e1f41237f1d1c86715432ade9d7d80f963a77cc83383a5d68fadda0f246c5ecf

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1f41237f1d1c86715432ade9d7d80f963a77cc83383a5d68fadda0f246c5ecf.exe
Size

390KB
MD5

52a06ad86bc5107b2dc82ddb19b114de
SHA1

a904f4063ec9b7d20073d05c0475140d5c77c5e9
SHA256

e1f41237f1d1c86715432ade9d7d80f963a77cc83383a5d68fadda0f246c5ecf
SHA512

4478ed04627500d073c353a5cd0545f9f2bfdff8e60722f2f74e9acff2f40b91ac8968248c83369a9eff32853e181a6e27450caa1d70e331a2e093bcd9984c83
SSDEEP

3072:NlYwDUWyFcB9fu+JMl2uU82Ws7f9sjboPACTQembG4hWp:NlfD1Yc7GIBgbzjbfLh2

Score

9^/10

persistence

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 2 IoCs

resource	yara_rule
behavioral2/memory/4920-0-0x0000000000400000-0x0000000000466000-memory.dmp	INDICATOR_EXE_Packed_MPress
behavioral2/files/0x0003000000022d25-7.dat	INDICATOR_EXE_Packed_MPress

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2056	crdkdxb.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\xczzoaa.dll	crdkdxb.exe
File created	C:\PROGRA~3\Mozilla\crdkdxb.exe	e1f41237f1d1c86715432ade9d7d80f963a77cc83383a5d68fadda0f246c5ecf.exe

C:\Users\Admin\AppData\Local\Temp\e1f41237f1d1c86715432ade9d7d80f963a77cc83383a5d68fadda0f246c5ecf.exe
"C:\Users\Admin\AppData\Local\Temp\e1f41237f1d1c86715432ade9d7d80f963a77cc83383a5d68fadda0f246c5ecf.exe"
1⤵
- Drops file in Program Files directory
PID:4920

C:\PROGRA~3\Mozilla\crdkdxb.exe
C:\PROGRA~3\Mozilla\crdkdxb.exe -ofessij
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\crdkdxb.exe

Filesize
390KB

MD5
33aefb984beb1a11546770dbf7d03f76

SHA1
edadac40057afdf89c1328ef9fe47c32d0b2b57f

SHA256
c3836237cdb978edf494cb554d5afe020127a34a8596610297d7d4a659551608

SHA512
78aae27c389da3a0523d36410d77cb95520ecdd0f88ae1fefce65286dd85e81197b0712341eaa72e58ed683a32ca661aa335572bc3b08d2a7fcde5f07ca46572

Download Submit
memory/2056-10-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2056-14-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4920-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4920-1-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/4920-2-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4920-5-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4920-8-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download