8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09

Analysis

max time kernel
144s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09.exe
Size

153KB
MD5

067275a3173b1cd26428f62ac90d8fbf
SHA1

e2d607b453172828d563f9659c79691f2fc64d04
SHA256

8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09
SHA512

706a13b1b2bec43b3c8aed50646a90612be0c0a6a4733763eb9b4c08572c4778e0d89a5e9f9bab194ba98d63e1df641fc6c36a09689c8bffd3de992f84a6945f
SSDEEP

3072:LMftVuhLI/Y34erRHjtWrNf/SQhYFAM5vTK3clMdisNDtI1rmU:t0Y3JdjIrNHFHIOiWDKrmU

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
4596	npprbsm.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\yqwyzrf.dll	npprbsm.exe
File created	C:\PROGRA~3\Mozilla\npprbsm.exe	8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09.exe

C:\Users\Admin\AppData\Local\Temp\8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09.exe
"C:\Users\Admin\AppData\Local\Temp\8b950af45d026e18789c05ec82eba1a243f4c89ee5e29409d22d1ec89203ca09.exe"
1⤵
- Drops file in Program Files directory
PID:1624

C:\PROGRA~3\Mozilla\npprbsm.exe
C:\PROGRA~3\Mozilla\npprbsm.exe -eqrcqtf
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\npprbsm.exe

Filesize
153KB

MD5
e7adf66b60efeb5cb813249de0fa4821

SHA1
ea7be714d50957fb8c4c03a2fff6ca152249c368

SHA256
d2d01212ba51dbc757b74e828abc3777b6f2ec8a2a6adbdde38cfcbcdf62c474

SHA512
a1626657b31cb5b3e61e23fd35229d6c9e950deb56c48e9e64207863546381d74fd51e26187dd47c29cd16025a2b15582cbe63d74f13cd785c812d397b1c3c24

Download Submit
memory/1624-0-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1624-1-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1624-2-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1624-6-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4596-9-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4596-10-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4596-15-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download