37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 05:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
Size

33KB
MD5

5f00c6bda37d105bdb3fe3f3801be7b0
SHA1

d5a15131c03bac09c260420c2eaa874382013f22
SHA256

37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a
SHA512

86e5cd791e2ee70674d80eeea4cea3834842af6265b8b661af3505a487cf3b5263ce94b6854db0525a67b98b1910cac9105171bff7239590433432ec94e8ebac
SSDEEP

768:SDfbpEmkB9PyuUbUTUDa4yATSby7ozW4rkr9I:SDDpVGqaZkr9I

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dpapimig.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\eventcreate.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\perfhost.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\TRACERT.EXE	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\unlodctr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\wscript.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\cipher.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\rasautou.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\rdrleakdiag.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\shrpubw.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\ftp.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\regedit.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\relog.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\systray.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\tzutil.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\bootcfg.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\dllhst3g.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\find.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\msfeedssync.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\SecEdit.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\credwiz.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\perfmon.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\wimserv.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\wowreg32.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\diskpart.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\eventvwr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\regedt32.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\sort.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\fsutil.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\iscsicpl.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\newdev.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\wevtutil.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\LocationNotifications.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\SearchFilterHost.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\sfc.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\systeminfo.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\chkntfs.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\cmdl32.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\ntprint.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\schtasks.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\srdelayed.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\psr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\resmon.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\taskmgr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\bthudtask.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\charmap.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\cmd.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\hdwwiz.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\Netplwiz.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\TCPSVCS.EXE	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\hh.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\tasklist.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\UserAccountControlSettings.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\wermgr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\xcopy.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\grpconv.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\PresentationHost.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\regsvr32.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\SearchIndexer.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\tcmsetup.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\w32tm.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\waitfor.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\twunk_32.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\winhlp32.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\bfsvc.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\explorer.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\HelpPane.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\hh.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\splwow64.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\twunk_16.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\write.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\fveupdate.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\notepad.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe

C:\Users\Admin\AppData\Local\Temp\37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
"C:\Users\Admin\AppData\Local\Temp\37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-54-0x0000000001000000-0x000000000100AB00-memory.dmp

Filesize
42KB

Download
memory/1048-55-0x0000000001000000-0x000000000100AB00-memory.dmp

Filesize
42KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads