3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
Size

24KB
MD5

6031b68893d622e0407e30cc48b03610
SHA1

8cb098e95b666105108792c7c5dcdfe989421f86
SHA256

3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab
SHA512

48808a275cb5aed76f6e1bbf04af61cc6818a6e0879f8f9c3bf360a28a0e9621557066ebe318eeadca8ad228f817554b9a2a2b26ebd0c4333c77887ac357747a
SSDEEP

384:ekYQlAsQaC7Q/JJNW/6gGFJe/jKfGbLthN0qWYnpe/shW28VyWe1VT5:bYfsQ57Q/dgsE73tULYYsEVET5

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\reg.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\srdelayed.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\cscript.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\findstr.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\netiougc.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\dpnsvr.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\isoburn.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\setupSNK.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\bitsadmin.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\DeviceProperties.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\dllhst3g.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\rasphone.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\ctfmon.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\diskpart.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\PING.EXE	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\forfiles.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\WPDShextAutoplay.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\mshta.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\netsh.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\SetIEInstalledDate.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\TsWpfWrp.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\esentutl.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\logagent.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\rdrleakdiag.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\PresentationHost.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\proquota.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\ReAgentc.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\tasklist.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\attrib.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\autofmt.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\odbcad32.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\rundll32.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\hdwwiz.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\odbcconf.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\OptionalFeatures.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\sfc.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\TRACERT.EXE	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\mountvol.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\PushPrinterConnections.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\resmon.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\setup16.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\cleanmgr.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\dpapimig.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\RmClient.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\getmac.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\nslookup.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\cmd.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\doskey.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\DpiScaling.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\write.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\printui.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\sethc.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\user.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\ComputerDefaults.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\ntkrnlpa.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\where.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\wowreg32.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\ddodiag.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\dnscacheugc.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\shrpubw.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\SysWOW64\winrs.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\bfsvc.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\notepad.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\splwow64.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\twunk_16.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\twunk_32.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\write.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\explorer.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\fveupdate.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\HelpPane.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\hh.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
File opened for modification	C:\Windows\winhlp32.exe	3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe

C:\Users\Admin\AppData\Local\Temp\3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe
"C:\Users\Admin\AppData\Local\Temp\3a3cb729b8e9c856fde9039874309fd0b3d6cba4e259f4b9a0901c07c50b84ab.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1920-54-0x0000000076201000-0x0000000076203000-memory.dmp

Filesize
8KB

Download
memory/1920-55-0x0000000001000000-0x0000000001008B00-memory.dmp

Filesize
34KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads