16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c

Analysis

max time kernel
38s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18-05-2023 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c.exe
Size

4.7MB
MD5

a7225c3f11926a092f608589ba676abc
SHA1

240927f26d35292d922c710fd5bf6b7aa996ae87
SHA256

16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c
SHA512

900942a62b31afbe67d9840a9ef9875a80b47584808a0167727f050f2663232c386cc59450eec1a68c78b6d937dc5b2d23c5fe0662f5119d26845664416a452d
SSDEEP

49152:wb6aSECYBfkW7tComPsW5p6lAjw7iqnVlSivrh/+TM+Fp:jA4D+/+TM+

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
108	Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3.exe

Loads dropped DLL 1 IoCs

pid	Process
696	16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Windows\CurrentVersion\Run	16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Windows\CurrentVersion\Run\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3 = "C:\\ProgramData\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3.exe"	16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 696 wrote to memory of 108	696	16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c.exe	28
PID 696 wrote to memory of 108	696	16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c.exe	28
PID 696 wrote to memory of 108	696	16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c.exe	28

C:\Users\Admin\AppData\Local\Temp\16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c.exe
"C:\Users\Admin\AppData\Local\Temp\16e9b64b307462509c376b411c4dccb644f48d630fd0773d28e988cc8bf3378c.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:696
- C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3.exe
  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3.exe
  2⤵
  - Executes dropped EXE
  PID:108

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3.exe

Filesize
721.9MB

MD5
2fbacc5e512bb613a675ebbddda64d9c

SHA1
0371df7e31a0c0d22fe908585d7f472653272ec9

SHA256
12ac8ffa346c98f15eaa3426565ac0b641f192a7622c7148aedd0f3122de66fc

SHA512
3c59a77b2a1a8624d6308613296050775ee32a8d19a7bbaea2602e86e3b4490aa6064e8a32367d7bbb8b81dcf893e32c6c3335d72f549d085ed0f5ddee5a8d2e

Download Submit
\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Favorites-ver9.3.4.3.exe

Filesize
674.5MB

MD5
07c89ff36fc01e7a7651bbad5dfaa365

SHA1
cfd8bb09ffde892eeed71dfcf5e3f47766848616

SHA256
b2db344ba6580a837b8e7a1b9439279e300c5f7a5af3001c207a9f5d4370298b

SHA512
3778a57bfd6ab18966059496f968b107e10a0a7658b21911fad9cdc94458b26e905aaf5b0d5aec060053664de20e75b695400a7fd524a6946dd48509d40626ba

Download Submit