8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935

Analysis

max time kernel
151s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 01:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935.exe
Size

274KB
MD5

1e2ea698c40a70c1b35447ea545fbca0
SHA1

b3720067216f01299f8cfff2dd692319d2223e7e
SHA256

8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935
SHA512

81673f0fc6f842ecde8dc41366b7acf077660412fa73179ef6f7e237bea82f485314677585c25df577a67e91a90ddf7ad5bc84bfa72a1f875c402ef8692273c9
SSDEEP

3072:aIJ8MJJ/pqo6Xjy1wXesId9H8gVQO+5/c2ddLM6hMLIokjwrhpcSvMrq5kUL2iZ+:t5XMoi2wO+FdddLM6njNSqmdOasnqIN

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1700	wlgmldg.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\wlgmldg.exe	8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935.exe
File created	C:\PROGRA~3\Mozilla\fkvcmeb.dll	wlgmldg.exe

C:\Users\Admin\AppData\Local\Temp\8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935.exe
"C:\Users\Admin\AppData\Local\Temp\8b960e0acfd2fa7a0d3a5f309a9ccb24c93f2f171c126cc48498583b03b94935.exe"
1⤵
- Drops file in Program Files directory
PID:3912

C:\PROGRA~3\Mozilla\wlgmldg.exe
C:\PROGRA~3\Mozilla\wlgmldg.exe -tefqmxb
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\wlgmldg.exe

Filesize
274KB

MD5
49f88fc27aec5702696729da51051a46

SHA1
667415c9020772d9d61a16d8c0b7d2ab5c2a95d0

SHA256
be4c352faf488e8eef759e8e5f09ce1aabe1358c85e8ee74f46bb9c09067ebb1

SHA512
4a74d4efa0811fec15b76e7b1770f3c4c6a8d72d93c8dbbc2f59a70640f50394afad1b66786b513a28b6a8c2bdabbd510fbd1691cf81cf83533a617ff1e2f86d

Download Submit
C:\ProgramData\Mozilla\wlgmldg.exe

Filesize
274KB

MD5
49f88fc27aec5702696729da51051a46

SHA1
667415c9020772d9d61a16d8c0b7d2ab5c2a95d0

SHA256
be4c352faf488e8eef759e8e5f09ce1aabe1358c85e8ee74f46bb9c09067ebb1

SHA512
4a74d4efa0811fec15b76e7b1770f3c4c6a8d72d93c8dbbc2f59a70640f50394afad1b66786b513a28b6a8c2bdabbd510fbd1691cf81cf83533a617ff1e2f86d

Download Submit
memory/1700-138-0x0000000000D40000-0x0000000000D9B000-memory.dmp

Filesize
364KB

Download
memory/1700-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1700-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3912-132-0x00000000005F0000-0x000000000064B000-memory.dmp

Filesize
364KB

Download
memory/3912-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3912-134-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3912-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download