d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e

Analysis

max time kernel
153s
max time network
166s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Size

303KB
MD5

6902084333276346c10012eb711d1e40
SHA1

d17f2c5a4f4c14fa595cf3a6e9c7be6a797b326c
SHA256

d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e
SHA512

d349fc0daf78a3a688913e4fb9e3884a92d6cb0f4cb2610da0d582114957a27149b4c3e416ef9c7a1fd31e3543a97b3eaefec41f80ed911966dad7438683489d
SSDEEP

3072:xO9d3Zy0imWTaT4tywbqTvsgcku7eW4ly3rw:09nyXJTa8w6ObWL

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ntsgqcls.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\wzmyqvag.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\cmtaoezj.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\fsopglgq.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\uvldywbi.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\axyhvpch.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\wfdrwoww.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\evibcuol.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\wotyocka.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\wakvxkgr.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\ottnutzg.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\tkadyqlu.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\lkmmfcgj.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\xjudsnmi.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\lrhehpsm.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\cjcduwph.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\nomxuxpr.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\hcpnpaia.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\diskbiah.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\elrthrxe.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\ouuiwdjy.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\pqaejcjf.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\ecmffidp.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\xwonsmiw.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\sielbipj.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\xjooknha.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\soylgbxp.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\pybkcnbb.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\mtxsbxjq.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\lxfghrfh.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\iyctzffr.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\sdjzmrgx.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\akzirech.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\hpykchpf.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\mtkbkble.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\zgiwnrxc.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\rmejuiwi.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\gpkcxgon.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\ddqxdchk.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\dznidmyc.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\yvsncqle.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\eefnddtl.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\udrlidzi.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\wbwelnvp.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\uqadjieh.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\euyhyhfq.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\ujbtxdgr.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\jlnvekdy.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\jcvddvun.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\rlzwdubh.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\kxlijpmu.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\lhayxqyd.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\hlmtkkkv.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\brvytuuu.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\obzwqvot.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\yrduzzld.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\ozoebquz.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\orzydlrj.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\qqqltcfr.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\kkpqpcpn.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\guphants.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\zqnotosn.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\iamucbfg.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
File opened for modification	C:\Windows\SysWOW64\vivftlfg.dll	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe

Modifies registry class 40 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}\InprocServer32\ = "C:\\Windows\\SysWow64\\ehlowhje.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}\InprocServer32\ = "C:\\Windows\\SysWow64\\fwilphlr.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D}\InprocServer32\ = "C:\\Windows\\SysWow64\\dxzfgfqe.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63A71AE9-5096-0AE4-2BF6-5FE70636F51F}	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\slpgcjpg.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}\InprocServer32\ = "C:\\Windows\\SysWow64\\entwquml.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\ocefcqgs.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\nbixxuds.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\aknxogfg.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\evjxiqjx.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63A71AE9-5096-0AE4-2BF6-5FE70636F51F}\LocalServer32	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63A71AE9-5096-0AE4-2BF6-5FE70636F51F}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\oksablbb.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\iokvrbre.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC9F2F90-E877-11CE-9F68-00AA00574A4F}\InprocServer32\ = "C:\\Windows\\SysWow64\\yqefnqqg.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32\ = "C:\\Windows\\SysWow64\\uexuejhs.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63A71AE9-5096-0AE4-2BF6-5FE70636F51F}\ = "bnlqprfkfdzjfvof"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\mwhmznrg.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\jobqkzzf.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\sthjoarw.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\wiqzaqud.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\hcpnpaia.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\fbjzkwdd.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}\InprocServer32\ = "C:\\Windows\\SysWow64\\pjmnawtg.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32\ = "C:\\Windows\\SysWow64\\gqslypbj.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22c6c651-f6ea-46be-bc83-54e83314c67f}\InProcServer32\ = "C:\\Windows\\SysWow64\\iamucbfg.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\qqhluymp.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CBBABF0-36B9-11CE-BF0D-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\gdwjkgot.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\ndywzzyg.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32\ = "C:\\Windows\\SysWow64\\cjcduwph.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\orzydlrj.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}\InprocServer32\ = "C:\\Windows\\SysWow64\\kxlijpmu.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}\InprocServer32\ = "C:\\Windows\\SysWow64\\nxjqpkzz.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7A9C6E0-EFF2-101A-8185-00DD01108C6B}\InprocServer32\ = "C:\\Windows\\SysWow64\\mtkbkble.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\pjckcdgd.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}\InprocServer32\ = "C:\\Windows\\SysWow64\\ottnutzg.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c73f6f30-97a0-4ad1-a08f-540d4e9bc7b9}\InProcServer32\ = "C:\\Windows\\SysWow64\\iqcqygyh.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F748B5F0-15D0-11CE-BF0D-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\umjjtxkt.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\rbytrpfj.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\ymytvoba.dll"	d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe

C:\Users\Admin\AppData\Local\Temp\d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe
"C:\Users\Admin\AppData\Local\Temp\d3a6549aa3c4ffc596bb98f847cc2aa7c0915aa7231b3a4e1a0f56114a86c01e.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1384-54-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download
memory/1384-55-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1384-56-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/1384-57-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads