c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8

Analysis

max time kernel
131s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
Size

15KB
MD5

5cf4085fc67f51b63b64a5e3eb17bce0
SHA1

48e868b55e611d5a6aeddd9305332abca74a419c
SHA256

c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8
SHA512

4fa230a44c259476354bb02fb620b3a4871b400381ee96ab013abf45e762cabf9cdfda4406c8dd8231877282a601156f85fcfb2c0f24039c86a12ccc00527bf5
SSDEEP

384:IDw20Y+Qi0d+jLJo+LCLq9yQBFUnSXWOCWq+WHdx:Is201O+jN/CLtQBySaWqX

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\stordiag.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\finger.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\notepad.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\PATHPING.EXE	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\RdpSa.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\regedit.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\setup16.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\TCPSVCS.EXE	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\cttunesvr.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\fsutil.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\msfeedssync.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\provlaunch.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\SecEdit.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\eventcreate.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\fontview.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\mavinject.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\WPDShextAutoplay.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\appidtel.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\dpnsvr.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\dtdump.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\sort.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\wecutil.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\label.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\perfmon.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\rasphone.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\taskkill.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\mshta.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\mtstocom.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\RdpSaUacHelper.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\CloudNotifications.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\cmd.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\ftp.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\instnm.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\LaunchWinApp.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\certutil.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\dllhst3g.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\Magnify.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\mspaint.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\WinRTNetMUAHostServer.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\RpcPing.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\sethc.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\ARP.EXE	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\cliconfg.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\doskey.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\gpresult.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\OneDriveSetup.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\findstr.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\TpmTool.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\ttdinject.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\ntprint.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\fixmapi.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\fltMC.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\hh.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\mountvol.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\netbtugc.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\tttracer.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\choice.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\control.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\CredentialUIBroker.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\quickassist.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\bfsvc.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\explorer.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\HelpPane.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\hh.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\notepad.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\splwow64.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\winhlp32.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
File opened for modification	C:\Windows\write.exe	c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe

C:\Users\Admin\AppData\Local\Temp\c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe
"C:\Users\Admin\AppData\Local\Temp\c987f8d54f943adf1d150a77c5293b20972189d505fc62dbc86a27796571cbb8.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4768-132-0x0000000001000000-0x0000000001006B00-memory.dmp

Filesize
26KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads