0c30b2526424377599435b172f39a3278bdc91a38f07c38fb39c31d82ada8a68

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c30b2526424377599435b172f39a3278bdc91a38f07c38fb39c31d82ada8a68.exe
Size

183KB
MD5

2935f5ded0da7b053f994bec9fb6875c
SHA1

cb987c012ee47cff80111b132bd0fc0c031841b5
SHA256

0c30b2526424377599435b172f39a3278bdc91a38f07c38fb39c31d82ada8a68
SHA512

f5a0249b41c23551eb48e93425892af2b5fa7eeb481e5652055ec3b686638d191afcd76e7df80b7f44d3a54409401f22ace6c60389285c94da0e31fbe46d80ca
SSDEEP

3072:6wxPlpDVfFQI2+o/lHBo7QemfNAqpMBmIyp/mLevqbpiTR:LxtaIQ6vgjVl

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
4768	fwjctpb.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fwjctpb.exe	0c30b2526424377599435b172f39a3278bdc91a38f07c38fb39c31d82ada8a68.exe
File created	C:\PROGRA~3\Mozilla\jqvifpn.dll	fwjctpb.exe

C:\Users\Admin\AppData\Local\Temp\0c30b2526424377599435b172f39a3278bdc91a38f07c38fb39c31d82ada8a68.exe
"C:\Users\Admin\AppData\Local\Temp\0c30b2526424377599435b172f39a3278bdc91a38f07c38fb39c31d82ada8a68.exe"
1⤵
- Drops file in Program Files directory
PID:4392

C:\PROGRA~3\Mozilla\fwjctpb.exe
C:\PROGRA~3\Mozilla\fwjctpb.exe -qdcpmcc
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\fwjctpb.exe

Filesize
183KB

MD5
04dc4d9f7dc919c68711bd92ca99174d

SHA1
9ccd8a54e1df0771fc7c35ee0ac496d15661d203

SHA256
b1047ce4272fe2590ea2a0b665d895266d1e1bd0fe04cbb319077e0898e5f5cf

SHA512
0d35d1bda013324b24c04501ab248c22db01c1f956dcdc866f51ea99ad54a85bdc5096aa7ae017432e382ef562db8a5c74473ea27e590a53103b66f62b8f9262

Download Submit
memory/4392-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4392-1-0x00000000021B0000-0x000000000220B000-memory.dmp

Filesize
364KB

Download
memory/4392-9-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4768-10-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4768-11-0x0000000000E60000-0x0000000000EBB000-memory.dmp

Filesize
364KB

Download
memory/4768-17-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download