37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a

Analysis

max time kernel
119s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 05:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
Size

33KB
MD5

5f00c6bda37d105bdb3fe3f3801be7b0
SHA1

d5a15131c03bac09c260420c2eaa874382013f22
SHA256

37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a
SHA512

86e5cd791e2ee70674d80eeea4cea3834842af6265b8b661af3505a487cf3b5263ce94b6854db0525a67b98b1910cac9105171bff7239590433432ec94e8ebac
SSDEEP

768:SDfbpEmkB9PyuUbUTUDa4yATSby7ozW4rkr9I:SDDpVGqaZkr9I

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\backgroundTaskHost.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\cttune.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\Taskmgr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\wevtutil.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\chkdsk.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\forfiles.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\logman.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\Magnify.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\pcaui.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\systray.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\TpmTool.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\OposHost.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\charmap.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\cttunesvr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\Dism.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\dpnsvr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\EaseOfAccessDialog.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\ieUnatt.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\msdt.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\SecEdit.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\w32tm.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\raserver.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\findstr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\gpupdate.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\iscsicpl.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\lodctr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\makecab.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\mmc.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\mshta.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\rdrleakdiag.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\RmClient.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\upnpcont.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\CheckNetIsolation.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\CloudNotifications.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\proquota.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\psr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\UserAccountBroker.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\SearchIndexer.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\cmstp.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\msiexec.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\notepad.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\unlodctr.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\InfDefaultInstall.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\WWAHost.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\net.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\xwizard.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\convert.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\eventcreate.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\fixmapi.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\isoburn.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\PackagedCWALauncher.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\rasautou.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\autochk.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\dpapimig.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\CertEnrollCtrl.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\mavinject.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\ReAgentc.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\TokenBrokerCookies.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\certreq.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\TSTheme.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\SysWOW64\calc.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\splwow64.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\winhlp32.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\write.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\bfsvc.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\explorer.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\HelpPane.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\hh.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
File opened for modification	C:\Windows\notepad.exe	37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe

C:\Users\Admin\AppData\Local\Temp\37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe
"C:\Users\Admin\AppData\Local\Temp\37d5523b1dea16c544d9fa09d86839896ec66ca46a9dd60c7c1b54111da6ca4a.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1232-132-0x0000000001000000-0x000000000100AB00-memory.dmp

Filesize
42KB

Download
memory/1232-133-0x0000000001000000-0x000000000100AB00-memory.dmp

Filesize
42KB

Download
memory/1232-134-0x0000000001000000-0x000000000100AB00-memory.dmp

Filesize
42KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads