4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08

Analysis

max time kernel
57s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-10-2022 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
Size

10KB
MD5

471e398309fd0d70fddc1e634fce6d10
SHA1

d6e738c6258680893841af321a28b9abcde938b8
SHA256

4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08
SHA512

2f1563175927cc929d23681fd7b9dd51b3905d47d67749ce913f99180c0b3ca59888633599d7729844142d04e4fb461f7af70bfc1a92778fa52b772000b54be3
SSDEEP

192:0CYuBthKuRnoe+Mn9p5QWE8ibWkVERDBq72lI:0PuBthToe+2OWE8ibWHQ7B

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\esentutl.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\sbunattend.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\wscript.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\eudcedit.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\ntprint.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\SndVol.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\reg.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\ndadmin.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\schtasks.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\setup16.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\TRACERT.EXE	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\dplaysvr.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\dvdupgrd.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\makecab.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\psr.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\shutdown.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\typeperf.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\control.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\dfrgui.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\instnm.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\lodctr.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\bitsadmin.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\Robocopy.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\WerFault.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\fixmapi.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\rrinstaller.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\sxstrace.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\taskkill.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\TSTheme.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\AdapterTroubleshooter.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\fsutil.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\isoburn.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\pcaui.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\sethc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\SyncHost.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\TCPSVCS.EXE	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\credwiz.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\dcomcnfg.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\fc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\Magnify.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\mountvol.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\xwizard.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\Dism.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\dllhst3g.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\efsui.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\setupugc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\netsh.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\sdchange.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\charmap.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\cmmon32.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\diskraid.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\PushPrinterConnections.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\write.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\MRINFO.EXE	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\OptionalFeatures.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\print.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\ROUTE.EXE	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\mstsc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\clip.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\icardagt.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\calc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\splwow64.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\twunk_16.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\twunk_32.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\winhlp32.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\write.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\fveupdate.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\HelpPane.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\notepad.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\bfsvc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\explorer.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\hh.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe

C:\Users\Admin\AppData\Local\Temp\4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
"C:\Users\Admin\AppData\Local\Temp\4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-54-0x0000000001000000-0x0000000001006B00-memory.dmp

Filesize
26KB

Download
memory/1696-55-0x0000000001000000-0x0000000001006B00-memory.dmp

Filesize
26KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads