cc2d91ee2b6aaebcf6d045c298433ac845e7b0e5df11a5faf4f85f47f1a554fe

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc2d91ee2b6aaebcf6d045c298433ac845e7b0e5df11a5faf4f85f47f1a554fe.exe
Size

365KB
MD5

16a179dca4c208386da94f9688f141f5
SHA1

6ce39a1afd49593e85141d30b6bcb1808111bdd5
SHA256

cc2d91ee2b6aaebcf6d045c298433ac845e7b0e5df11a5faf4f85f47f1a554fe
SHA512

391bc3854dd61d5778abf6b323157d58a2d3cd767d3d7d4f8d32fe370b02d07fbb2d728643163c877058aa7d90b20c0a04d4e70ea86a1f8b8b5ac0944fb2870c
SSDEEP

3072:ndgTsDAJJRjO2wDEpiLKHuv0FG00/JpR0arsgMHY7H3ey+:nyJJ0wpiWS3+/gnH3t+

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2012	crdkdxb.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\crdkdxb.exe	cc2d91ee2b6aaebcf6d045c298433ac845e7b0e5df11a5faf4f85f47f1a554fe.exe
File created	C:\PROGRA~3\Mozilla\xczzoaa.dll	crdkdxb.exe

C:\Users\Admin\AppData\Local\Temp\cc2d91ee2b6aaebcf6d045c298433ac845e7b0e5df11a5faf4f85f47f1a554fe.exe
"C:\Users\Admin\AppData\Local\Temp\cc2d91ee2b6aaebcf6d045c298433ac845e7b0e5df11a5faf4f85f47f1a554fe.exe"
1⤵
- Drops file in Program Files directory
PID:2432

C:\PROGRA~3\Mozilla\crdkdxb.exe
C:\PROGRA~3\Mozilla\crdkdxb.exe -ofessij
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\crdkdxb.exe

Filesize
365KB

MD5
54d8535e8feae59f99af3ac2c5083399

SHA1
06deba7f51f0276079b3ee8affd9456564bde7a4

SHA256
834e7b4b38c753f4b52b6a4cd4fc4386044be19911660131cad0115d2dc97d49

SHA512
8aa132bb7bd9a8982be1567780763c66b2463f17df4b1d10c3b5b6205e030ae372569b832f70495af4998d24a1b3b8c1bb5b1c76d75a2eb86ef8f04b37af167d

Download Submit
memory/2012-10-0x0000000000DC0000-0x0000000000E1B000-memory.dmp

Filesize
364KB

Download
memory/2012-11-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2012-13-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2432-0-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2432-1-0x00000000021E0000-0x000000000223B000-memory.dmp

Filesize
364KB

Download
memory/2432-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2432-3-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2432-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2432-9-0x00000000021E0000-0x000000000223B000-memory.dmp

Filesize
364KB

Download