3bd0db556a77bf971cd8193dd3e4889903786ca049f4c7b158c0b44883784073

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bd0db556a77bf971cd8193dd3e4889903786ca049f4c7b158c0b44883784073.exe
Size

246KB
MD5

b675fa9861767c5fef06d220d569daea
SHA1

fd652c79162138672c00e0898dbcea58ee5cbafe
SHA256

3bd0db556a77bf971cd8193dd3e4889903786ca049f4c7b158c0b44883784073
SHA512

6fbcf2cc9a1f069934892d2e530746532ffb8b7046eae61abe2f387e340b9eda36a3ee3b1593d3d1f0cabc574e4ad7f46ec4de762e904cdca6529c2abc6bcfec
SSDEEP

3072:vUx9UjrL5vSfmVQli2RP5gYjUESE6asU9Jr/Dl6cj:vWUTxSfmV6hRRgHI6I9hrlb

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
3676	lrjbnqc.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\lrjbnqc.exe	3bd0db556a77bf971cd8193dd3e4889903786ca049f4c7b158c0b44883784073.exe
File created	C:\PROGRA~3\Mozilla\vbwqqmn.dll	lrjbnqc.exe

C:\Users\Admin\AppData\Local\Temp\3bd0db556a77bf971cd8193dd3e4889903786ca049f4c7b158c0b44883784073.exe
"C:\Users\Admin\AppData\Local\Temp\3bd0db556a77bf971cd8193dd3e4889903786ca049f4c7b158c0b44883784073.exe"
1⤵
- Drops file in Program Files directory
PID:380

C:\PROGRA~3\Mozilla\lrjbnqc.exe
C:\PROGRA~3\Mozilla\lrjbnqc.exe -lihtnse
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\lrjbnqc.exe

Filesize
246KB

MD5
8e2a233ebd63763ea2621afc10336398

SHA1
70320643e07d0df8bd64360b554573a618745a4f

SHA256
367374d5a8420f18cf716291d52d9d7b5177f1ccd0a8b3dbfbc5b40279752034

SHA512
03efc56d01790d10ef848de72f8880a75959cfd1b8507dcc992f4e47091d21f31ecc49891db4d33314595291b1799a4b9f36f1e4db3aead0ab01e63a685b1205

Download Submit
memory/380-0-0x00000000020C0000-0x000000000211B000-memory.dmp

Filesize
364KB

Download
memory/380-1-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/380-9-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3676-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3676-5-0x0000000000710000-0x000000000076B000-memory.dmp

Filesize
364KB

Download
memory/3676-11-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download