8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f

Analysis

max time kernel
36s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
Size

82KB
MD5

66d2daa17e6a37412cbcd728ab31a060
SHA1

42d623e24db1256199532b96ee9dce30e1785712
SHA256

8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f
SHA512

75b782c66368295222323ea20afad0b6175c92756765958ec031196098e42f7975cfa8f8bf5017828453f1a12585c0d5384f9c2c6d5f683dd2e02d56c5c5526f
SSDEEP

1536:WgoGd9cKL+n9ZBCcaNWKjiHQ6zS/iZwOY6zLRKycT:WE9cKL+9ZUlsKjUHZTzLRKfT

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\TRACERT.EXE	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\colorcpl.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\DevicePairingWizard.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\dplaysvr.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\extrac32.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\SndVol.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\typeperf.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\bitsadmin.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\credwiz.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\fltMC.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\mountvol.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\sdiagnhost.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\recover.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\mtstocom.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\sethc.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\CertEnrollCtrl.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\fsutil.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\regini.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\RpcPing.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\attrib.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\WPDShextAutoplay.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\runas.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\systray.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\diskperf.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\dpnsvr.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\ndadmin.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\regsvr32.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\resmon.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\rasphone.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\wscript.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\xwizard.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\regedt32.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\rrinstaller.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\wimserv.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate_ssp.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\autofmt.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\DisplaySwitch.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\explorer.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\LocationNotifications.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\openfiles.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\eventcreate.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\label.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\nslookup.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\printui.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\wextract.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\forfiles.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\Netplwiz.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\sdchange.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\whoami.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\wlanext.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\sdbinst.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\SearchProtocolHost.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\user.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\charmap.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\dialer.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\driverquery.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\ktmutil.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\Robocopy.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\cleanmgr.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\MuiUnattend.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\raserver.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\SysWOW64\relog.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\write.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\HelpPane.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\twunk_16.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\twunk_32.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\hh.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\notepad.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\splwow64.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\winhlp32.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\bfsvc.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\explorer.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
File opened for modification	C:\Windows\fveupdate.exe	8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe

C:\Users\Admin\AppData\Local\Temp\8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe
"C:\Users\Admin\AppData\Local\Temp\8c6683f84fa34397a5a7d06a62aea2d1d30ee14dfcd7278636bb70aaa6ed3e6f.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1504-54-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1504-55-0x0000000001000000-0x0000000001033B00-memory.dmp

Filesize
206KB

Download
memory/1504-56-0x0000000001000000-0x0000000001033B00-memory.dmp

Filesize
206KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads