4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08

Analysis

max time kernel
202s
max time network
229s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2022, 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
Size

10KB
MD5

471e398309fd0d70fddc1e634fce6d10
SHA1

d6e738c6258680893841af321a28b9abcde938b8
SHA256

4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08
SHA512

2f1563175927cc929d23681fd7b9dd51b3905d47d67749ce913f99180c0b3ca59888633599d7729844142d04e4fb461f7af70bfc1a92778fa52b772000b54be3
SSDEEP

192:0CYuBthKuRnoe+Mn9p5QWE8ibWkVERDBq72lI:0PuBthToe+2OWE8ibWHQ7B

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\fixmapi.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\mshta.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\mtstocom.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\PackagedCWALauncher.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\regini.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\regsvr32.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\rrinstaller.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\curl.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\systray.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\netiougc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\replace.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\SndVol.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\calc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\eventcreate.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\fltMC.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\WSManHTTPConfig.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\diskpart.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\dxdiag.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\Fondue.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\isoburn.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\runas.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\secinit.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\subst.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\UserAccountBroker.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\attrib.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\user.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\MuiUnattend.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\EhStorAuthn.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\openfiles.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\winver.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\cliconfg.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\comp.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\DpiScaling.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\rasphone.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\SearchIndexer.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\srdelayed.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\unlodctr.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\charmap.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\MRINFO.EXE	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\fontdrvhost.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\bitsadmin.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\dfrgui.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\mstsc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\RdpSaUacHelper.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\schtasks.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\agentactivationruntimestarter.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\regedt32.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate_ssp.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\ttdinject.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\cttune.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\ComputerDefaults.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\ddodiag.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\fc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\mspaint.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\stordiag.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\compact.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\net1.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\netbtugc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\newdev.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\SysWOW64\perfhost.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\notepad.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\splwow64.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\winhlp32.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\write.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\bfsvc.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\explorer.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\HelpPane.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
File opened for modification	C:\Windows\hh.exe	4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe

C:\Users\Admin\AppData\Local\Temp\4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe
"C:\Users\Admin\AppData\Local\Temp\4c249fd0e3071c602fb32ad0035bf3756c11b733b09e8e03703117842e71fd08.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-132-0x0000000001000000-0x0000000001006B00-memory.dmp

Filesize
26KB

Download
memory/1932-133-0x0000000001000000-0x0000000001006B00-memory.dmp

Filesize
26KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads