885e7fe5e1ef1eff4be40dcf8c9c61b2b7e9ecdba541dd36a40df00c2f0658ae

Analysis

max time kernel
112s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

885e7fe5e1ef1eff4be40dcf8c9c61b2b7e9ecdba541dd36a40df00c2f0658ae.exe
Size

229KB
MD5

1afb71282ed8b0caa6cb8451c5506700
SHA1

3c3e9f13d6ab30e581e8900eb57b0206671741b1
SHA256

885e7fe5e1ef1eff4be40dcf8c9c61b2b7e9ecdba541dd36a40df00c2f0658ae
SHA512

693f7d8761ecc5a9f3b235d9b5c9def9caf115766a940ee511e5bdf8f60bfecb39fbc607eae1ec75ca2b474e799ada776a15fde00724564f7811108510f9ea9f
SSDEEP

3072:CcMNMs6pTpZlxROvGLvrIgoEBm4TVNxZIa+6HQB4MnOOOOygsTVSIUKXs5uayve:lM2l7jLvrSkZVjwtOOOOy5SIa5u4

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4720	nkvxlye.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\nkvxlye.exe	885e7fe5e1ef1eff4be40dcf8c9c61b2b7e9ecdba541dd36a40df00c2f0658ae.exe
File created	C:\PROGRA~3\Mozilla\mmpvyam.dll	nkvxlye.exe

C:\Users\Admin\AppData\Local\Temp\885e7fe5e1ef1eff4be40dcf8c9c61b2b7e9ecdba541dd36a40df00c2f0658ae.exe
"C:\Users\Admin\AppData\Local\Temp\885e7fe5e1ef1eff4be40dcf8c9c61b2b7e9ecdba541dd36a40df00c2f0658ae.exe"
1⤵
- Drops file in Program Files directory
PID:4804

C:\PROGRA~3\Mozilla\nkvxlye.exe
C:\PROGRA~3\Mozilla\nkvxlye.exe -xqialii
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4720

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\nkvxlye.exe

Filesize
229KB

MD5
33d7fba3759d1207814a19c0b847c172

SHA1
5b7fb0cd3bc7d8a2e65a59cd082d5260ee8d34c4

SHA256
6481ebb8da43e2a5f3b839fafef69bb90a50555073864a4d09c490baf3b0b177

SHA512
c4c36debf1067ef9714503e9a5fd7b7955b84050a5d3fc42a19d55472ea2bd424c032b7d7a807dae9fdd139ccaed14637eba956d4359d17a4b4d2d79cec21b5f

Download Submit
C:\ProgramData\Mozilla\nkvxlye.exe

Filesize
229KB

MD5
33d7fba3759d1207814a19c0b847c172

SHA1
5b7fb0cd3bc7d8a2e65a59cd082d5260ee8d34c4

SHA256
6481ebb8da43e2a5f3b839fafef69bb90a50555073864a4d09c490baf3b0b177

SHA512
c4c36debf1067ef9714503e9a5fd7b7955b84050a5d3fc42a19d55472ea2bd424c032b7d7a807dae9fdd139ccaed14637eba956d4359d17a4b4d2d79cec21b5f

Download Submit
memory/4720-137-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4720-138-0x0000000000C30000-0x0000000000C8B000-memory.dmp

Filesize
364KB

Download
memory/4720-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4804-132-0x0000000002230000-0x000000000228B000-memory.dmp

Filesize
364KB

Download
memory/4804-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4804-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download