8881bbd066f3f8811b5ada9b9841aa910bfbe659f5fa585c0228b88d1c193313

Analysis

max time kernel
146s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8881bbd066f3f8811b5ada9b9841aa910bfbe659f5fa585c0228b88d1c193313.exe
Size

170KB
MD5

22966a7caace817a65ce281e538da130
SHA1

b75e3bc1d4c059403ade2d56133f022a05059ab1
SHA256

8881bbd066f3f8811b5ada9b9841aa910bfbe659f5fa585c0228b88d1c193313
SHA512

d8fc463f9ecc42b41f7c039fcb7f12db12766df9d1c32066e8c94ef91a0b9611bd562ad48eba160ca41198cb9ca3de97d93dcde208874b47510939c82aec084a
SSDEEP

3072:dwUtuJp5sgLMnwEK/wZX+xNIidFh8VaSM3eF4MitAdJ3+pJ156:dwUtuD5FYnwEftCNIidr+k3qquJSPw

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
3144	cpqnwfa.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\cpqnwfa.exe	8881bbd066f3f8811b5ada9b9841aa910bfbe659f5fa585c0228b88d1c193313.exe
File created	C:\PROGRA~3\Mozilla\czsujhg.dll	cpqnwfa.exe

C:\Users\Admin\AppData\Local\Temp\8881bbd066f3f8811b5ada9b9841aa910bfbe659f5fa585c0228b88d1c193313.exe
"C:\Users\Admin\AppData\Local\Temp\8881bbd066f3f8811b5ada9b9841aa910bfbe659f5fa585c0228b88d1c193313.exe"
1⤵
- Drops file in Program Files directory
PID:3924

C:\PROGRA~3\Mozilla\cpqnwfa.exe
C:\PROGRA~3\Mozilla\cpqnwfa.exe -lhvfjoj
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\cpqnwfa.exe

Filesize
170KB

MD5
5994656785aaccde2215366e87441eb1

SHA1
f94589d942b6e77fc077add265327d0179618e74

SHA256
a5ebd6107c30816ec3ffa0d2001e772b351b32f6bdc40b6b2b39435d5b69bf9b

SHA512
5c8de5a92b829fd36a24844223e156f0a8b63391327cf6ab235293e26dbf2fb6b1f09ad41d15ce2ba987871727eceea37629863a0e11e2551449a399b4633398

Download Submit
memory/3144-10-0x0000000000D30000-0x0000000000D8B000-memory.dmp

Filesize
364KB

Download
memory/3144-16-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3924-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3924-1-0x00000000021B0000-0x000000000220B000-memory.dmp

Filesize
364KB

Download
memory/3924-8-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download