edf53d0f92538bb0c084dc9e23f65fef42525f508311c946274c53a736473df9

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edf53d0f92538bb0c084dc9e23f65fef42525f508311c946274c53a736473df9.exe
Size

142KB
MD5

d29c98f0e99b05f5e982c184ce095da6
SHA1

48e9c913f43cc128a98fc4215e8801d8bffb14b7
SHA256

edf53d0f92538bb0c084dc9e23f65fef42525f508311c946274c53a736473df9
SHA512

44e4b13c852d0355d19933b312cd4645935a6d9fd9d1c7bd6bb6fd3bd261319ed9b5cf77dd5f614442b61470d0c5dca1d0bd2854a844e4114dcbaf9b6d1f4c7f
SSDEEP

3072:JttcarQt7TMOgrcxweQToVFV6qelNJEGJs4xnHIBOpsF0D0zSE9NYRpZwVjdG5up:JttQ3ghoVFV6qelNJ/sioBFYkSNZwVjV

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
5108	xqpnnsb.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\xqpnnsb.exe	edf53d0f92538bb0c084dc9e23f65fef42525f508311c946274c53a736473df9.exe
File created	C:\PROGRA~3\Mozilla\mmqttnn.dll	xqpnnsb.exe

C:\Users\Admin\AppData\Local\Temp\edf53d0f92538bb0c084dc9e23f65fef42525f508311c946274c53a736473df9.exe
"C:\Users\Admin\AppData\Local\Temp\edf53d0f92538bb0c084dc9e23f65fef42525f508311c946274c53a736473df9.exe"
1⤵
- Drops file in Program Files directory
PID:3880

C:\PROGRA~3\Mozilla\xqpnnsb.exe
C:\PROGRA~3\Mozilla\xqpnnsb.exe -cfnkgng
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\xqpnnsb.exe

Filesize
142KB

MD5
08b5d7cde6d75b024e82e7bbccebf882

SHA1
0c5a6f6057f54b1d91638c4f7ff7fb3180a8d14f

SHA256
5bd76ba48d54ec691b9a17a6f55a143e3b0b76c973ac493d9cd3a6b2802b58d5

SHA512
97e964b17a97f0a4bce224472a52dfb5d17e8149a30676874046906770c68ae99175d3a7d23fbabfb675206084b7664eed5d44aacfb3efcc9576eecc2e5ee65c

Download Submit
memory/3880-0-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3880-1-0x00000000009D0000-0x0000000000A2B000-memory.dmp

Filesize
364KB

Download
memory/3880-10-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/5108-9-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/5108-11-0x00000000008D0000-0x000000000092B000-memory.dmp

Filesize
364KB

Download
memory/5108-17-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download