Analysis
-
max time kernel
5s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
14-05-2021 06:04
Static task
static1
Behavioral task
behavioral1
Sample
d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
-
Size
3.7MB
-
MD5
73eb70ca5994df6e2766bb5b799f04ec
-
SHA1
dbccf45a2dd780ab31a13f2136f82c4f3a17906e
-
SHA256
d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c
-
SHA512
1346f92dc34801108ca10777fa7b9e3c134334eacc05c9a31052a9a0505787febd4a1beafb1bb46e5a87a433af33d3cd3f333cc72673149040127a1e6b148b14
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 64 IoCs
Processes:
d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-471 = "Ekaterinburg Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-191 = "Mountain Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-552 = "North Asia Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-231 = "Hawaiian Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-841 = "Argentina Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-82 = "Atlantic Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-692 = "Tasmania Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-651 = "AUS Central Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-172 = "Central Standard Time (Mexico)" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-182 = "Mountain Standard Time (Mexico)" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-441 = "Arabian Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-215 = "Pacific Standard Time (Mexico)" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-1042 = "Ulaanbaatar Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-722 = "Central Pacific Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-252 = "Dateline Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-491 = "India Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-842 = "Argentina Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-421 = "Russian Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-981 = "Kamchatka Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-332 = "E. Europe Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-932 = "Coordinated Universal Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-292 = "Central European Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-1041 = "Ulaanbaatar Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-261 = "GMT Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-741 = "New Zealand Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-592 = "Malay Peninsula Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-251 = "Dateline Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-361 = "GTB Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-1472 = "Magadan Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-791 = "SA Western Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-562 = "SE Asia Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-532 = "Sri Lanka Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-691 = "Tasmania Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-461 = "Afghanistan Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-211 = "Pacific Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-12 = "Azores Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-352 = "FLE Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-222 = "Alaskan Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-442 = "Arabian Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-372 = "Jerusalem Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-631 = "Tokyo Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-262 = "GMT Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-962 = "Paraguay Standard Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-201 = "US Mountain Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\C:\Windows\system32\,@tzres.dll,-731 = "Fiji Daylight Time" d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exepid process 484 d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exedescription pid process Token: SeDebugPrivilege 484 d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe Token: SeImpersonatePrivilege 484 d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe"C:\Users\Admin\AppData\Local\Temp\d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe"C:\Users\Admin\AppData\Local\Temp\d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe"2⤵
- Modifies data under HKEY_USERS