Analysis Overview
SHA256
76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba
Threat Level: Known bad
The file 76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba was found to be: Known bad.
Malicious Activity Summary
MassLogger
MassLogger Main Payload
Reads user/profile data of web browsers
Checks computer location settings
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Suspicious use of SetThreadContext
Enumerates physical storage devices
outlook_win_path
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
outlook_office_path
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-04-15 08:56
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2022-04-15 08:56
Reported
2022-04-15 11:22
Platform
win10v2004-en-20220113
Max time kernel
132s
Max time network
152s
Command Line
Signatures
MassLogger
MassLogger Main Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2564 set thread context of 3248 | N/A | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Temp\FolderN\name.exe:Zone.Identifier | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe
"C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe"
C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe
"C:/Users/Admin/AppData/Local/Temp/76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c copy "C:/Users/Admin/AppData/Local/Temp/76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe" "%temp%\FolderN\name.exe" /Y
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%temp%\FolderN\name.exe.lnk" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\FolderN\name.exe.lnk" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c echo [zoneTransfer]ZoneID = 2 > %temp%\FolderN\name.exe:Zone.Identifier
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\FolderN\name.exe.bat
C:\Windows\SysWOW64\timeout.exe
timeout /t 300
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba.exe'
Network
| Country | Destination | Domain | Proto |
| US | 8.247.210.254:80 | tcp | |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 3.232.242.170:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | bh-58.webhostbox.net | udp |
| US | 199.79.63.24:587 | bh-58.webhostbox.net | tcp |
| NL | 178.79.208.1:80 | tcp | |
| NL | 178.79.208.1:80 | tcp |
Files
memory/2564-130-0x0000000000E20000-0x0000000000ECC000-memory.dmp
memory/2564-131-0x0000000005800000-0x000000000589C000-memory.dmp
memory/3248-132-0x0000000000000000-mapping.dmp
memory/3248-134-0x0000000000500000-0x0000000000586000-memory.dmp
memory/5072-135-0x0000000000000000-mapping.dmp
memory/4116-136-0x0000000000000000-mapping.dmp
memory/4056-137-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\FolderN\name.exe
| MD5 | bd3418b1fef079b20bee903645a3a1e6 |
| SHA1 | f4914dae7b7677f527b39ed6a581849d2c64fd96 |
| SHA256 | 76c77083a255a33c0f87189398ea25c36d313b1f79ad85304986312a724b58ba |
| SHA512 | 6f226069eca220ff74263d99e0ec284b6390a7a598f52002b4a0c3064f0af9aa44756047e4266528b50a2d3ecb9892359fec0768c0f28ffd8c171b4721363570 |
memory/3392-139-0x0000000000000000-mapping.dmp
memory/1432-140-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\FolderN\name.exe.bat
| MD5 | bfcbf382f036462e63f307ca4ae280c7 |
| SHA1 | ffe98d15fa5ea205220d6bc105e317253a6ea003 |
| SHA256 | 2c3dd84c3ce3e529117e611d8caf4fc7f5a902840350f4ca524c251a2152c727 |
| SHA512 | 1b912652cc989541b396df5fd6bf207a4cf4ed891dc6e3223b8d0497c19a2589cb644c4c96ca01d882a7643f240c566966d84e46d77e9ad33e05214f8f553d16 |
memory/3808-142-0x0000000000000000-mapping.dmp
memory/3248-143-0x0000000004E70000-0x0000000004F02000-memory.dmp
memory/3248-144-0x00000000054C0000-0x0000000005A64000-memory.dmp
memory/3248-145-0x0000000005D60000-0x0000000005DC6000-memory.dmp
memory/4084-146-0x0000000000000000-mapping.dmp
memory/3248-147-0x00000000066C0000-0x0000000006710000-memory.dmp
memory/3248-148-0x0000000006690000-0x000000000669A000-memory.dmp
memory/3248-149-0x0000000004A23000-0x0000000004A25000-memory.dmp
memory/4084-150-0x0000000004C10000-0x0000000004C46000-memory.dmp
memory/4084-151-0x00000000053D0000-0x00000000059F8000-memory.dmp
memory/4084-152-0x0000000005350000-0x0000000005372000-memory.dmp
memory/4084-153-0x0000000005A70000-0x0000000005AD6000-memory.dmp
memory/4084-154-0x00000000061F0000-0x000000000620E000-memory.dmp
memory/4084-155-0x00000000067B0000-0x00000000067E2000-memory.dmp
memory/4084-156-0x000000006F500000-0x000000006F54C000-memory.dmp
memory/4084-157-0x0000000006790000-0x00000000067AE000-memory.dmp
memory/4084-158-0x0000000004D95000-0x0000000004D97000-memory.dmp
memory/4084-159-0x0000000007B40000-0x00000000081BA000-memory.dmp
memory/4084-160-0x00000000074F0000-0x000000000750A000-memory.dmp
memory/4084-161-0x0000000007560000-0x000000000756A000-memory.dmp
memory/4084-162-0x0000000007750000-0x00000000077E6000-memory.dmp
memory/4084-163-0x0000000007730000-0x000000000773E000-memory.dmp
memory/4084-164-0x0000000007840000-0x000000000785A000-memory.dmp
memory/4084-165-0x0000000007820000-0x0000000007828000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-15 08:56
Reported
2022-04-15 11:17
Platform
win7-20220331-en