395f95494512a488d5e8ecaf289969e3b362a1718ed0cebf47d770053b77c733

Analysis

max time kernel
62s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

395f95494512a488d5e8ecaf289969e3b362a1718ed0cebf47d770053b77c733.exe
Size

137KB
MD5

0dcdf3a89547e850a97aee99bded9be0
SHA1

81b181f33d24a49ac3c33e7b5d8a914c6dc37a6f
SHA256

395f95494512a488d5e8ecaf289969e3b362a1718ed0cebf47d770053b77c733
SHA512

1b6dcfe8ba587bdc576f48d719e3024acf91b61ab35d5f89ade8e2f8f367cc78d22203fc1226f906ae40c7ef733150047623d98edb662a51f5cedcc56606d485
SSDEEP

3072:mcLXTpcvocFIALdm3vL52HBnXTmy5xEKJ9W8NRSZt:FLX1qoEd2v928DHERSZt

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4064	fmzgwvi.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fmzgwvi.exe	395f95494512a488d5e8ecaf289969e3b362a1718ed0cebf47d770053b77c733.exe
File created	C:\PROGRA~3\Mozilla\atdvtif.dll	fmzgwvi.exe

C:\Users\Admin\AppData\Local\Temp\395f95494512a488d5e8ecaf289969e3b362a1718ed0cebf47d770053b77c733.exe
"C:\Users\Admin\AppData\Local\Temp\395f95494512a488d5e8ecaf289969e3b362a1718ed0cebf47d770053b77c733.exe"
1⤵
- Drops file in Program Files directory
PID:1884

C:\PROGRA~3\Mozilla\fmzgwvi.exe
C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4064

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fmzgwvi.exe

Filesize
137KB

MD5
4328a436cd1db4e10aa1138bdcfd284c

SHA1
6f4b57e19a0ebc65c675589944ac73b08effe35e

SHA256
3f5c5dcc77e8e8359e29d62afe63dc623ca406abe8c692b022d0479b4a3dd22d

SHA512
4b3784cba6d15aa8887b97dff32a03ce1f1de734c641e2d146a03e00fda3c9112c1b135acc295bbc3fc79415fbba361250263bb476e3b2f81fc2136464e2072c

Download Submit
C:\ProgramData\Mozilla\fmzgwvi.exe

Filesize
137KB

MD5
4328a436cd1db4e10aa1138bdcfd284c

SHA1
6f4b57e19a0ebc65c675589944ac73b08effe35e

SHA256
3f5c5dcc77e8e8359e29d62afe63dc623ca406abe8c692b022d0479b4a3dd22d

SHA512
4b3784cba6d15aa8887b97dff32a03ce1f1de734c641e2d146a03e00fda3c9112c1b135acc295bbc3fc79415fbba361250263bb476e3b2f81fc2136464e2072c

Download Submit
memory/1884-132-0x00000000020E0000-0x000000000213B000-memory.dmp

Filesize
364KB

Download
memory/4064-139-0x0000000000530000-0x000000000058B000-memory.dmp

Filesize
364KB

Download