dee2fea0a9c2acea1244739b25751a8aeea1e5ff9cf4590a7187465330ab2de4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 03:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dee2fea0a9c2acea1244739b25751a8aeea1e5ff9cf4590a7187465330ab2de4.exe
Size

131KB
MD5

5b53fc484ff9d8e5a316b7423d9537d4
SHA1

8956d9754542da3e1e72a853987a0e53ce9a8aab
SHA256

dee2fea0a9c2acea1244739b25751a8aeea1e5ff9cf4590a7187465330ab2de4
SHA512

be6ae9ecd4565631de905555a39ec9dd2728b6ffb2354187ab3c3837eede5990c3246b9df06c3e2e2239c8430843ec61c4ad1af88dce86104df6145b7f65761d
SSDEEP

1536:xwJAw8P1JH+bZSnQUAwQbgL4O1tyVBtcN9Lh/VJRCJwVOK3tnbqBDldHazJeLnfg:xiGJH+nUAwQ8/vJP1aB9awL3ubUl8W8N

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
4744	ktyqhhb.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\ktyqhhb.exe	dee2fea0a9c2acea1244739b25751a8aeea1e5ff9cf4590a7187465330ab2de4.exe
File created	C:\PROGRA~3\Mozilla\ixnvdrc.dll	ktyqhhb.exe

C:\Users\Admin\AppData\Local\Temp\dee2fea0a9c2acea1244739b25751a8aeea1e5ff9cf4590a7187465330ab2de4.exe
"C:\Users\Admin\AppData\Local\Temp\dee2fea0a9c2acea1244739b25751a8aeea1e5ff9cf4590a7187465330ab2de4.exe"
1⤵
- Drops file in Program Files directory
PID:3744

C:\PROGRA~3\Mozilla\ktyqhhb.exe
C:\PROGRA~3\Mozilla\ktyqhhb.exe -arwhcpc
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\ktyqhhb.exe

Filesize
131KB

MD5
4d3b0104d1a3c30b1167cbc30eb8b8a6

SHA1
6da3d3fb2e293c8e8dedfed03d6ec038ad27ec8b

SHA256
fd1783ac59adc0365f9b65ac74e20d8b4d98c3b6db02b46eb2a89d509d1de826

SHA512
878de51d4f1434e090d020bada7cf8617e80afb40c4c4e93d643ba2d4bfd17aafe0b20c823720dd3a86446f3922e7ae516008d92156c3752076e681ff96d759e

Download Submit
memory/3744-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3744-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/3744-2-0x0000000002100000-0x000000000215B000-memory.dmp

Filesize
364KB

Download
memory/3744-3-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3744-9-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3744-12-0x0000000002100000-0x000000000215B000-memory.dmp

Filesize
364KB

Download
memory/4744-7-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/4744-8-0x0000000000600000-0x000000000065B000-memory.dmp

Filesize
364KB

Download
memory/4744-11-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4744-14-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download