94b35c207c610680316540a74e54bff5ffb4d82abf1cf6f637b00ff1ef1f5b84

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 23:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94b35c207c610680316540a74e54bff5ffb4d82abf1cf6f637b00ff1ef1f5b84.exe
Size

222KB
MD5

4e9daf6221c417603009e75738d49d39
SHA1

553da7ef2a9549c37ba8baef96e9248d588c7336
SHA256

94b35c207c610680316540a74e54bff5ffb4d82abf1cf6f637b00ff1ef1f5b84
SHA512

060c8e04710d140faf03fe46fb5f3a41c452eeb05067902e4a795507cd36482822171980b2d6fa5ef005a92e8d81b3272d723fd11c5fc31a5e704c937c673c72
SSDEEP

3072:A4CgWgTsDAJJRjOV2/pwb5ryT5tlDhB2IFTLFZhh2D+0caj3kyRACi64J:A4Cg3JJF35tlDhB2Cn9ozj+

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
856	crdkdxb.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\crdkdxb.exe	94b35c207c610680316540a74e54bff5ffb4d82abf1cf6f637b00ff1ef1f5b84.exe
File created	C:\PROGRA~3\Mozilla\xczzoaa.dll	crdkdxb.exe

C:\Users\Admin\AppData\Local\Temp\94b35c207c610680316540a74e54bff5ffb4d82abf1cf6f637b00ff1ef1f5b84.exe
"C:\Users\Admin\AppData\Local\Temp\94b35c207c610680316540a74e54bff5ffb4d82abf1cf6f637b00ff1ef1f5b84.exe"
1⤵
- Drops file in Program Files directory
PID:2596

C:\PROGRA~3\Mozilla\crdkdxb.exe
C:\PROGRA~3\Mozilla\crdkdxb.exe -ofessij
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:3960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\crdkdxb.exe

Filesize
222KB

MD5
8509e9aeef0d693855f0343dad616f28

SHA1
23d5af2d169fb0fee9b8c8a890e697fe11aebdaf

SHA256
76059c29b62b80b55b5b3b85e1614048b1347d8fb832e7f5c3ee90583e033791

SHA512
c15f1c1caf54b561ed27465c2bcc1ef3e631bad916a43b4e21b6e3532da6a7812860db061cc4a3a652297c4bca94f4406334d1ddf1c1e7b4ad17335ce5a404c7

Download Submit
memory/856-10-0x0000000000D70000-0x0000000000DCB000-memory.dmp

Filesize
364KB

Download
memory/856-11-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/856-13-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2596-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2596-1-0x0000000002200000-0x000000000225B000-memory.dmp

Filesize
364KB

Download
memory/2596-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2596-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2596-9-0x0000000002200000-0x000000000225B000-memory.dmp

Filesize
364KB

Download