c3f1c2bb413da6746028bd06326e4c09dfee0a9ae3f1968e5113cda944b1c164

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2023, 20:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c3f1c2bb413da6746028bd06326e4c09dfee0a9ae3f1968e5113cda944b1c164.exe
Size

7.7MB
MD5

9d3966ec2f3a1b77a356fd0a1f68b1f0
SHA1

850f9e14b902d11a099a7bd595127732edf771d1
SHA256

c3f1c2bb413da6746028bd06326e4c09dfee0a9ae3f1968e5113cda944b1c164
SHA512

ecc449e7549836b850bc970683e8e229138f4bb19ca43974d70e4a46d8b66b2a9c59095f2ff37a6a18b33110342cce94b783bb836517f38cc82ef0cf5a0e95fe
SSDEEP

98304:3nvzaFNj6otcK6Ly+mLv7dAstL5dWBLS9Me5C8lXbEnOaT2w85laEbNMbkq:3unrOTyFLzxdoBLSGepbGHk9q

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1416	Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Windows\CurrentVersion\Run	c3f1c2bb413da6746028bd06326e4c09dfee0a9ae3f1968e5113cda944b1c164.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0 = "C:\\ProgramData\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0.exe"	c3f1c2bb413da6746028bd06326e4c09dfee0a9ae3f1968e5113cda944b1c164.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 1416	3180	c3f1c2bb413da6746028bd06326e4c09dfee0a9ae3f1968e5113cda944b1c164.exe	86
PID 3180 wrote to memory of 1416	3180	c3f1c2bb413da6746028bd06326e4c09dfee0a9ae3f1968e5113cda944b1c164.exe	86

C:\Users\Admin\AppData\Local\Temp\c3f1c2bb413da6746028bd06326e4c09dfee0a9ae3f1968e5113cda944b1c164.exe
"C:\Users\Admin\AppData\Local\Temp\c3f1c2bb413da6746028bd06326e4c09dfee0a9ae3f1968e5113cda944b1c164.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3180
- C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0.exe
  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0.exe
  2⤵
  - Executes dropped EXE
  PID:1416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0.exe

Filesize
757.7MB

MD5
d95fa6828464b03ac58672087f3e6892

SHA1
103ee7bae422470346e6347a768514f075799bbd

SHA256
6fba0ee22778c25afef0ac3c9366c49592904121e1b7b18f45791c4945a3e354

SHA512
12ce4540b3cfaae7cf1bd89545f69326add334dd31ca1b7b7ee27cbc3d3920e2dd705aadc209afa200cf827b40a943e979f97672b2c25cfe6c80d4fa8417cbe6

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver0.3.9.0.exe

Filesize
757.7MB

MD5
d95fa6828464b03ac58672087f3e6892

SHA1
103ee7bae422470346e6347a768514f075799bbd

SHA256
6fba0ee22778c25afef0ac3c9366c49592904121e1b7b18f45791c4945a3e354

SHA512
12ce4540b3cfaae7cf1bd89545f69326add334dd31ca1b7b7ee27cbc3d3920e2dd705aadc209afa200cf827b40a943e979f97672b2c25cfe6c80d4fa8417cbe6

Download Submit
memory/1416-141-0x00007FF7DCF40000-0x00007FF7DD6FC000-memory.dmp

Filesize
7.7MB

Download
memory/3180-133-0x00007FF60D800000-0x00007FF60DFBC000-memory.dmp

Filesize
7.7MB

Download