fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6

Analysis

max time kernel
19s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Size

72KB
MD5

0b41e5ee73e9381ba8c95e87473b46dc
SHA1

8f0693ed1bd53a5075cde88940b83a10e90f21b8
SHA256

fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6
SHA512

13d58fbb5fafcaefc4c995ccdcbb67bf556dea782056b9b34bcadbdaf214c4b5202fc0c1e6677a5f90302db80debff471be24b1bbcf9af40560e8f0765c061fd
SSDEEP

384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2D:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrv

Score

10^/10

evasion

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	backup.exe

Disables RegEdit via registry modification 6 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe

Executes dropped EXE 2 IoCs

pid	Process
1908	backup.exe
1984	backup.exe

Loads dropped DLL 4 IoCs

pid	Process
1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
1908	backup.exe
1984	backup.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1908	1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe	27
PID 1920 wrote to memory of 1908	1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe	27
PID 1920 wrote to memory of 1908	1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe	27
PID 1920 wrote to memory of 1908	1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe	27
PID 1920 wrote to memory of 1984	1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe	40
PID 1920 wrote to memory of 1984	1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe	40
PID 1920 wrote to memory of 1984	1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe	40
PID 1920 wrote to memory of 1984	1920	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe	40
PID 1908 wrote to memory of 1940	1908	backup.exe	39
PID 1908 wrote to memory of 1940	1908	backup.exe	39
PID 1908 wrote to memory of 1940	1908	backup.exe	39

System policy modification 1 TTPs 12 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	backup.exe

C:\Users\Admin\AppData\Local\Temp\fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
"C:\Users\Admin\AppData\Local\Temp\fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe"
1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1920
- C:\Users\Admin\AppData\Local\Temp\1467291919\backup.exe
  C:\Users\Admin\AppData\Local\Temp\1467291919\backup.exe C:\Users\Admin\AppData\Local\Temp\1467291919\
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:1908
- - C:\backup.exe
    \backup.exe \
    3⤵
    PID:1940
- C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\
  2⤵
  PID:1312
- C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
  C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\
  2⤵
  PID:1804
- C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
  C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\
  2⤵
  PID:1360
- C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
  2⤵
  PID:1716
- C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
  C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
  2⤵
  PID:1932
- C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
  C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:1984

C:\Program Files\Common Files\backup.exe
"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
1⤵
PID:1488

C:\Program Files\7-Zip\Lang\backup.exe
"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
1⤵
PID:920

C:\Program Files\7-Zip\backup.exe
"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
1⤵
PID:1468

C:\Program Files\backup.exe
"C:\Program Files\backup.exe" C:\Program Files\
1⤵
PID:1960

C:\PerfLogs\Admin\backup.exe
C:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\
1⤵
PID:1144

C:\PerfLogs\backup.exe
C:\PerfLogs\backup.exe C:\PerfLogs\
1⤵
PID:648

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PerfLogs\Admin\backup.exe

Filesize
72KB

MD5
bcd56c1802cf9aa3f6d326c9994b61a5

SHA1
97aceaef048c8102905addd1bbee170eac53a42f

SHA256
de0f45ba3accafa9902ddaeff2c5a9b5d7c8a11dc9502c051515c29cc465eaac

SHA512
b8430794becd6894043f6fd913a355798e00fcbbf4cbfd69f6ca0bbb718fe024a2c5ee19ac370ec2e39d6719befb6a6e01e8c68148c6e55d4da861def14376e2

Download Submit
C:\PerfLogs\backup.exe

Filesize
72KB

MD5
9528c3d07f2b176a4237019ccc0e53ec

SHA1
268c7ee3119ce0c82384b077517ce2577da729be

SHA256
99dbaaf0c0b6a1eb52b3c6c7d9a794c7ca8d460b8f06e2cc1b34d2f2afce8297

SHA512
80fb3a1a7761b7c34f745844df72f5246cb37419c266901cb6c488a1c61ba7c1ac9c78b92ec0cf82f2a2cdfb11d453cdd0d699ee84c943712399c7796c308640

