7c3caed1d850a40e77e2654d19d98d6a36f54382f1992b09c3047465848c5a21

Analysis

max time kernel
161s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c3caed1d850a40e77e2654d19d98d6a36f54382f1992b09c3047465848c5a21.exe
Size

233KB
MD5

0a267f63996352a88fe6bca877d36270
SHA1

944de8db25cba6506c360033f5dba41b4d3cd916
SHA256

7c3caed1d850a40e77e2654d19d98d6a36f54382f1992b09c3047465848c5a21
SHA512

92fb3eaefdf2e51ff585c5167cfd91c414942ab1f8184abaa270c4ef36395c79b9246a3acc792d8681d99389b0b64bbdd2617790c05ca06fae6e64371039a4cf
SSDEEP

6144:VSH4NMEb+s3T+HcWZOcT/IrqxXnlw/xfnj5htK:VSH9Eb+o/SVTaqJ4j5ho

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2168	wlgmldg.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\wlgmldg.exe	7c3caed1d850a40e77e2654d19d98d6a36f54382f1992b09c3047465848c5a21.exe
File created	C:\PROGRA~3\Mozilla\fkvcmeb.dll	wlgmldg.exe

C:\Users\Admin\AppData\Local\Temp\7c3caed1d850a40e77e2654d19d98d6a36f54382f1992b09c3047465848c5a21.exe
"C:\Users\Admin\AppData\Local\Temp\7c3caed1d850a40e77e2654d19d98d6a36f54382f1992b09c3047465848c5a21.exe"
1⤵
- Drops file in Program Files directory
PID:3488

C:\PROGRA~3\Mozilla\wlgmldg.exe
C:\PROGRA~3\Mozilla\wlgmldg.exe -tefqmxb
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2168

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\wlgmldg.exe

Filesize
233KB

MD5
68c163a52a4943f7765c9a1a59103a5b

SHA1
b5ee5c5c1bcf66ff210d3e86c284d4520a46b964

SHA256
e5e2e033086e10943f1f4fcb59031840398225be9fbe0457189d90a52c763904

SHA512
d56a67305fbfd08029d73bc977e073c60fcf05f6198efbc064d70804019139c2e974db05a129ea595509eb63a018a7f1a7645068b1add95c1359fdcb652e3e6b

Download Submit
C:\ProgramData\Mozilla\wlgmldg.exe

Filesize
233KB

MD5
68c163a52a4943f7765c9a1a59103a5b

SHA1
b5ee5c5c1bcf66ff210d3e86c284d4520a46b964

SHA256
e5e2e033086e10943f1f4fcb59031840398225be9fbe0457189d90a52c763904

SHA512
d56a67305fbfd08029d73bc977e073c60fcf05f6198efbc064d70804019139c2e974db05a129ea595509eb63a018a7f1a7645068b1add95c1359fdcb652e3e6b

Download Submit
memory/2168-138-0x0000000000D60000-0x0000000000DBB000-memory.dmp

Filesize
364KB

Download
memory/2168-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2168-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3488-132-0x00000000020E0000-0x000000000213B000-memory.dmp

Filesize
364KB

Download
memory/3488-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3488-134-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3488-137-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download