ac9b3a4d0ff2d195e5d136677fd4d37bf9c74e93c9edd4c2ce99626327060a3c

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2024, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac9b3a4d0ff2d195e5d136677fd4d37bf9c74e93c9edd4c2ce99626327060a3c.exe
Size

199KB
MD5

6a0164f987c8d70f360aa83d03b8fa02
SHA1

10c683138138fd52ae533da01a77cf3a547297b1
SHA256

ac9b3a4d0ff2d195e5d136677fd4d37bf9c74e93c9edd4c2ce99626327060a3c
SHA512

202daae824240030d9e1052bfc39fcf175ec2c21a5123dbba5567c8a86501275ef361967712c041111bf329199796505b1e97e2416b8a944fea9ab23eb66a848
SSDEEP

3072:xVZfqjEqn8g0+lWjL0T+HCQcdLo5BHYjDcU3Hrrg:TZfHq8n+sL6+fcdkB4jAgg

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
468	lmzjuzl.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\lmzjuzl.exe	ac9b3a4d0ff2d195e5d136677fd4d37bf9c74e93c9edd4c2ce99626327060a3c.exe
File created	C:\PROGRA~3\Mozilla\yxbjhae.dll	lmzjuzl.exe

C:\Users\Admin\AppData\Local\Temp\ac9b3a4d0ff2d195e5d136677fd4d37bf9c74e93c9edd4c2ce99626327060a3c.exe
"C:\Users\Admin\AppData\Local\Temp\ac9b3a4d0ff2d195e5d136677fd4d37bf9c74e93c9edd4c2ce99626327060a3c.exe"
1⤵
- Drops file in Program Files directory
PID:2560

C:\PROGRA~3\Mozilla\lmzjuzl.exe
C:\PROGRA~3\Mozilla\lmzjuzl.exe -qqbypme
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\lmzjuzl.exe

Filesize
199KB

MD5
41c29f81a40e53cfa9123369fe6da2c7

SHA1
2a50ee551f7906ddce5670eaebce3b23c271d75c

SHA256
dc25e4655a329381b902db7b81e0869b19c44ce3a980b93c0f0090121e6abb5e

SHA512
b602d2de8a74704a55403048976b2838a4fc2cc930233d1c23f3581e124b1bbf0ae6320f607b8e0c77b71072743b9b8f64bfaa5dffa9a53e04094d80d92683c6

Download Submit
memory/468-10-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/468-11-0x0000000000CE0000-0x0000000000D3B000-memory.dmp

Filesize
364KB

Download
memory/2560-0-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2560-1-0x0000000001FA0000-0x0000000001FFB000-memory.dmp

Filesize
364KB

Download