024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
Size

85KB
MD5

5ef5a0946331755b60a66afa38f4dd40
SHA1

bc3a8c96822a361f80d8dba8465a7bf06166bf60
SHA256

024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab
SHA512

9c90b36a2e40ee6f77efd3005f7528fe1a63e3a0c7971eec0c141fa2e6253921abd523f0c1d081e1787bfc91cd5f7cfec2565683b9dbef15e3bec9b7f3c88e2b
SSDEEP

1536:uDmAunwi6bNSiWrtpz0m3B+XoU+kOjxHWABdhmgSq:yzunwoiezDR+Xp+kONbmgSq

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\systray.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\write.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\esentutl.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\ntprint.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\sdbinst.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\SndVol.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\xpsrchvw.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\osk.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\regsvr32.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\winrshost.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\timeout.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\cscript.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\fsutil.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\label.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\ftp.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\perfhost.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\cmmon32.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\DpiScaling.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\secinit.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\setup16.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\shrpubw.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\wowreg32.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\ComputerDefaults.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\ipconfig.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\logagent.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\cmdkey.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\NAPSTAT.EXE	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\prevhost.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\schtasks.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\SearchFilterHost.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\SearchProtocolHost.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\sethc.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\autofmt.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\DWWIN.EXE	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\gpresult.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\setupSNK.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\TpmInit.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\at.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\chkntfs.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\poqexec.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\powercfg.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\sc.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\WPDShextAutoplay.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\find.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\gpscript.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\TSTheme.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\dllhost.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\grpconv.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\perfmon.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\regedt32.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\resmon.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\userinit.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\winrs.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\choice.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\cmdl32.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\colorcpl.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\getmac.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\TapiUnattend.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\mobsync.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\SysWOW64\tasklist.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\fveupdate.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\hh.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\splwow64.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\twunk_32.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\write.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\bfsvc.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\explorer.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\twunk_16.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\winhlp32.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\HelpPane.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
File opened for modification	C:\Windows\notepad.exe	024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe

C:\Users\Admin\AppData\Local\Temp\024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe
"C:\Users\Admin\AppData\Local\Temp\024a27022289d5520e698892a7cd5de4090cdafc70f409f93b653fac32dfe6ab.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1348-54-0x0000000001800000-0x000000000181CB00-memory.dmp

Filesize
114KB

Download
memory/1348-55-0x00000000750A1000-0x00000000750A3000-memory.dmp

Filesize
8KB

Download
memory/1348-56-0x0000000001800000-0x000000000181CB00-memory.dmp

Filesize
114KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads