634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b.exe
Size

7.0MB
MD5

639231d7dd5d323bfeadae51467f21e2
SHA1

e8019d37ba0467f7b431e84b0ccc468c63f8a4c3
SHA256

634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b
SHA512

c8cebdc7ee5719e73c5d058623d4baf376d220ac1edf89f9e8352b17b3ae240a2d99f4403bc9b38a20f15a65907ff2b3bd7eb08dbe6ad87da500702f501df822
SSDEEP

98304:ogRUCbYcqd2Zv4l+/iKdnM7Wba4iB8d2LAoBixbrU6+fnwPMQEbLVNipVVS6Z:3LqwmlYm7Wb0B8YL6U/nwPlEbL+p9

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe

pid process

1764 Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe

pid	process
1764	Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run	634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3 = "C:\\ProgramData\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3\\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe"	634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b.exe

description	pid	process	target process
PID 2184 wrote to memory of 1764	2184	634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b.exe	Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe
PID 2184 wrote to memory of 1764	2184	634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b.exe	Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe

C:\Users\Admin\AppData\Local\Temp\634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b.exe
"C:\Users\Admin\AppData\Local\Temp\634aae21f789a5698b0c015ac3f59bb10f8b3ccffeb17aeedad13a301075b23b.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2184

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe
2⤵
- Executes dropped EXE
PID:1764

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe
Filesize
757.0MB

MD5
c97850b19087761ef62dbc9b5e7aa6ec

SHA1
31edcb00e24a724f84f27897567ea9abb4de1180

SHA256
050536bad4dbe8008eb675f58887852cf05b77fb784b2d0a5548ffd63795479f

SHA512
86b3dc8b20400993cf31258d6221ee7dd834764ee4014dc5b9e9d90e9434dcdcef2c40b059cccaa11bac04690c978ebf5e1183109243eab1f30ba892cbfc939a

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38regid.1991-06.com.microsoft-U287N5.2.6.3.exe
Filesize
757.0MB

MD5
c97850b19087761ef62dbc9b5e7aa6ec

SHA1
31edcb00e24a724f84f27897567ea9abb4de1180

SHA256
050536bad4dbe8008eb675f58887852cf05b77fb784b2d0a5548ffd63795479f

SHA512
86b3dc8b20400993cf31258d6221ee7dd834764ee4014dc5b9e9d90e9434dcdcef2c40b059cccaa11bac04690c978ebf5e1183109243eab1f30ba892cbfc939a

Download Submit
memory/1764-138-0x00007FF7D2EE0000-0x00007FF7D35E7000-memory.dmp

Filesize
7.0MB

Download
memory/2184-133-0x00007FF7954E0000-0x00007FF795BE7000-memory.dmp

Filesize
7.0MB

Download