Analysis
-
max time kernel
190s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20/10/2022, 12:48
Static task
static1
Behavioral task
behavioral1
Sample
a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe
Resource
win7-20220812-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe
-
Size
357KB
-
MD5
a01ae943bc436190ae9571aa2a990d50
-
SHA1
337601af96ac8825cfb23cd66b5ac5842fcb30eb
-
SHA256
a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3
-
SHA512
61adee4eb86c1bd0998ff8d020992fdf94f6eea97241fe3fa31c30f5e010a85d3b242799f0658e0c33b450bf4f15d405f0a3f3da9a321791745f43192b81eafb
-
SSDEEP
6144:qTX4MGOUAqq3VAWdHm56SiwybqveHC3Z+Qh:qTudAqOm5yOvei3Dh
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1056 a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.ogr -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\ssvagent.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jre1.8.0_66\bin\javacpl.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Client\AppVLP.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\7-Zip\7zFM.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Google\Chrome\Application\chrome.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\AppVLP.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\7-Zip\Uninstall.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\7-Zip\Uninstall.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\bin\jconsole.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Java\jre1.8.0_66\bin\javaw.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\7-Zip\7zG.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\msoasb.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSOUC.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\GRAPH.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\CLVIEW.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\notification_helper.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jre1.8.0_66\bin\javaws.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jre1.8.0_66\bin\ssvagent.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\bin\javaw.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\bin\javaws.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Java\jre1.8.0_66\bin\javaws.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\msoadfsb.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\msoia.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSQRY32.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome_pwa_launcher.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2launcher.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jre1.8.0_66\bin\javaw.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\msotd.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\javaw.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\msotd.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSOSYNC.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\notification_helper.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\javacpl.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2launcher.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.ogr a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\javacpl.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\oobb.exe a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1056 a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.ogr -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4116 wrote to memory of 1056 4116 a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe 81 PID 4116 wrote to memory of 1056 4116 a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe 81 PID 4116 wrote to memory of 1056 4116 a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe"C:\Users\Admin\AppData\Local\Temp\a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.exe"1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4116 -
C:\Users\Admin\AppData\Local\Temp\a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.ogrC:\Users\Admin\AppData\Local\Temp\a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.ogr2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.ogr
Filesize297KB
MD53e77a952843df15aa83868227d2dc23f
SHA1719625f13129c714bd3670621efa96c7109b6598
SHA256ee1dd105f0bb9694b73235b012ebbe5480df2d62399b3c92b54897c3c6f0f588
SHA5120abc74a2ec5a3bdb9951ca2b9f7c2540686c8e9979ef61503ed1d54d4847f56be14615a5185ddd0c4caf094bd31991c79ac61ac455a9ebe08da9d25a4d5d107d
-
C:\Users\Admin\AppData\Local\Temp\a4f52b1dbb380730584795db81fcac12ffef3ae7e2144b63932e746f70af45c3.ogr
Filesize297KB
MD53e77a952843df15aa83868227d2dc23f
SHA1719625f13129c714bd3670621efa96c7109b6598
SHA256ee1dd105f0bb9694b73235b012ebbe5480df2d62399b3c92b54897c3c6f0f588
SHA5120abc74a2ec5a3bdb9951ca2b9f7c2540686c8e9979ef61503ed1d54d4847f56be14615a5185ddd0c4caf094bd31991c79ac61ac455a9ebe08da9d25a4d5d107d