d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77

Analysis

max time kernel
31s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
Size

411KB
MD5

05d41c4df0f2cf1545166bad4a3573a0
SHA1

7b20ed3b4d20f41f7ce61dda618256730b450f48
SHA256

d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77
SHA512

ec5e722f0f99ed91c0b64b391d6d9b68de0453eaefd20efc89c69af0c00d93fe542f72a17c59f62c09e9149a7e1dddb2faa5403e98ccb74579ca4665cb3d0217
SSDEEP

12288:UXeKNAQrZl3m+r4NIrOf6Wa0P1zICmfhWPOVfG:UOK+i8+rSyjyOJWPOV

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\cleanmgr.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\sfc.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\regedit.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\RpcPing.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\sc.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\charmap.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\cipher.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\cmmon32.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\gpresult.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\Netplwiz.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\tracerpt.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\TRACERT.EXE	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\wevtutil.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\DWWIN.EXE	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\icardagt.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\tcmsetup.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\fltMC.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\ndadmin.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\prevhost.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\fsutil.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\systeminfo.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\UserAccountControlSettings.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\bootcfg.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\chkdsk.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\chkntfs.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\cmd.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\diskperf.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\printui.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\rasdial.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\ReAgentc.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\regedt32.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\cscript.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\NAPSTAT.EXE	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\Utilman.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\TsWpfWrp.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\autoconv.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\hdwwiz.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\InfDefaultInstall.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\ocsetup.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\perfmon.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\unlodctr.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\fc.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\icsunattend.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\PresentationHost.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\raserver.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\DisplaySwitch.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\findstr.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\schtasks.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\taskmgr.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\makecab.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\ntprint.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\systray.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\wiaacmgr.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\WSManHTTPConfig.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\nslookup.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\relog.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\wuapp.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\ctfmon.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\ddodiag.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\SysWOW64\Dism.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\bfsvc.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\fveupdate.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\hh.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\splwow64.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\twunk_16.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\winhlp32.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\explorer.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\HelpPane.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\notepad.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\twunk_32.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
File opened for modification	C:\Windows\write.exe	d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe

C:\Users\Admin\AppData\Local\Temp\d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe
"C:\Users\Admin\AppData\Local\Temp\d77c953632c82ca8b64082ac0e9ef41735a3524c6a1313f03814acdb0877ff77.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1096-54-0x000000000F000000-0x000000000F0A7B00-memory.dmp

Filesize
670KB

Download
memory/1096-55-0x000000000F000000-0x000000000F0A7B00-memory.dmp

Filesize
670KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads