73c9a702efd6c5518f9466a17ec9b0f15e54da4f2baabf02940fdd2ec599be44

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73c9a702efd6c5518f9466a17ec9b0f15e54da4f2baabf02940fdd2ec599be44.exe
Size

4.7MB
MD5

2bd597092726c7dcf4e4299984d9f31b
SHA1

fe00364e1bcb047bdc5d52fc8ac784a73b342f9a
SHA256

73c9a702efd6c5518f9466a17ec9b0f15e54da4f2baabf02940fdd2ec599be44
SHA512

1b6aa476a1d1ca9f60b29d46737261cf623159651f9b12a907ae28311320d3fac6ff2c00544157e10d5c0f128a57da8a998f896d46dd4d255fea6b0ed145351d
SSDEEP

49152:tWmL1DN9gSYzb7CJmfLqWa4i4meHi5cqy+dOLvtRU/EzypxwTn60Yl:LMM7utREWb

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3932	Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6 = "C:\\ProgramData\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6.exe"	73c9a702efd6c5518f9466a17ec9b0f15e54da4f2baabf02940fdd2ec599be44.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	73c9a702efd6c5518f9466a17ec9b0f15e54da4f2baabf02940fdd2ec599be44.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 3932	396	73c9a702efd6c5518f9466a17ec9b0f15e54da4f2baabf02940fdd2ec599be44.exe	85
PID 396 wrote to memory of 3932	396	73c9a702efd6c5518f9466a17ec9b0f15e54da4f2baabf02940fdd2ec599be44.exe	85

C:\Users\Admin\AppData\Local\Temp\73c9a702efd6c5518f9466a17ec9b0f15e54da4f2baabf02940fdd2ec599be44.exe
"C:\Users\Admin\AppData\Local\Temp\73c9a702efd6c5518f9466a17ec9b0f15e54da4f2baabf02940fdd2ec599be44.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:396
- C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6.exe
  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6.exe
  2⤵
  - Executes dropped EXE
  PID:3932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6.exe

Filesize
754.7MB

MD5
75b59d9dcf553bec7d049e2ff9cb742d

SHA1
16f039bf3aaea21812907bc141439caa555ccd71

SHA256
fc21379e5ef1890efeee7393e25cf7ea528620845cb226e033efe2dcf917d1a5

SHA512
812e2fb84a21afa9fb50d563a7a2901aad00434a895c0f5ebba699c8283970910f6fc86e10ee9b1e1bec1a9bcc9104c41325724568ba8432bff40b1a0ba1dd15

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38WindowsHolographicDevices-ver7.6.4.6.exe

Filesize
754.7MB

MD5
75b59d9dcf553bec7d049e2ff9cb742d

SHA1
16f039bf3aaea21812907bc141439caa555ccd71

SHA256
fc21379e5ef1890efeee7393e25cf7ea528620845cb226e033efe2dcf917d1a5

SHA512
812e2fb84a21afa9fb50d563a7a2901aad00434a895c0f5ebba699c8283970910f6fc86e10ee9b1e1bec1a9bcc9104c41325724568ba8432bff40b1a0ba1dd15

Download Submit