aaf675086e288e4cc30671b09f2ed55528973aeaab20b2bfaa76c2221c1475bb

Analysis

max time kernel
61s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aaf675086e288e4cc30671b09f2ed55528973aeaab20b2bfaa76c2221c1475bb.exe
Size

288KB
MD5

ae060ada06fb3276e195648089cff82d
SHA1

fa5cf9dbfba4c6037e8b49c30fcacd2a2e607a81
SHA256

aaf675086e288e4cc30671b09f2ed55528973aeaab20b2bfaa76c2221c1475bb
SHA512

386f9532d1b87f7d79144a263ebd7b7d2a7da64f33397a3dfb913602c6c53ab535ac955ee3b5003b244e58f8a164395a94317b8a12f49f3ecbae486081de9e93
SSDEEP

6144:bLiuv8j7ZuA5ErOOze1QXh0jfLwhkLX3fgZXVK7iRT:Hi1x55UIEhlCXvkXVg8T

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
452	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	aaf675086e288e4cc30671b09f2ed55528973aeaab20b2bfaa76c2221c1475bb.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\aaf675086e288e4cc30671b09f2ed55528973aeaab20b2bfaa76c2221c1475bb.exe
"C:\Users\Admin\AppData\Local\Temp\aaf675086e288e4cc30671b09f2ed55528973aeaab20b2bfaa76c2221c1475bb.exe"
1⤵
- Drops file in Program Files directory
PID:3248

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:452

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
288KB

MD5
16cd46a9fc6a0539b08cb3d3a127aad4

SHA1
85a8b006d472ad057596bd0453837bd5e6eb5d82

SHA256
eecf946309bb6c9341ab1985944112257010f38284349c2058a5afd9bc6306c6

SHA512
463c134b300063f86e4328c1caa98845d96e011bfcac3b54a810508c310f1ab84267db3567d79fc4da7a98a1ca6c39a036d862a817f1b7d9e4022ebcb017e308

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
288KB

MD5
16cd46a9fc6a0539b08cb3d3a127aad4

SHA1
85a8b006d472ad057596bd0453837bd5e6eb5d82

SHA256
eecf946309bb6c9341ab1985944112257010f38284349c2058a5afd9bc6306c6

SHA512
463c134b300063f86e4328c1caa98845d96e011bfcac3b54a810508c310f1ab84267db3567d79fc4da7a98a1ca6c39a036d862a817f1b7d9e4022ebcb017e308

Download Submit
memory/452-140-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/452-141-0x0000000000720000-0x000000000077B000-memory.dmp

Filesize
364KB

Download
memory/3248-132-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3248-133-0x0000000002190000-0x00000000021EB000-memory.dmp

Filesize
364KB

Download