42d64547636e2b97f5de99717253a12e1e16a0de8cc6ad1151e4ba1b592bed84

Analysis

max time kernel
133s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 16:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

42d64547636e2b97f5de99717253a12e1e16a0de8cc6ad1151e4ba1b592bed84.exe
Size

7.0MB
MD5

032365697db65f76fa071c7e575afe58
SHA1

d6b14acfdd3b741245fe450b3fa3f5a179a5d1fd
SHA256

42d64547636e2b97f5de99717253a12e1e16a0de8cc6ad1151e4ba1b592bed84
SHA512

16a8fd06c34101fe53ae7d00fd0aa6bae3b3df1e9f1bd57570bd874008430e1909e5b0326bb830b426d4f161743f2a193ce9ffd13a47a7341b7aa25b72cbbd83
SSDEEP

98304:ZU0uS2Xx4nAWDSDBlRMAemZeSSvTGhTdgVaBcMD+GDzX0FaK1KN:Abx2ARWmYLKhxMad/waKo

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
460	Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Windows\CurrentVersion\Run	42d64547636e2b97f5de99717253a12e1e16a0de8cc6ad1151e4ba1b592bed84.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2 = "C:\\ProgramData\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2.exe"	42d64547636e2b97f5de99717253a12e1e16a0de8cc6ad1151e4ba1b592bed84.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 460	4540	42d64547636e2b97f5de99717253a12e1e16a0de8cc6ad1151e4ba1b592bed84.exe	85
PID 4540 wrote to memory of 460	4540	42d64547636e2b97f5de99717253a12e1e16a0de8cc6ad1151e4ba1b592bed84.exe	85

C:\Users\Admin\AppData\Local\Temp\42d64547636e2b97f5de99717253a12e1e16a0de8cc6ad1151e4ba1b592bed84.exe
"C:\Users\Admin\AppData\Local\Temp\42d64547636e2b97f5de99717253a12e1e16a0de8cc6ad1151e4ba1b592bed84.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4540
- C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2.exe
  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2.exe
  2⤵
  - Executes dropped EXE
  PID:460

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2.exe

Filesize
757.0MB

MD5
36b0853d15bba796db6743d481891a3b

SHA1
d3b61aff19d405b0a12ab1f8d1951951ec67feec

SHA256
a20150c90772dc452d2307016881d07bbfd2f98b41aa85aa34a518b3e1152ed1

SHA512
4a41e7fee9cab756d6b09ab45bd6d0c660ebe604d85eb0a1eea8eb4821dd067a1c5055f9026b4acf4a8bbf60e7f0eeff1f1c674d88741271b379c19d6102fc7b

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Desktop-FE262.1.6.2.exe

Filesize
757.0MB

MD5
36b0853d15bba796db6743d481891a3b

SHA1
d3b61aff19d405b0a12ab1f8d1951951ec67feec

SHA256
a20150c90772dc452d2307016881d07bbfd2f98b41aa85aa34a518b3e1152ed1

SHA512
4a41e7fee9cab756d6b09ab45bd6d0c660ebe604d85eb0a1eea8eb4821dd067a1c5055f9026b4acf4a8bbf60e7f0eeff1f1c674d88741271b379c19d6102fc7b

Download Submit
memory/460-138-0x00007FF7216D0000-0x00007FF721DD1000-memory.dmp

Filesize
7.0MB

Download
memory/4540-133-0x00007FF637EC0000-0x00007FF6385C1000-memory.dmp

Filesize
7.0MB

Download