d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d

Analysis

max time kernel
94s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
Size

16KB
MD5

646f4e5851e0113df569ab362b96e620
SHA1

49a356964824aa4686d17ef7c0a7a508b6883093
SHA256

d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d
SHA512

a513c884047dc3100d40219a90edf953aa1d29593fb48985259935cc17c3c31ef37de38f23573161f1e244ea430396eec9d884f9bdb8d6cd84a4c5cead280493
SSDEEP

192:u9AmKus7TYhfhOgQwwdY7wJbQSUMnvbGN0Iq2WrUW8w/zfAL9uxqNuxq2jiZPa:u9nUTUQwwzUqbG62WrUW8JLkzbqy

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\shrpubw.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\userinit.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\reg.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\at.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\icacls.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate_ssp.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\runonce.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\sc.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\setup16.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\wextract.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\cmdkey.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\resmon.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\fc.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\TpmTool.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\CheckNetIsolation.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\comp.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\hh.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\isoburn.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\Windows.Media.BackgroundPlayback.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\calc.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\gpscript.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\mspaint.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\rundll32.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\sdchange.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\sfc.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\DevicePairingWizard.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\dtdump.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\ttdinject.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\credwiz.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\label.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\esentutl.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\MRINFO.EXE	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\SettingSyncHost.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\certreq.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\cmdl32.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\odbcconf.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\rasdial.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\sdiagnhost.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\upnpcont.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\ARP.EXE	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\AtBroker.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\RdpSaUacHelper.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\winrs.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\wlanext.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\xcopy.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\CloudNotifications.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\OneDriveSetup.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\mmc.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\mshta.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\netsh.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\newdev.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\RdpSa.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\RpcPing.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\eudcedit.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\logman.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\SearchProtocolHost.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\dplaysvr.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\hdwwiz.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\ipconfig.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\PkgMgr.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\psr.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\SearchFilterHost.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\chkdsk.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\SysWOW64\diskperf.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winhlp32.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\write.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\bfsvc.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\explorer.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\HelpPane.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\hh.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\notepad.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
File opened for modification	C:\Windows\splwow64.exe	d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe

C:\Users\Admin\AppData\Local\Temp\d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe
"C:\Users\Admin\AppData\Local\Temp\d3f44c9f82b3da432bf7653c682b80adc26d98a8cfb70781c0de65e675744b4d.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4180-132-0x0000000001000000-0x0000000001006B00-memory.dmp

Filesize
26KB

Download
memory/4180-133-0x0000000001000000-0x0000000001006B00-memory.dmp

Filesize
26KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads