5dc4c5808ceb622d7a978d2cd41fe6981686e3e509116be06ecbd8bb76aad659

Analysis

max time kernel
151s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 18:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.80cc7d12773e555aedb47d9041317b20.exe
Size

365KB
MD5

80cc7d12773e555aedb47d9041317b20
SHA1

7f96ef384e1aedd25676b37c60188c6e3c47a4aa
SHA256

5dc4c5808ceb622d7a978d2cd41fe6981686e3e509116be06ecbd8bb76aad659
SHA512

f1a77a278f9b92871017118db580719b866e563992a0b2f6fff3aabcd8f606af47843e3fcaef89cb9000013b44b5b0baadbd51ca2656f87cfe4e625f59493d7b
SSDEEP

3072:R4wsgTsDAJJRjONJQcwAOwzy8f1StC4SZmGTLFZhh2D+0caj3kyRACE2d:R4wNJJOJflpd46ZLn9ozE2d

Score

8^/10

persistence upx

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
5096	pgvdxmn.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1600-0-0x0000000000400000-0x000000000045F000-memory.dmp	upx
behavioral2/memory/1600-1-0x0000000000400000-0x000000000045F000-memory.dmp	upx
behavioral2/files/0x00060000000230a4-8.dat	upx
behavioral2/files/0x00060000000230a4-9.dat	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\pgvdxmn.exe	NEAS.80cc7d12773e555aedb47d9041317b20.exe
File created	C:\PROGRA~3\Mozilla\qwwzfia.dll	pgvdxmn.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.80cc7d12773e555aedb47d9041317b20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.80cc7d12773e555aedb47d9041317b20.exe"
1⤵
- Drops file in Program Files directory
PID:1600

C:\PROGRA~3\Mozilla\pgvdxmn.exe
C:\PROGRA~3\Mozilla\pgvdxmn.exe -fumfguk
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\pgvdxmn.exe

Filesize
365KB

MD5
6f3aa317e0b61a036cc4e0dce191bf75

SHA1
14563a141d354f5b2e6b1d851283783d2d2ccd26

SHA256
d9a246c6b48af0871032b37323a819971252a4e2f547e02df5484b5b8ed28d2f

SHA512
b1b477c7019d08336a070654c84e5056dccd6a11e6eae88308982a35203e8834ceacd7ad1e22776a5e5791e5253362d4c35cba2e926c26994aa508c4efbc9630

Download Submit
C:\ProgramData\Mozilla\pgvdxmn.exe

Filesize
365KB

MD5
6f3aa317e0b61a036cc4e0dce191bf75

SHA1
14563a141d354f5b2e6b1d851283783d2d2ccd26

SHA256
d9a246c6b48af0871032b37323a819971252a4e2f547e02df5484b5b8ed28d2f

SHA512
b1b477c7019d08336a070654c84e5056dccd6a11e6eae88308982a35203e8834ceacd7ad1e22776a5e5791e5253362d4c35cba2e926c26994aa508c4efbc9630

Download Submit
memory/1600-3-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1600-0-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1600-5-0x00000000020C0000-0x000000000211B000-memory.dmp

Filesize
364KB

Download
memory/1600-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1600-2-0x00000000020C0000-0x000000000211B000-memory.dmp

Filesize
364KB

Download
memory/1600-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1600-10-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5096-12-0x0000000000DE0000-0x0000000000E3B000-memory.dmp

Filesize
364KB

Download
memory/5096-13-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5096-14-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5096-16-0x0000000000DE0000-0x0000000000E3B000-memory.dmp

Filesize
364KB

Download
memory/5096-17-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5096-19-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download