3a2b30d53d38ebbbf7536d332a1c6417b7b0767991397e69da8aebf230e531b5

Analysis

max time kernel
90s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4723f8c1a35bc7a9fe267e956991ef30N.exe
Size

147KB
MD5

4723f8c1a35bc7a9fe267e956991ef30
SHA1

ed6a9d06ddf77f86f1e9db18b9902623fb9385bc
SHA256

3a2b30d53d38ebbbf7536d332a1c6417b7b0767991397e69da8aebf230e531b5
SHA512

a934244e265b685aa39d1f5a2ac66fe4af1ad1542a93c5ab43d90f8548f59be8e1100592bedbefaad26f52a6ab3b9a598660959b956b721a40bf46c72a4effef
SSDEEP

3072:lVMfMIbIww3J9EO3ak5J6KPaGyIlv24e9S+BC3K5eqU+BC3K5eqYroGO:wfMmqN3ndfrI9cK70K7X

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
persistence privilege_escalation

AppInit DLLs
T1546.010

Executes dropped EXE 1 IoCs

pid	Process
2632	ciuplwl.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\ciuplwl.exe	4723f8c1a35bc7a9fe267e956991ef30N.exe
File created	C:\PROGRA~3\Mozilla\blmjtme.dll	ciuplwl.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4723f8c1a35bc7a9fe267e956991ef30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ciuplwl.exe

C:\Users\Admin\AppData\Local\Temp\4723f8c1a35bc7a9fe267e956991ef30N.exe
"C:\Users\Admin\AppData\Local\Temp\4723f8c1a35bc7a9fe267e956991ef30N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1856

C:\PROGRA~3\Mozilla\ciuplwl.exe
C:\PROGRA~3\Mozilla\ciuplwl.exe -jsdrsnk
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Privilege Escalation

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\ciuplwl.exe

Filesize
147KB

MD5
8f2afa754e89069d121a1a781be9e444

SHA1
6a38ebbbad8c6d6bda4cb02ad110a18d0ebe55ad

SHA256
d740a50178c0ac9910847bd0d76a08f5df0f9f180a6d1e60979230cae6df23ce

SHA512
048655a041cb66af937fb8c1194ded95bb2b38687007d2446fd0baca24e82f198e4c47affdc8000e9310844f55a9f9b8cbb65a53ffc15222903fe07c203bfb25

Download Submit