Download Submit
C:\PerfLogs\backup.exe

Filesize
72KB

MD5
9528c3d07f2b176a4237019ccc0e53ec

SHA1
268c7ee3119ce0c82384b077517ce2577da729be

SHA256
99dbaaf0c0b6a1eb52b3c6c7d9a794c7ca8d460b8f06e2cc1b34d2f2afce8297

SHA512
80fb3a1a7761b7c34f745844df72f5246cb37419c266901cb6c488a1c61ba7c1ac9c78b92ec0cf82f2a2cdfb11d453cdd0d699ee84c943712399c7796c308640

Download Submit
C:\Program Files (x86)\backup.exe

Filesize
17KB

MD5
aa5c53f8fe06b0250ca8c64a2cfd2974

SHA1
1a50d22f9e390828db8d9645dce5a96defdc15ea

SHA256
4dfa42bf89a447f71a721e413a31f4a0715c79682d1a3090b70be67a69c0ebf4

SHA512
3e6ce1a4a60cb01578e917d65aa4a1b5bf34e3a2805ec70fd80cdc186156a21281110bae4b4dad72d4b4bfd8930ac56099751d34a7d2a2af80a7847f69b58311

Download Submit
C:\Program Files\7-Zip\Lang\backup.exe

Filesize
58KB

MD5
f5c03344064b11be5229aa9e72d65207

SHA1
535a12b09c01569827a7d9ddf226e225f7495d42

SHA256
dd443d488dfc6673f7e4af737312545a4538bd9757572d091e1de8a48da97e19

SHA512
6c3f8d88af4e74f5e15edc4801f9c8037b4a04025ca3134493e2e68a2fd0bf2fe050c77ddbe84e903dce0a32ee962621bb06643a1ca245bba446d89af6449caf

Download Submit
C:\Program Files\7-Zip\backup.exe

Filesize
47KB

MD5
81a06e5b6c12e6dd02ae87ec655a8719

SHA1
756bdfd5d67831ad0cf4fc42de636a2719c29c9d

SHA256
c170198f3cb069d4747912aa8958d8b77c0413d27e25dbcd3077773d01b6168e

SHA512
11656235bdeb46ce0ad04dd9e4356d2dacd8a88f0945b7883ba04cc4785aa2508f579bc9ee1bc5ff7643ceb53170918b7d378263354402ba4e188e540591a672

Download Submit
C:\Program Files\7-Zip\backup.exe

Filesize
70KB

MD5
62a6164db656d1b1d0e275c57066c4ce

SHA1
249719efc926da49bb9aeb378597ef9b61c8acf7

SHA256
e8bcea2f5da14d662edc7b93fb9661fff5703a04d86e0c07d44e5510ea117734

SHA512
354d18a45d981e4b86833824fc29e22ef24e951d02d8cc2e7a54514e3d7e85ded639a8b5118349f165147784ceeb28d1c3755660138b07368748914b37b93e2e

Download Submit
C:\Program Files\Common Files\Microsoft Shared\backup.exe

Filesize
47KB

MD5
5bff1944cca0d0be0a9a2c49ca78dbfe

SHA1
6a2aeb447c9f513b7e3cfa05bb66a0ee7b37c643

SHA256
4a2e0d522d6262e92dc4a3e7490198c4780e413921f01a62f0ac3d6ea963fb20

SHA512
0e2738eee54a975409a2c99dddd43ac19b711b50af8969c6119902a504770439e7d6b0f352639e8aca6b9cf42b446ec82ae6b918d5cc20bb607b29c1f986d602

Download Submit
C:\Program Files\Common Files\backup.exe

Filesize
49KB

MD5
086fccb2fbee21410163e712bc5a7da2

SHA1
052b57e7adfdbbeeb08febd655f395a1d04279fd

SHA256
cd6e7436a46599b22c4d4d3b1db9d4f4a834d81d201b32edce94623a5edfd76a

SHA512
7e4fdeefe9ab2615d4345551242cea91213fa991a333935bf5bb7f43a2f7dec223e212022d909ec6b396e57fefe46576cc35ff0b472f4b19e86f8e75ddaaa690

