dc490ae2ac0a979094552cd2478bca0740b7c84c12d82cfbaa38c6826ec4a921

Analysis

max time kernel
131s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 18:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.955e59f90c0e91042a7dae72a0e9e9e0.exe
Size

128KB
MD5

955e59f90c0e91042a7dae72a0e9e9e0
SHA1

8b2beaa55f382c4de8c6ec0554c4cceb0a618f11
SHA256

dc490ae2ac0a979094552cd2478bca0740b7c84c12d82cfbaa38c6826ec4a921
SHA512

9329472261e4af86511ed48da5314098c4e6313e9d731ae7d874244b87a77675e17c0f37e2d03ce3bb7356a6ee4d6274397bce5d1ef6a21d70bb4977491149b7
SSDEEP

3072:T6mSfjauPZJ3RlSHWvtFrNWtozsf4tQ6Qo1DHfHPEkI+kJb9bdXtM:BuRJqHWotwsf4GWH8kdkVO

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
752	pgvdxmn.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\pgvdxmn.exe	NEAS.955e59f90c0e91042a7dae72a0e9e9e0.exe
File created	C:\PROGRA~3\Mozilla\qwwzfia.dll	pgvdxmn.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.955e59f90c0e91042a7dae72a0e9e9e0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.955e59f90c0e91042a7dae72a0e9e9e0.exe"
1⤵
- Drops file in Program Files directory
PID:4524

C:\PROGRA~3\Mozilla\pgvdxmn.exe
C:\PROGRA~3\Mozilla\pgvdxmn.exe -fumfguk
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\pgvdxmn.exe

Filesize
128KB

MD5
9ca6ebfcabf9887d451cf2f8da084470

SHA1
6e6adbc0b60cddb90a53653a93f1653692422246

SHA256
42b4e1157b987bb92a79ecdee0a862fc44be7c09bb7d6868fceeb81743aa732e

SHA512
bcab3ce8026425063b3f50eba1c199681699a28b702f3c3420afbb8516227528ed2c8abc1e10e264e4d8c1393a61e90e668d956daed46c953b7eda8117924ce3

Download Submit
C:\ProgramData\Mozilla\pgvdxmn.exe

Filesize
128KB

MD5
9ca6ebfcabf9887d451cf2f8da084470

SHA1
6e6adbc0b60cddb90a53653a93f1653692422246

SHA256
42b4e1157b987bb92a79ecdee0a862fc44be7c09bb7d6868fceeb81743aa732e

SHA512
bcab3ce8026425063b3f50eba1c199681699a28b702f3c3420afbb8516227528ed2c8abc1e10e264e4d8c1393a61e90e668d956daed46c953b7eda8117924ce3

Download Submit
memory/752-13-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/752-19-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4524-1-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4524-0-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4524-2-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/4524-3-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4524-6-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4524-7-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4524-9-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4524-12-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download