8f3704e4e129e42dcf0c2636cfa517637174268223f03a8583b8e1511fb22100

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2023 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de52ba003d184a9144afdf6a213df150_exe32.exe
Size

161KB
MD5

de52ba003d184a9144afdf6a213df150
SHA1

1c1716ca28a515d0b8b2f53a77f88e5760463fe7
SHA256

8f3704e4e129e42dcf0c2636cfa517637174268223f03a8583b8e1511fb22100
SHA512

e432ddb3e68cbd67867d7200580fb0675d9d2c4aee544a16417a0011d83be96e780669104cc5d06b3dabb599018767a49ee6d11c0b5c444851801398ee51e8f0
SSDEEP

3072:51oVtum4WHvjVGr8kgB9s8p+uRcKVHM0lma3UroAew5ak23n2MgN8Dlj5:5mtmCjkU9Wu6uFYwsegak22TQlF

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
3848	xxmjpmn.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\xxmjpmn.exe	de52ba003d184a9144afdf6a213df150_exe32.exe
File created	C:\PROGRA~3\Mozilla\yscklod.dll	xxmjpmn.exe

C:\Users\Admin\AppData\Local\Temp\de52ba003d184a9144afdf6a213df150_exe32.exe
"C:\Users\Admin\AppData\Local\Temp\de52ba003d184a9144afdf6a213df150_exe32.exe"
1⤵
- Drops file in Program Files directory
PID:2756

C:\PROGRA~3\Mozilla\xxmjpmn.exe
C:\PROGRA~3\Mozilla\xxmjpmn.exe -nznotnb
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\xxmjpmn.exe

Filesize
161KB

MD5
37f139f4881720c7a8e4ef910f50f278

SHA1
968e6acae84e22f25681c3fa2c77d61e182f06c3

SHA256
7049f177cf448985981a7d3171395896999caab7952cf7d6972834a25f9f66e4

SHA512
b1fb536ac9050e7288272fab2efacdaa9d805f882fb75bd0ac114461e61da36a499fc071f9fa6eb8e91a71a0426492f178aa48d90306d92acbf559c02568d9ab

Download Submit
C:\ProgramData\Mozilla\xxmjpmn.exe

Filesize
161KB

MD5
37f139f4881720c7a8e4ef910f50f278

SHA1
968e6acae84e22f25681c3fa2c77d61e182f06c3

SHA256
7049f177cf448985981a7d3171395896999caab7952cf7d6972834a25f9f66e4

SHA512
b1fb536ac9050e7288272fab2efacdaa9d805f882fb75bd0ac114461e61da36a499fc071f9fa6eb8e91a71a0426492f178aa48d90306d92acbf559c02568d9ab

Download Submit
memory/2756-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2756-3-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2756-2-0x0000000002200000-0x000000000225B000-memory.dmp

Filesize
364KB

Download
memory/2756-0-0x00000000021D0000-0x00000000021F1000-memory.dmp

Filesize
132KB

Download
memory/2756-1-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2756-9-0x00000000021D0000-0x00000000021F1000-memory.dmp

Filesize
132KB

Download
memory/2756-10-0x0000000002200000-0x000000000225B000-memory.dmp

Filesize
364KB

Download
memory/3848-11-0x0000000000580000-0x00000000005A1000-memory.dmp

Filesize
132KB

Download
memory/3848-13-0x0000000000720000-0x000000000077B000-memory.dmp

Filesize
364KB

Download
memory/3848-14-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3848-16-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3848-18-0x0000000000580000-0x00000000005A1000-memory.dmp

Filesize
132KB

Download
memory/3848-19-0x0000000000720000-0x000000000077B000-memory.dmp

Filesize
364KB

Download