9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e

Analysis

max time kernel
152s
max time network
158s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Size

103KB
MD5

64bd00b9c5f6995ffb6216ada779e180
SHA1

57d0d3231b38e11c420b94880e00cdd6fdaa6d32
SHA256

9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e
SHA512

c2e5e8c8a1346742a45499bfb83f5f5cb4f2cbe91e23667a25d6dd84f1cb444dbcb6e2a248550eccc115ac7bd017707f956552c738d2db994eeb80e74e281ba0
SSDEEP

1536:ez2KWezrNpfv2cWSFpLWG77ozdIFzskPxp5fu6W4kw7YUP6zhSFvBo9:zK5fWqFIkid7kpTfu7wMcvo

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\zoehhxps.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\opflamof.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\cljgbffz.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\clxxfhny.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\qsllbtnr.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\idpwornc.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\tqmyqoqa.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\oxhmmrys.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\dlvzeqrr.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\wwonayhb.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\fdaowdim.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\gcvojisf.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\peifqusq.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\exuiogny.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\bltcuqit.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\xgzanrly.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\mgmzerez.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\qjzztiai.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\ooktyltr.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\ijukxirg.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\yvdnlloi.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\oucxwmyc.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\sospkhnk.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\adckmvzw.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\njvlzygx.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\lfdttucp.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\tgzscsfm.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\tsdluofe.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\xtqcvndc.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\igdkgdwk.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\uafoukrl.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\ocrtgtss.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\fkgxjtsr.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\vspwfjpa.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\aeluvlbj.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\gnpepknr.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\ltnvvzzc.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\bhyindmk.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\oeylqrhx.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\igdebjcp.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\fhmagnob.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\vmwsbfqc.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\exgxdeut.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\kftzoytp.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\actcfolm.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\gfionnpb.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\yfrppfrs.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\useesqvc.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\fwopxmut.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\qytfqhxn.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\tootuuen.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\hyarczwj.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\nlqozeiv.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\psdqhlwc.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\hhkcetcn.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\bxgojrov.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\hjrmdtvu.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\dkhpizan.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\dpzcuakt.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\bqddeevh.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\pndmppat.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\ttlyggyt.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\pglqtkoq.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Windows\SysWOW64\pzjhglza.dll	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\wcbqecij.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\psljpbiu.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\ocqxbljc.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\vmnrnftl.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\intpfxle.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\lzotnhsm.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\cnixuzsv.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\qwwtnquw.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\EnableGet.html	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\ikhddtea.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\jfvpxlsw.exe	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\rfkosikw.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\poslmiep.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}\InprocServer32\ = "C:\\Windows\\SysWow64\\trdwbeup.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\fwshlpts.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}\LocalServer32	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A7006CC-89E6-852B-C5A1-61F8EA8080BF}	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\myfsraca.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\dvbsfopi.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}\InprocServer32\ = "C:\\Windows\\SysWow64\\rtqgwfxd.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}\ = "wnyoiwuyekiopgsa"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\qwwtnquw.exe"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\uafoukrl.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}\LocalServer32	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CBBABF0-36B9-11CE-BF0D-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\zbgqxtgn.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\jfvpxlsw.exe"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\cnixuzsv.exe"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\njvlzygx.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C73865E0-2A95-0FBE-6EBC-BC02BAAF8C03}\LocalServer32	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}\ = "tqdkvacktezrvvhc"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A7006CC-89E6-852B-C5A1-61F8EA8080BF}\LocalServer32	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}\InprocServer32\ = "C:\\Windows\\SysWow64\\pzjhglza.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\tqmyqoqa.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F748B5F0-15D0-11CE-BF0D-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\uwopsnwt.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7A9C6E0-EFF2-101A-8185-00DD01108C6B}\InprocServer32\ = "C:\\Windows\\SysWow64\\zggomrfh.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}\ = "cilobnlmqnkznofc"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\wcbqecij.exe"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9AD2775D-F31C-F60D-7D3E-392176D8B3E8}\LocalServer32	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\ackqeaga.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{523B3950-6839-68D6-1B40-75B2377A26C8}	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32\ = "C:\\Windows\\SysWow64\\mygvarnw.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\hjrmdtvu.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c73f6f30-97a0-4ad1-a08f-540d4e9bc7b9}\InProcServer32\ = "C:\\Windows\\SysWow64\\vmnewddp.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{523B3950-6839-68D6-1B40-75B2377A26C8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}\InprocServer32\ = "C:\\Windows\\SysWow64\\lwewrmci.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}\InprocServer32\ = "C:\\Windows\\SysWow64\\xorfwovk.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8A7954B-FD3F-2DCF-876A-47C83E9B5EB3}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ocqxbljc.exe"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}\LocalServer32	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32\ = "C:\\Windows\\SysWow64\\iwpxpdpg.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\hdkzloon.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32\ = "C:\\Windows\\SysWow64\\xitjcelh.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE1CC4E0-F69A-8C34-637E-41619F719524}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\intpfxle.exe"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}\LocalServer32	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{523B3950-6839-68D6-1B40-75B2377A26C8}\ = "bislcqfodkhpiwjl"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\ijukxirg.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}\InprocServer32\ = "C:\\Windows\\SysWow64\\lpwajcvz.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE1CC4E0-F69A-8C34-637E-41619F719524}	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}\ = "dttjvspqggnienfm"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}\LocalServer32	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9AD2775D-F31C-F60D-7D3E-392176D8B3E8}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\psljpbiu.exe"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\bxgojrov.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\riuiqzfa.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C73865E0-2A95-0FBE-6EBC-BC02BAAF8C03}\ = "qmlomixvxtnuyocc"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE1CC4E0-F69A-8C34-637E-41619F719524}\ = "tguoqequiyotatqk"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}\ = "hsnxxudkkkymgpkp"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\lwbrqyyv.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\prmtxtpa.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\byoxwkjd.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D}\InprocServer32\ = "C:\\Windows\\SysWow64\\ycglvzkp.dll"	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE1CC4E0-F69A-8C34-637E-41619F719524}\LocalServer32	9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe

C:\Users\Admin\AppData\Local\Temp\9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe
"C:\Users\Admin\AppData\Local\Temp\9e096f8047a59487e5a3b5f3fd0a978079cb2338ab76c9b57b9f087c203a096e.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1488-54-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

Filesize
8KB

Download
memory/1488-55-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1488-56-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/1488-57-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads