436460f3d49975a357122332f81349f0772a2f9f42d2d8873c12a246bd5b3b78

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
18/11/2023, 01:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0165fdea93fb0b1afbecc19570873a50.exe
Size

197KB
MD5

0165fdea93fb0b1afbecc19570873a50
SHA1

8418599166ea7ff533458b13469757d1136d08ef
SHA256

436460f3d49975a357122332f81349f0772a2f9f42d2d8873c12a246bd5b3b78
SHA512

aa72540e57f4cae63ccabf65dd70da290c72d81b6ddad410781d3d294168f070066365b90433afbee9ade86c1c3770930085fd0e24115996ea706779f1a52db1
SSDEEP

3072:yhepkjr4O0cx158cZacNNc6eDmtH67gNdP/+nvfbYzHM5Et+ft6:yhepk34mL0+rJWvf0zHbtg6

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
696	gpypjxc.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\gpypjxc.exe	0165fdea93fb0b1afbecc19570873a50.exe
File created	C:\PROGRA~3\Mozilla\kbbthmm.dll	gpypjxc.exe

C:\Users\Admin\AppData\Local\Temp\0165fdea93fb0b1afbecc19570873a50.exe
"C:\Users\Admin\AppData\Local\Temp\0165fdea93fb0b1afbecc19570873a50.exe"
1⤵
- Drops file in Program Files directory
PID:456

C:\PROGRA~3\Mozilla\gpypjxc.exe
C:\PROGRA~3\Mozilla\gpypjxc.exe -tripsff
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\gpypjxc.exe

Filesize
197KB

MD5
a88698c34360659171aa845cbdd4a176

SHA1
1110d48cce010659bce72a32846baef02c61163b

SHA256
501e75914ff70e317e7fc95ab8872e37d0152d7044972d2786c58d2430eb7fa3

SHA512
0fcaf62e41e20d2e138434c45e8b6076265a4d9e379bc47e7f713f9386aafdffd51c0e6fe100a011689f9ad1657c1518b57e5532e4751fdbb660a1ff7d89b65f

Download Submit
C:\ProgramData\Mozilla\gpypjxc.exe

Filesize
197KB

MD5
a88698c34360659171aa845cbdd4a176

SHA1
1110d48cce010659bce72a32846baef02c61163b

SHA256
501e75914ff70e317e7fc95ab8872e37d0152d7044972d2786c58d2430eb7fa3

SHA512
0fcaf62e41e20d2e138434c45e8b6076265a4d9e379bc47e7f713f9386aafdffd51c0e6fe100a011689f9ad1657c1518b57e5532e4751fdbb660a1ff7d89b65f

Download Submit
memory/456-0-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/456-1-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/456-2-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/456-3-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/456-7-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/696-15-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download