9f872293b7b32df6933a8657c66a699a54501fb20a9faa9d0156a464baf38017

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VirusShare_aca4a3ca920ff0313cf1b2088897dc40.exe
Size

447KB
MD5

aca4a3ca920ff0313cf1b2088897dc40
SHA1

2a9be876910cafacb97b231cd93f3ad2e51762ce
SHA256

9f872293b7b32df6933a8657c66a699a54501fb20a9faa9d0156a464baf38017
SHA512

a4c3cde96cb0fc0f44bff96ceb7acb8fcfc32bfd38c8072188e578a258262faa133ab007a48d0fbbbd28b134f3ca0fecd8c7128fa84b7e2ffec994f99f529e7b
SSDEEP

6144:PoB3dxc3KfaglVYNxsB+pREpqqBdSNNPSO+8y90Pz/Tr/LyY2i8AyW+uCarimksk:FmuWpqlNPSO+NGzLSZiHF46bHsii

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
4972	fpqupif.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fpqupif.exe	VirusShare_aca4a3ca920ff0313cf1b2088897dc40.exe
File created	C:\PROGRA~3\Mozilla\eghenjl.dll	fpqupif.exe

C:\Users\Admin\AppData\Local\Temp\VirusShare_aca4a3ca920ff0313cf1b2088897dc40.exe
"C:\Users\Admin\AppData\Local\Temp\VirusShare_aca4a3ca920ff0313cf1b2088897dc40.exe"
1⤵
- Drops file in Program Files directory
PID:2396

C:\PROGRA~3\Mozilla\fpqupif.exe
C:\PROGRA~3\Mozilla\fpqupif.exe -ewcakpi
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fpqupif.exe

Filesize
447KB

MD5
66f823d8f921563aa90d229765b4bb91

SHA1
ef0864bfa3028ddb4bd83f7fb12b2d75fd67aa92

SHA256
0d3792cbbca21299983c00614a202ccb32868702beb453e2fa7ff806ef820441

SHA512
c3291f6f9940323faa53cb918350cf8eb77fba1e6fbca7f3f020e7af9a6c03cd0d92f3c56f4f0e262a9c3e4488a05294fde0e81978bb3c6b6f5f82e13ef1ebaa

Download Submit
memory/2396-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2396-1-0x0000000001FB0000-0x000000000200B000-memory.dmp

Filesize
364KB

Download
memory/2396-10-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4972-9-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4972-11-0x0000000000C80000-0x0000000000CDB000-memory.dmp

Filesize
364KB

Download
memory/4972-17-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download