db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea

General

Target

db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Size

76KB
MD5

6a0e826e9db45748097e0c46dd326e69
SHA1

e407051dd62e4c10ee837ac013ad5af697a51dcb
SHA256

db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea
SHA512

7fe4033a27eb6ed8cbb1cef42af0e30b3f657bb7852e04451db2cd91fd7219ee34393bf24cf5b86f915be7c07b3ff1e9b7e806f8753a165c7b40bf819b0bea36
SSDEEP

1536:8oYuKBVNVVvF8ZhAEoc2UJAWjz8tI7hyqOcXP6e3lSZsvC6pNorpjVrs2ryrd1vo:8oYu8VNfGZhAI71g8Pd1SOGHs2qo

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\ConfirmAssert.html	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\qrhljwvn.exe	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\sekbhrbe.exe	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\nsstljje.exe	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EFAEBAE0-A79D-15E2-4302-3C9BD212C32C}	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\ = "nqjsbrvhjblrejqq"	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\jre\\sekbhrbe.exe"	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\ = "hqjkselrnzhssknn"	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\\nsstljje.exe"	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EFAEBAE0-A79D-15E2-4302-3C9BD212C32C}\LocalServer32	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EFAEBAE0-A79D-15E2-4302-3C9BD212C32C}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe"	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\db\\qrhljwvn.exe"	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EFAEBAE0-A79D-15E2-4302-3C9BD212C32C}\ = "lzcnrnbljzxrwvsj"	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "tnzweqwkebecbltn"	db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe

C:\Users\Admin\AppData\Local\Temp\db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe
"C:\Users\Admin\AppData\Local\Temp\db5b58e928de278e85d2a439ad570b9f46d00047ec5695929adee8fa357732ea.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:1596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1596-132-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1596-133-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1596-134-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1596-135-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1596-136-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads