Analysis
-
max time kernel
31s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/10/2022, 17:04
Static task
static1
Behavioral task
behavioral1
Sample
9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe
-
Size
16KB
-
MD5
3d22dd6dd772b29de91807f990694ad0
-
SHA1
5edd964e0e4633aba6f295685544bb572c8f908e
-
SHA256
9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508
-
SHA512
523fe66f9394219bdca9850de378e60066197e4bf7de29bef471e50fe3af6cca3f9df717e92c247ef0699c022d82dbf9300dc4ab355c8dc210f7a16ff4642f97
-
SSDEEP
384:obMxQ5QrXIt0H7tvm/jAc67vn7OeNhWvKLWwZ69r:KQDtmkcYPlNZ4r
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 56 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\cscript.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\SecEdit.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\DWWIN.EXE 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\fontview.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\regedt32.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\calc.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\doskey.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\ROUTE.EXE 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\perfmon.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\SyncHost.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\cmdkey.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\hdwwiz.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\systray.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\eventcreate.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\setx.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\DisplaySwitch.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\fsutil.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\mobsync.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\perfhost.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\setup16.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\tasklist.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\cmd.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\ddodiag.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\upnpcont.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\ftp.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\LocationNotifications.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\autoconv.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\DeviceProperties.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\gpupdate.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\mfpmp.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\attrib.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\dpnsvr.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\poqexec.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\taskeng.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\msdt.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\msra.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\dvdupgrd.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\TpmInit.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\wscript.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\Dism.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\dllhost.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\TCPSVCS.EXE 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\ComputerDefaults.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\iscsicli.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\ocsetup.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\sdbinst.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\ntprint.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\sdchange.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\sethc.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\sxstrace.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\diskpart.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\help.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\label.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\TRACERT.EXE 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\grpconv.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\SysWOW64\netbtugc.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File opened for modification C:\Program Files\DVD Maker\DVDMaker.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\bfsvc.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\winhlp32.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe File opened for modification C:\Windows\write.exe 9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe"C:\Users\Admin\AppData\Local\Temp\9364eddd4dfb080180a5c23c78f01f26f4fcb326edcc47bbbb16308e2b350508.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1348