0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59

Analysis

max time kernel
189s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe
Size

346KB
MD5

334830bdb011a8db817049f60da23050
SHA1

37f65866f351aff36f83c1809dcb21ce0a92b2fc
SHA256

0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59
SHA512

34f5d02903508c86951440ed933d8eee9442344aa966b01f128e8a8059dedc60098bf1ccc3927d8cb5388ff8e3967eb80be1ff3da1cf2d93915e9d09b2858a4c
SSDEEP

6144:mtlAjZhXij63XlSsrNtFGh1L7o3SbGqJcVTqV3:RZh463XEsxtFGT7o3Swu

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1340	wlgmldg.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\wlgmldg.exe	0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe
File created	C:\PROGRA~3\Mozilla\fkvcmeb.dll	wlgmldg.exe

C:\Users\Admin\AppData\Local\Temp\0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe
"C:\Users\Admin\AppData\Local\Temp\0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe"
1⤵
- Drops file in Program Files directory
PID:3496

C:\PROGRA~3\Mozilla\wlgmldg.exe
C:\PROGRA~3\Mozilla\wlgmldg.exe -tefqmxb
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1340

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\wlgmldg.exe

Filesize
346KB

MD5
f70eda7168f03868a54dbe1088be7617

SHA1
a619d6906907531fb3ab8f8a4f99c134a6dc6c56

SHA256
d672c567aa592a0b8ada7d31585994c602bd9cd58275c52e8baa8a477698fbc4

SHA512
7118b796cde6b8fba2344b55b71986ef8923fce889b5dd14a6b1abedc86c5b2e6d6d30c4a0e06f80bc3830fda128ba956107e95423cb7281b742825794c207f9

Download Submit
C:\ProgramData\Mozilla\wlgmldg.exe

Filesize
346KB

MD5
f70eda7168f03868a54dbe1088be7617

SHA1
a619d6906907531fb3ab8f8a4f99c134a6dc6c56

SHA256
d672c567aa592a0b8ada7d31585994c602bd9cd58275c52e8baa8a477698fbc4

SHA512
7118b796cde6b8fba2344b55b71986ef8923fce889b5dd14a6b1abedc86c5b2e6d6d30c4a0e06f80bc3830fda128ba956107e95423cb7281b742825794c207f9

Download Submit
memory/1340-139-0x0000000000D40000-0x0000000000D9C000-memory.dmp

Filesize
368KB

Download
memory/1340-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1340-142-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3496-132-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3496-133-0x00000000021E0000-0x000000000223C000-memory.dmp

Filesize
368KB

Download
memory/3496-134-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3496-135-0x00000000021E0000-0x000000000223C000-memory.dmp

Filesize
368KB

Download
memory/3496-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3496-141-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download