c16327422935e0eb62d5954d369643fd48e861f2513a35c1fd771d4b990058f5

Analysis

max time kernel
37s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/05/2023, 12:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

4.9MB
MD5

9ce9a4ff097b9e2cfcee1578d5550e49
SHA1

8bfef2733d2cfac6a644159ceab78711505e90e2
SHA256

c16327422935e0eb62d5954d369643fd48e861f2513a35c1fd771d4b990058f5
SHA512

19f40e24ea821df5b4e29b2db41caf87b4c4a87906287c53ae6350e5a0dd55d2094e2a0927262803cb6ba1accf14e336cd5413305f28fe6bb6199de25a78bd5c
SSDEEP

49152:KOssbc5xzt6DohcH8tx0CaOXX5B0jGREKMfKAfqNMP4ps789ly7B1Vyz9/Yj6jvp:jc0SjXtv64CCy7zO/XV

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
960	TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0.exe

Loads dropped DLL 1 IoCs

pid	Process
1292	tmp.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Windows\CurrentVersion\Run\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0 = "C:\\ProgramData\\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0\\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0.exe"	tmp.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Windows\CurrentVersion\Run	tmp.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 960	1292	tmp.exe	27
PID 1292 wrote to memory of 960	1292	tmp.exe	27
PID 1292 wrote to memory of 960	1292	tmp.exe	27

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1292
- C:\ProgramData\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0.exe
  C:\ProgramData\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0.exe
  2⤵
  - Executes dropped EXE
  PID:960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0.exe

Filesize
754.9MB

MD5
52d4385a8c71232ca3e13e3cccb99afb

SHA1
2ddaba188ef1de0c9653b932630fb61e93f7b5bd

SHA256
a251cb220c9e36df64e284f6c2995a7f9cb69523c3472237dd1cca40e597f755

SHA512
d00d12c97ddaa56d232658971283c82e48d1162f4369f003ac03f3152652cc37fed194a475f27cb82fe6918da15e0253267958be897f56ba1d5406ccd7ff417b

Download Submit
\ProgramData\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0\TemplatesMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver9.2.8.0.exe

Filesize
754.9MB

MD5
52d4385a8c71232ca3e13e3cccb99afb

SHA1
2ddaba188ef1de0c9653b932630fb61e93f7b5bd

SHA256
a251cb220c9e36df64e284f6c2995a7f9cb69523c3472237dd1cca40e597f755

SHA512
d00d12c97ddaa56d232658971283c82e48d1162f4369f003ac03f3152652cc37fed194a475f27cb82fe6918da15e0253267958be897f56ba1d5406ccd7ff417b

Download Submit