30cdb77e8ec407b839feecd91d628083c6f6512f5e9ed45e9ba6a913ccf2cfa7

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2023, 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe
Size

329KB
MD5

2d49b15c5bca65111fd6c45e56eb92d0
SHA1

38ce1da809552ffd1d4557c1b85e66944690716d
SHA256

30cdb77e8ec407b839feecd91d628083c6f6512f5e9ed45e9ba6a913ccf2cfa7
SHA512

afb0d5f39f17ab1a851699cc9bb2ca22950e219d65102173bc59fe1b6e29e68a6b86d93a0cc37a1c1b1a97585f72e64ef89d22c067537e19cc1bd1eb92d82866
SSDEEP

6144:dFZOSgIhBBQERJpJBQHEJVLiRz96fUjt7vVOGhDRfFYnOOkw5:Lo4vQ4JWHLz96uvV5bqnOOf

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
1352	drpriek.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\drpriek.exe	2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe
File created	C:\PROGRA~3\Mozilla\ikrrdqn.dll	drpriek.exe

C:\Users\Admin\AppData\Local\Temp\2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2744

C:\PROGRA~3\Mozilla\drpriek.exe
C:\PROGRA~3\Mozilla\drpriek.exe -cidzxdc
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\drpriek.exe

Filesize
329KB

MD5
6cbae4f5ba76fc63ab9b2fcd700ea8db

SHA1
8e2565d1f633b756b0103868702f692914a47864

SHA256
eadb064e5484ae542837ea4e6dc3257351c6ef82e6d7ac4b86d498426c0d69dd

SHA512
bab409b15aef5569500f718167f85438742c93b318185f9d0f39dc286a46acf631b08d2475c860f58025563c402326c3a5633e394f182fe8a605bcde27e79bb2

Download Submit
C:\ProgramData\Mozilla\drpriek.exe

Filesize
329KB

MD5
6cbae4f5ba76fc63ab9b2fcd700ea8db

SHA1
8e2565d1f633b756b0103868702f692914a47864

SHA256
eadb064e5484ae542837ea4e6dc3257351c6ef82e6d7ac4b86d498426c0d69dd

SHA512
bab409b15aef5569500f718167f85438742c93b318185f9d0f39dc286a46acf631b08d2475c860f58025563c402326c3a5633e394f182fe8a605bcde27e79bb2

Download Submit
memory/1352-11-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1352-12-0x00000000006A0000-0x00000000006FB000-memory.dmp

Filesize
364KB

Download
memory/1352-18-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2744-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2744-1-0x0000000000580000-0x00000000005DB000-memory.dmp

Filesize
364KB

Download
memory/2744-7-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download