02a82916c418c2e6d2fa598544a1733e671066e62fa26acf10b779a2c83dd722

Analysis

max time kernel
298s
max time network
340s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 06:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

02a82916c418c2e6d2fa598544a1733e671066e62fa26acf10b779a2c83dd722.exe
Size

247KB
MD5

4e80921180a1d29db54bc5b3f773c750
SHA1

8db71c5f52da4ff3713a8495e0247a54e180fa96
SHA256

02a82916c418c2e6d2fa598544a1733e671066e62fa26acf10b779a2c83dd722
SHA512

6d7bc1016924d4857122950ddf87cef9620150309e94ae6af2135f4bfdf6b059c019d400ba41b99f872153fabba9a8db466c63eeeb7a621299c276803595b90d
SSDEEP

3072:CzjAuUfkkPk4vHu6np87RlFcmKgHMtyzK3i2hTO8eUu5J98WCNYMK6RsjFys4j:IVU/O6e77FGgHbK3iRUu5BwXRsA7

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4904	eggislc.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\eggislc.exe	02a82916c418c2e6d2fa598544a1733e671066e62fa26acf10b779a2c83dd722.exe
File created	C:\PROGRA~3\Mozilla\zhikoui.dll	eggislc.exe

C:\Users\Admin\AppData\Local\Temp\02a82916c418c2e6d2fa598544a1733e671066e62fa26acf10b779a2c83dd722.exe
"C:\Users\Admin\AppData\Local\Temp\02a82916c418c2e6d2fa598544a1733e671066e62fa26acf10b779a2c83dd722.exe"
1⤵
- Drops file in Program Files directory
PID:652

C:\PROGRA~3\Mozilla\eggislc.exe
C:\PROGRA~3\Mozilla\eggislc.exe -voxrjvd
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\eggislc.exe

Filesize
247KB

MD5
4f50e4e910f3f3d4fad38acc773198c6

SHA1
30275389eb5a3863c87f7152850f6610089473c9

SHA256
0d1a172ffc5aaf59b1c6177d442fdad73bdec7e3be3d3a162f012e145c6d1127

SHA512
bfa5d49920e6b3ddf04dfbb3c1d9ad2afb48f379962c50f46e181deff46fd217a0f7ee02c6964dc2d7e94c22bdca6fa6b178e5113b044260b5c099c8af64ff40

Download Submit
C:\ProgramData\Mozilla\eggislc.exe

Filesize
247KB

MD5
4f50e4e910f3f3d4fad38acc773198c6

SHA1
30275389eb5a3863c87f7152850f6610089473c9

SHA256
0d1a172ffc5aaf59b1c6177d442fdad73bdec7e3be3d3a162f012e145c6d1127

SHA512
bfa5d49920e6b3ddf04dfbb3c1d9ad2afb48f379962c50f46e181deff46fd217a0f7ee02c6964dc2d7e94c22bdca6fa6b178e5113b044260b5c099c8af64ff40

Download Submit
memory/652-132-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/652-133-0x0000000000620000-0x000000000067B000-memory.dmp

Filesize
364KB

Download
memory/652-134-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/652-135-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/652-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4904-138-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4904-139-0x0000000000D90000-0x0000000000DEB000-memory.dmp

Filesize
364KB

Download
memory/4904-141-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4904-142-0x0000000000D90000-0x0000000000DEB000-memory.dmp

Filesize
364KB

Download
memory/4904-143-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download