Download Submit
C:\Program Files\Common Files\backup.exe

Filesize
47KB

MD5
3ea2509d3f9c2a00977798564525cad9

SHA1
60a69f01dfe188d2f5e360c57dcd79be9d4c622a

SHA256
b2157c88ab7bfae2389e4997783bd078ea40fac0f563323505ba57397afcc857

SHA512
3ec77073dfc667750197a924d6544a3dbfc77761744c869badd635cd232e541fe450293b2042e82f37f7676cdd33cf9f06540419cdb59cca432c25acbdf6a0e9

Download Submit
C:\Program Files\backup.exe

Filesize
72KB

MD5
f87a774690b570724a4d30834f62833b

SHA1
3a719cf8ad85ad66b2bd5cc6b8bbc348ac5da241

SHA256
8a00fffb240bf95f95eca99f142a67f2f56709d457d65e2c71a4abd5832b3cea

SHA512
a1c9181f06c634c35dfec41414192a2739f4af1fcff384c5c1c5912054897d01b0eb0482d424724999bc79181c23ad54f3a3b2b76ae83e355001a6513ec05c4f

Download Submit
C:\Program Files\backup.exe

Filesize
63KB

MD5
7729bfcf587ba79fb0e4e7d9d79e2cf4

SHA1
49615f05a8f7a6f7599ac2329b1c068dde06c174

SHA256
924ab127491154c53f9696183bf0390d5c43d3ccdb80f4c72c5793f7926f89e4

SHA512
64c1e6de8097383c89e980dbf01d51cca6297fcf8342111b7c03d1b5d835a15e109bb15cf63530a81c03181599f81d9d09110a16512ae350762b2202892f6c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\1467291919\backup.exe

Filesize
34KB

MD5
c517ccb834f1eeae08edeaf4cffc400e

SHA1
64bef9672f176d86f41812fe1f5c3d547e851028

SHA256
71eb8e44e5c82bd66825903732a6dbee24996efb52433ecdebac74bfbb21de7d

SHA512
433539380a29c6fea35369cae221b1d7664a00f0e170fbabc56b94e407861dec2fa40fcf3e0f2634c324a10109fea0a2b6bd05c9a363b9fddef2042b8f0c71f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\1467291919\backup.exe

Filesize
30KB

MD5
b6f5b6fe62018eb07c6d7e67d0586d57

SHA1
92945e11d729daaaf97b8c5489204dbab9c878ef

SHA256
6bee89a6d51ec0f3cbc06e441fc3c12679ebf1fe1c5d009c773d0bf427109065

SHA512
1ae11234fb8faf74b164ebf98a4ae3359f16ae64876a7102b415e16236f73c4eb1490f28adc7c4005287f4d23dd668afe7db69631fa240e39808d2a771f0c22c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Low\backup.exe

Filesize
72KB

MD5
239858aa8b7746b06807e864ee3a0cf3

SHA1
2b63f6707cd6178cb8e26cf0d371feb0146ac20c

SHA256
0750b768661779e0401adec25e42234cd6b5c5c07606c083669d5c8b9919bae5

SHA512
f3ad3a8a8af7b0e71582a693434e7166edc5faf1a2d886edb0761d9f23754afa838298d51b26c1604dd40e9e271a1d656ed204db61c43f3ce6f172460adbde1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe

Filesize
72KB

MD5
239858aa8b7746b06807e864ee3a0cf3

SHA1
2b63f6707cd6178cb8e26cf0d371feb0146ac20c

SHA256
0750b768661779e0401adec25e42234cd6b5c5c07606c083669d5c8b9919bae5

SHA512
f3ad3a8a8af7b0e71582a693434e7166edc5faf1a2d886edb0761d9f23754afa838298d51b26c1604dd40e9e271a1d656ed204db61c43f3ce6f172460adbde1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe

