5bac26b7c053ed6f5f1e80a6d80af5a8ba06fa4dbe729afa460928647549c2e4

Analysis

max time kernel
163s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25b2ac7c9068c0ca61277bdedc469fc4.exe
Size

147KB
MD5

25b2ac7c9068c0ca61277bdedc469fc4
SHA1

9b1a7136f131c0ab657325e7e424558160f7c5e6
SHA256

5bac26b7c053ed6f5f1e80a6d80af5a8ba06fa4dbe729afa460928647549c2e4
SHA512

c6554bd9bcf78b562c59756ec408f86b81fb1f15c496313438161ceff0c19b9250cf9cd0e23c6634f7a565b2b51ecee167f9fe0c9773021d1f1642ecc50d01c3
SSDEEP

3072:yA4GU4QVmTIVPE7YaXYCfNicisIIMQgqoMNw21cuFQaArhGOU1nmi5GuMj:yF4OVPasyFQaAUn+uMj

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
1932	crdkdxb.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\crdkdxb.exe	25b2ac7c9068c0ca61277bdedc469fc4.exe
File created	C:\PROGRA~3\Mozilla\xczzoaa.dll	crdkdxb.exe

C:\Users\Admin\AppData\Local\Temp\25b2ac7c9068c0ca61277bdedc469fc4.exe
"C:\Users\Admin\AppData\Local\Temp\25b2ac7c9068c0ca61277bdedc469fc4.exe"
1⤵
- Drops file in Program Files directory
PID:4936

C:\PROGRA~3\Mozilla\crdkdxb.exe
C:\PROGRA~3\Mozilla\crdkdxb.exe -ofessij
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\crdkdxb.exe

Filesize
147KB

MD5
c0b1c1b07d00b3423c5bd86ea51370d3

SHA1
916da00f3a0d5616328e7a8d7bfdac9a883cf34b

SHA256
e3ce099a52118d2f47f1b88cbe6a263c5d279f8b10ff52e4e6cfb5cb72a0cfcb

SHA512
188f746a46d007fc0beb4319d36bb58b464a299c4a8bf996db84732b0dab062a9a82df59436394831765655d79dab04a1ca71de20814a1dd827bbaef1cf1602f

Download Submit
memory/1932-12-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1932-13-0x0000000000D10000-0x0000000000D6B000-memory.dmp

Filesize
364KB

Download
memory/1932-18-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4936-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4936-1-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4936-2-0x0000000002170000-0x00000000021CB000-memory.dmp

Filesize
364KB

Download
memory/4936-8-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download