f434055730468b2d259c9ec079db336f0ef5d2ae38e8cdf98a07873d5a6c48.exe
Size

498KB
MD5

8307f11e116d6fa5290f5b92358182e0
SHA1

b3633dbc5a342ec72ee447d5032afbff9255af24
SHA256

f7f434055730468b2d259c9ec079db336f0ef5d2ae38e8cdf98a07873d5a6c48
SHA512

d136215d64b6ea794bc63e31cebda79d15b8e1ca6cbadabb67bdca652905a01adb6ad72021b8f28ab8367784fb3d603257524cf7401392b1670ba8a7b8b6ed1a
SSDEEP

12288:21iSNkjo6dHkM7dTd7g5dtPG6ia5fpJsnr:21iJRkMBp7Wte6sr

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2196	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	f7f434055730468b2d259c9ec079db336f0ef5d2ae38e8cdf98a07873d5a6c48.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\f7f434055730468b2d259c9ec079db336f0ef5d2ae38e8cdf98a07873d5a6c48.exe
"C:\Users\Admin\AppData\Local\Temp\f7f434055730468b2d259c9ec079db336f0ef5d2ae38e8cdf98a07873d5a6c48.exe"
1⤵
- Drops file in Program Files directory
PID:2284

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2196

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
498KB

MD5
1a9da14dc1821a6350fe9af1784e39e8

SHA1
310dd4c2a9ecf13f47dd729c768872364ed14bc1

SHA256
2ea3737a5cb6b0d64b8497b885b68e1f4566d5689ba10ef54460447c2ffc5bf4

SHA512
e855ce0d652a2ecc981996d8fdc1bf5607494c2b7ca88274645dafc630ae20b05fa1f20d07fea2f5b46f485e7fba4d88b039852f0cf12fb5e5d6b203d82df91c

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
498KB

MD5
1a9da14dc1821a6350fe9af1784e39e8

SHA1
310dd4c2a9ecf13f47dd729c768872364ed14bc1

SHA256
2ea3737a5cb6b0d64b8497b885b68e1f4566d5689ba10ef54460447c2ffc5bf4

SHA512
e855ce0d652a2ecc981996d8fdc1bf5607494c2b7ca88274645dafc630ae20b05fa1f20d07fea2f5b46f485e7fba4d88b039852f0cf12fb5e5d6b203d82df91c

Download Submit
memory/2196-138-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2196-139-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2284-132-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2284-133-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download