Analysis
-
max time kernel
23s -
max time network
116s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
05-05-2021 02:51
Static task
static1
Behavioral task
behavioral1
Sample
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe
-
Size
3.8MB
-
MD5
aaefc0480def364bddc8b77efd1e9298
-
SHA1
985c945b1959453084e4f5e8eedf1cce03cd6b43
-
SHA256
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438
-
SHA512
197d81e5a47e845048bbb7a358fa7842df85542dddba82266bd91448aebb196a32081537c47885311c3f30b00b2028ae812b2e1c878a040ac65e654fa8bcee88
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
Processes:
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exedescription ioc process File opened for modification C:\windows\SysWOW64\drivers\spo0lve.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\windows\SysWOW64\drivers\spo0lve.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\spron = "C:\\Users\\Admin\\AppData\\Local\\Temp/7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe" 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pigdesk.bmp" 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe -
Drops file in Program Files directory 64 IoCs
Processes:
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exedescription ioc process File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\java-rmi.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Windows Media Player\wmpnscfg.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Windows Defender\MpCmdRun.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Internet Explorer\ielowutil.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\rmid.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\JoinReset.rar 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Internet Explorer\iediagcmd.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\7-Zip\7zG.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Windows Defender\MSASCuiL.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Common Files\Services\verisign.bmp 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\unpack200.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointPortalSite.ico 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome_pwa_launcher.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\javacpl.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\keytool.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\[email protected] 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Windows Photo Viewer\ImagingDevices.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\tnameserv.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_MoveDrop32x32.gif 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\invalid32x32.gif 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Windows Mail\wabmig.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\kinit.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoia.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Windows Media Player\wmpconfig.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\msotd.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File created C:\Program Files\Windows Defender\NisSrv.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\7-Zip\7z.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe -
Modifies Control Panel 2 IoCs
Processes:
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Control Panel\Desktop\WallpaperStyle = "2" 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe Set value (str) \REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Control Panel\Desktop\TileWallpaper = "2" 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe -
Suspicious behavior: EnumeratesProcesses 50 IoCs
Processes:
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exepid process 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exepid process 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe 3952 7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe"C:\Users\Admin\AppData\Local\Temp\7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe"1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3952