929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3

Analysis

max time kernel
188s
max time network
201s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 16:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Size

303KB
MD5

60e9e61afc89f8b42c91b86e17193110
SHA1

ab46adc933342f541871e6f0f935d176d86bad2a
SHA256

929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3
SHA512

eb9cc4a53ada8dc3206a205e7a6260edd9d7f671a59520808acb832844e3040ac7eb57dfd8d40ca9dd268fb5166c592365098c9191521c18fbb25364466d4dc1
SSDEEP

3072:lHUMU4MQXRs12IoIXMuL9SQ6oOUoBKmWAvvnM:RUMU4MQXRssIRMIMNUoQP

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\hvddducf.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\etytmnxi.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\cwtazlko.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\tjamhoir.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\zfpaujbl.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\rjclakle.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\exifhssu.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\isbvqglw.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\oejbatbi.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\opwukwzf.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\thzjckuy.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\sfxoaecc.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\hxehdnqs.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\hcoqxmug.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\rpdwmwsn.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\beajmnlx.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\jbkuxlnn.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\yexfayfo.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\fjglmwyn.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\thfgcktb.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\vjgytwos.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\rezihcwk.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\btiihylm.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\htobclca.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\pyzpkuox.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\dcyfhpqy.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\qxvfxxba.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\fdxynusm.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\pcskqmut.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\xzdkucjg.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\entcatpy.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\vrbkpkut.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\qhdvwcqi.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\xvviavco.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\seqhoffq.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\sgiawtjk.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\nauwoaza.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\rxkmidlz.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\hiklqill.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\yfpdlwtt.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\xhizrsqs.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\ubaadnmx.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\rrygwzuy.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\mytlyymh.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\zqhmnykz.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\danoqbaj.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\ardkluqq.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\irrigmtp.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\sbeabhkz.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\ppirtxhv.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\fkoxsgpi.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\iwiupjge.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\hpymbuyo.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\jlmopsdv.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\ldtngcrb.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\xzdmnggy.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\kniorqal.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\lkjpctqu.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\btqjwiad.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\lpuxyawa.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\tfnghbsj.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\rpxedbqh.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\cuyhfawf.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Windows\SysWOW64\dyfpxcbv.dll	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\cnixuzsv.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\intpfxle.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\wcbqecij.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\ocqxbljc.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\psljpbiu.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\jfvpxlsw.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\lzotnhsm.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\qwwtnquw.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\ikhddtea.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\vmnrnftl.exe	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}\InprocServer32\ = "C:\\Windows\\SysWow64\\rxkmidlz.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22c6c651-f6ea-46be-bc83-54e83314c67f}\InProcServer32\ = "C:\\Windows\\SysWow64\\vuyyqmoc.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32\ = "C:\\Windows\\SysWow64\\onbypcuc.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\blqkmjvj.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\wkjvmsgb.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8A7954B-FD3F-2DCF-876A-47C83E9B5EB3}\ = "nologyfhhqivknxo"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8A7954B-FD3F-2DCF-876A-47C83E9B5EB3}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ocqxbljc.exe"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\qwwtnquw.exe"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9AD2775D-F31C-F60D-7D3E-392176D8B3E8}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\psljpbiu.exe"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9C8333E4-6163-9C37-A869-78519EA43DCA}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\bkgpwvom.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\otxxbhqu.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\wcbqecij.exe"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\juylywed.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\rpxedbqh.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A7006CC-89E6-852B-C5A1-61F8EA8080BF}\ = "mdvfcvjnhgsrlgee"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}\LocalServer32	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8A7954B-FD3F-2DCF-876A-47C83E9B5EB3}\LocalServer32	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}\ = "cboyszcgqprqhiwr"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}\InprocServer32\ = "C:\\Windows\\SysWow64\\cayqwhrf.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c73f6f30-97a0-4ad1-a08f-540d4e9bc7b9}\InProcServer32\ = "C:\\Windows\\SysWow64\\scddjeto.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9AD2775D-F31C-F60D-7D3E-392176D8B3E8}\ = "knpxhmgfzkizqkhn"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\jjkzsaqa.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\ltpxkdml.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC9F2F90-E877-11CE-9F68-00AA00574A4F}\InprocServer32\ = "C:\\Windows\\SysWow64\\yiieubrv.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}\LocalServer32	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32\ = "C:\\Windows\\SysWow64\\zxmdpatj.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\sffwotne.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE1CC4E0-F69A-8C34-637E-41619F719524}\LocalServer32	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A7006CC-89E6-852B-C5A1-61F8EA8080BF}	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\cnixuzsv.exe"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\hjkisnod.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}\InprocServer32\ = "C:\\Windows\\SysWow64\\pjcdhrqj.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}\LocalServer32	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}\LocalServer32	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}\ = "iuumzrkvofigrtql"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\lzotnhsm.exe"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9C8333E4-6163-9C37-A869-78519EA43DCA}	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\chzutdxn.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}\InprocServer32\ = "C:\\Windows\\SysWow64\\ubaadnmx.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}\InprocServer32\ = "C:\\Windows\\SysWow64\\bobxtpsg.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}\LocalServer32	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}\ = "jeiltojdphetathn"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CBBABF0-36B9-11CE-BF0D-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\psffjqjy.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\laqdfogx.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7A9C6E0-EFF2-101A-8185-00DD01108C6B}\InprocServer32\ = "C:\\Windows\\SysWow64\\ravoquqi.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE1CC4E0-F69A-8C34-637E-41619F719524}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\intpfxle.exe"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}\InprocServer32\ = "C:\\Windows\\SysWow64\\rrygwzuy.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C73865E0-2A95-0FBE-6EBC-BC02BAAF8C03}\ = "oxbdpjkiruzpdxac"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE1CC4E0-F69A-8C34-637E-41619F719524}\ = "oiiqxakuieqymyxy"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\xhizrsqs.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\yfaitozm.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}\InprocServer32\ = "C:\\Windows\\SysWow64\\ohlykjoy.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\komgfgdk.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}\ = "cccrecxwdepyxlkb"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8A7954B-FD3F-2DCF-876A-47C83E9B5EB3}	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9C8333E4-6163-9C37-A869-78519EA43DCA}\LocalServer32	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\uoeoenhp.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32\ = "C:\\Windows\\SysWow64\\ldtngcrb.dll"	929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe

C:\Users\Admin\AppData\Local\Temp\929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe
"C:\Users\Admin\AppData\Local\Temp\929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-54-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download
memory/1784-55-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/1784-56-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/1784-57-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads