749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4

Analysis

max time kernel
103s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe
Size

936KB
MD5

042d8ef1ade21c43d1006727dd404c50
SHA1

d6042778d75156db157f6ca9df82236c2ec5effe
SHA256

749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4
SHA512

9eb93194f123619749f5fa2643a54291b6f76d98f47037b643a45a5859aa886284cad87d898a1420487892ed0a1ed8dc6b6d86bc358f1fbb75db1f12e87c8633
SSDEEP

12288:CDJM/bXntAh+nhZoqQEHvVIzJPz//DdvdYkNQX1NYtFX0jPDl5pudl1lnNRybMYY:Cd6atqLHNk5TdvKX1NYtFXOMNwQ4/8X

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1396	nkvxlye.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\mmpvyam.dll	nkvxlye.exe
File created	C:\PROGRA~3\Mozilla\nkvxlye.exe	749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe

C:\Users\Admin\AppData\Local\Temp\749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe
"C:\Users\Admin\AppData\Local\Temp\749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe"
1⤵
- Drops file in Program Files directory
PID:2304

C:\PROGRA~3\Mozilla\nkvxlye.exe
C:\PROGRA~3\Mozilla\nkvxlye.exe -xqialii
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1396

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\nkvxlye.exe

Filesize
936KB

MD5
3468dfd48d15eabe39c1a7fff42c7d10

SHA1
76c5c5971e07461d33da3bccfdec8516993fadf3

SHA256
07ed4284c19c217eeabf866d6f43bf31810f5425833b6f4c8f1799e2906716e4

SHA512
dfb112d77fb22fb1bc3728b95bc26ad3af21b102185a8284e2d1394d76ff801e0aa1b0315133b3f979aea18a1cd34bf72522422dc84ab745a2f2fa92281c7601

Download Submit
C:\ProgramData\Mozilla\nkvxlye.exe

Filesize
936KB

MD5
3468dfd48d15eabe39c1a7fff42c7d10

SHA1
76c5c5971e07461d33da3bccfdec8516993fadf3

SHA256
07ed4284c19c217eeabf866d6f43bf31810f5425833b6f4c8f1799e2906716e4

SHA512
dfb112d77fb22fb1bc3728b95bc26ad3af21b102185a8284e2d1394d76ff801e0aa1b0315133b3f979aea18a1cd34bf72522422dc84ab745a2f2fa92281c7601

Download Submit
memory/1396-141-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1396-142-0x00000000008C0000-0x000000000091B000-memory.dmp

Filesize
364KB

Download
memory/1396-147-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2304-132-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2304-133-0x00000000006C0000-0x000000000071B000-memory.dmp

Filesize
364KB

Download
memory/2304-140-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download