e468197214441e1317b7f792064ebea12a0b7dafea145c827a4565ee0aa7b4a7

Analysis

max time kernel
113s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e468197214441e1317b7f792064ebea12a0b7dafea145c827a4565ee0aa7b4a7.exe
Size

150KB
MD5

18cb91f5673a191fe542cdfd294db83f
SHA1

851a6b9b682c64da979ab9cbdcc287e900298d73
SHA256

e468197214441e1317b7f792064ebea12a0b7dafea145c827a4565ee0aa7b4a7
SHA512

1e5120cc499509f743a8f195f8cbb55857c26dc17321103be16e9b1bed53d594851ae15d08f709ecd8061feeefff1cabd2b9d54a45d06ff7a91f1d0556868d4e
SSDEEP

3072:h/BH9p/3K+AEkzgXrGqJM4qd3bGjhkqsXbK:hR9pTAEkz6rGq4Bbq22

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
3028	xrwomfe.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\xrwomfe.exe	e468197214441e1317b7f792064ebea12a0b7dafea145c827a4565ee0aa7b4a7.exe
File created	C:\PROGRA~3\Mozilla\xblkzla.dll	xrwomfe.exe

C:\Users\Admin\AppData\Local\Temp\e468197214441e1317b7f792064ebea12a0b7dafea145c827a4565ee0aa7b4a7.exe
"C:\Users\Admin\AppData\Local\Temp\e468197214441e1317b7f792064ebea12a0b7dafea145c827a4565ee0aa7b4a7.exe"
1⤵
- Drops file in Program Files directory
PID:4304

C:\PROGRA~3\Mozilla\xrwomfe.exe
C:\PROGRA~3\Mozilla\xrwomfe.exe -cybdupc
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1304 --field-trial-handle=2256,i,18272763564106695635,11201593968620719822,262144 --variations-seed-version /prefetch:8
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\xrwomfe.exe

Filesize
150KB

MD5
a47862cbb964e379bb51e7eddca0fd85

SHA1
cc007ab1b6540ab616798c2c39437ff4db46df75

SHA256
f6433cd2fcf1d4699867a8abaeca4185f8c063bb0ab64c3e6c26ca2e6e6faef6

SHA512
cd595abf00530e180218bb2d7f85a56a40d4a29ee346dec93428fb81e8257071f9eaa159250041ae74e9c8576ea163d45b31a55deae5cd79a70f03bcfd5f306c

Download Submit
memory/3028-11-0x0000000000D10000-0x0000000000D6B000-memory.dmp

Filesize
364KB

Download
memory/3028-17-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4304-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4304-1-0x00000000021C0000-0x000000000221B000-memory.dmp

Filesize
364KB

Download
memory/4304-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download