b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/03/2023, 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c.exe
Size

4.4MB
MD5

ee7bbd7ace266587dda2c813fb4a3f19
SHA1

d0ce154856c50a81ece1ee1ed913de8aa1df2309
SHA256

b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c
SHA512

c49a8c67c263ac25ecf2993f27c5994d39eaf9993468295b3ef51dd55078f187cbc3d5f5fc35699f275be2575feb45e5923f3879fecc8a67b115dedb90bf4404
SSDEEP

98304:746m3lOTN+F/VmxNhHQ849d15jLWdWyYC2yOMnIcDC:746lN+ZVmxNhk1FWjYVPMnId

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3432	Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2 = "C:\\ProgramData\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2.exe"	AppLaunch.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5000 set thread context of 4176	5000	b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c.exe	86

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4176	5000	b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c.exe	86
PID 5000 wrote to memory of 4176	5000	b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c.exe	86
PID 5000 wrote to memory of 4176	5000	b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c.exe	86
PID 5000 wrote to memory of 4176	5000	b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c.exe	86
PID 5000 wrote to memory of 4176	5000	b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c.exe	86
PID 4176 wrote to memory of 3432	4176	AppLaunch.exe	96
PID 4176 wrote to memory of 3432	4176	AppLaunch.exe	96

C:\Users\Admin\AppData\Local\Temp\b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c.exe
"C:\Users\Admin\AppData\Local\Temp\b66331bcb43b26ee99979367d7a296902b6b547060ec72e760501e132da1db0c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4176
- - C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2.exe
    "C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2.exe"
    3⤵
    - Executes dropped EXE
    PID:3432

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2.exe

Filesize
678.9MB

MD5
f1a35947da2623c18d1b8c0219a0489c

SHA1
9397bc9481c2040fc6cc272eb294990df4c57104

SHA256
430ae5f79ab87e6daf96c9e9e091bcfff54c01a73bbcdb5ce52b9fa923163b93

SHA512
063680fb726005c0a679afcdf49fabace89e8befa51ceeb6badc5eccf557aa21b8fb79adc3820a6b53849ad9ac865e05bb9a63c1361edc397a47aba6574b2c01

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2.exe

Filesize
615.4MB

MD5
f6cdee5e116e9e4f9902b24f478bd2e4

SHA1
7df9e91d708549295787b16cdf45cf5c98daa9ec

SHA256
5f7accb9c9d2fcc871645e3cc035cbf62ec1696b163ffb30772189b8cdf8037f

SHA512
4a98ae5d3a2ae1b7b6339302a66747e721d0eb2e23d30084d0ff5165440ca2aa2c156926cc9259a7a769b8c85dd348357211ba263f39c0c9306f320d06a0af20

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38ssh-Type6.3.1.2.exe

Filesize
520.2MB

MD5
a316cceabe72a36e8325b4cf922ae76a

SHA1
1f965de86f6fae478c9904b1adb2c819f91b6db6

SHA256
b95c9223147b358517120533e53acbf86cfe0eace21708ca22fc858919792ac0

SHA512
438b3cbfaaa6928d43b69e9b0b8b1f9de9677ef1a63f7db75b75884f1c8de49168e681217c85cc4122eb2a495baa684ccc7d4cab0af7da2eee68347db9abdf36

Download Submit
memory/4176-134-0x0000000000EA0000-0x00000000012FC000-memory.dmp

Filesize
4.4MB

Download
memory/4176-139-0x0000000005C60000-0x0000000006204000-memory.dmp

Filesize
5.6MB

Download
memory/4176-140-0x00000000056B0000-0x0000000005742000-memory.dmp

Filesize
584KB

Download
memory/4176-141-0x00000000058F0000-0x0000000005900000-memory.dmp

Filesize
64KB

Download
memory/4176-142-0x0000000005650000-0x000000000565A000-memory.dmp

Filesize
40KB

Download
memory/4176-143-0x00000000058F0000-0x0000000005900000-memory.dmp

Filesize
64KB

Download
memory/4176-144-0x00000000058F0000-0x0000000005900000-memory.dmp

Filesize
64KB

Download
memory/4176-145-0x00000000058F0000-0x0000000005900000-memory.dmp

Filesize
64KB

Download