31ac992ed6018bbfbd473533f8240893bb0cd96c27fe0d504efe2ed557caeaa2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-08-2024 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31ac992ed6018bbfbd473533f8240893bb0cd96c27fe0d504efe2ed557caeaa2.exe
Size

182KB
MD5

5f357863a24f589f962dba178edd7252
SHA1

aef5bb364b673c6be838179e10fc3a40a03771f8
SHA256

31ac992ed6018bbfbd473533f8240893bb0cd96c27fe0d504efe2ed557caeaa2
SHA512

4befef90b071945f9a3185a6ac0bdee14207f941237a97ff08f2dd00bed735da1269f82a924c5684745bd046dae1518e0e15db3f4f6dc0947c4c65c8b53bfeb3
SSDEEP

3072:h6tchyinW3kgIhxGYzwK9YF8xjnw89JnszQcJdXO9o:ein4kXxxzwQYF8xF52dXr

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
persistence privilege_escalation

AppInit DLLs
T1546.010

Executes dropped EXE 1 IoCs

pid	Process
4612	oxfesge.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\oxfesge.exe	31ac992ed6018bbfbd473533f8240893bb0cd96c27fe0d504efe2ed557caeaa2.exe
File created	C:\PROGRA~3\Mozilla\knwlldl.dll	oxfesge.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	oxfesge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	31ac992ed6018bbfbd473533f8240893bb0cd96c27fe0d504efe2ed557caeaa2.exe

C:\Users\Admin\AppData\Local\Temp\31ac992ed6018bbfbd473533f8240893bb0cd96c27fe0d504efe2ed557caeaa2.exe
"C:\Users\Admin\AppData\Local\Temp\31ac992ed6018bbfbd473533f8240893bb0cd96c27fe0d504efe2ed557caeaa2.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3496

C:\PROGRA~3\Mozilla\oxfesge.exe
C:\PROGRA~3\Mozilla\oxfesge.exe -kphntge
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Privilege Escalation

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\oxfesge.exe

Filesize
182KB

MD5
467035e71419a223bb064aeccc162290

SHA1
69c6b352e72ebbc7805a3ad1e6a59af0224968a3

SHA256
3fb54617e3b47b01fb3a1fae51478a02bb259d820dde0561fa3d578aa3003e9f

SHA512
7550817bbd8aa3558eabf3da3a62fb3a302cf2fc6e7baf43f88483bb5500953e11c542958da1afbc0848b2724028d08414ff69aa8f6d6fdb8517451e22b38eb2

Download Submit
memory/3496-0-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3496-1-0x00000000021E0000-0x000000000223B000-memory.dmp

Filesize
364KB

Download
memory/3496-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3496-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3496-8-0x00000000021E0000-0x000000000223B000-memory.dmp

Filesize
364KB

Download
memory/4612-10-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/4612-11-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/4612-13-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download