Filesize
72KB

MD5
239858aa8b7746b06807e864ee3a0cf3

SHA1
2b63f6707cd6178cb8e26cf0d371feb0146ac20c

SHA256
0750b768661779e0401adec25e42234cd6b5c5c07606c083669d5c8b9919bae5

SHA512
f3ad3a8a8af7b0e71582a693434e7166edc5faf1a2d886edb0761d9f23754afa838298d51b26c1604dd40e9e271a1d656ed204db61c43f3ce6f172460adbde1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe

Filesize
49KB

MD5
cede7d6b62d3014af7b433840d3bff79

SHA1
7e204197ade76a355fab16e7ba5d3304cb27674f

SHA256
1f319ea188c74b6338570ab3e643243c1f95c915bebee4d073f61b8dac63b78c

SHA512
53152dabdf20bf83e3fbc201c8a359c10f48220bc1e5c871286189990141b4569b58233074f515089c62e8128eb34b6a3880ecbd5a7f8201e4fde241c2b288cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe

Filesize
58KB

MD5
8cea40bd1f0515cb2601d180235d0792

SHA1
6658c2e05230e1ec479c38a64aceef815e3541fe

SHA256
a2cd643886d452d8142fcd600edae5f6b2e9215e1650122a7887e24a82f27b01

SHA512
c63f0ae3c7858c5c7421be779bb3594baef50df9a421fa8a3e17e8f851f746bd42bc777233390bf5d93c20bb7f07a0ab706e1a5392c48da8b551bf5f186be3ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe

Filesize
42KB

MD5
aa592a8dd1453701450fe483409a52ad

SHA1
7746f0954067aff2578420339d6b8ccc355e7a26

SHA256
30f3ed5bbe36cc3376d3feb2477627cd17c064755ba0c288c18c25cf81516f21

SHA512
8c2a815438bcdb9a2a39540bb959b96831b13c8a797736bdead1fb77231321424162a63b5278be464a8dd0719af33d5846e8d0d3ed444939e19cec8c35465a55

Download Submit
C:\backup.exe

Filesize
72KB

MD5
2d1003e16fceed260f85892386158c08

SHA1
9777f3719ccda67143e1d6dd770fa63f4ed68d2e

SHA256
ca2144de580824ad8f849a539a64a6f1b9589c23d031c2a080fc926c51201464

SHA512
2471c2ab5960aa2bf6701278aad105d8116ea903b08a2aecad16ab75332f45f947c1cc2549e6d064ef36cc1fdd67afebc1c1d96221a9326ec8956077b8862cad

Download Submit
C:\backup.exe

Filesize
72KB

MD5
2d1003e16fceed260f85892386158c08

SHA1
9777f3719ccda67143e1d6dd770fa63f4ed68d2e

SHA256
ca2144de580824ad8f849a539a64a6f1b9589c23d031c2a080fc926c51201464

SHA512
2471c2ab5960aa2bf6701278aad105d8116ea903b08a2aecad16ab75332f45f947c1cc2549e6d064ef36cc1fdd67afebc1c1d96221a9326ec8956077b8862cad

Download Submit
\PerfLogs\Admin\backup.exe

Filesize
72KB

MD5
bcd56c1802cf9aa3f6d326c9994b61a5

SHA1
97aceaef048c8102905addd1bbee170eac53a42f

SHA256
de0f45ba3accafa9902ddaeff2c5a9b5d7c8a11dc9502c051515c29cc465eaac

SHA512
b8430794becd6894043f6fd913a355798e00fcbbf4cbfd69f6ca0bbb718fe024a2c5ee19ac370ec2e39d6719befb6a6e01e8c68148c6e55d4da861def14376e2

Download Submit
\PerfLogs\Admin\backup.exe

Filesize
69KB

MD5
2dc4a005f5fea3f7d354a7e8530272b8

SHA1
4c15089d6fbfdb779ed6c65a1ca55ba6acc382de

SHA256
ee533d024549c7ecf5065d07f66e4d8a8f32c090bcde6c01ed5323945c494ecd

SHA512
e806686fe0978e1e0dae4f951796830cd0cbf5ad641f6a9a8c2f28f5484c248cbbfa585836a2d7f474ae67900286b3e0611ad8a515c422929d7d1b8c16626771

Download Submit
\PerfLogs\backup.exe

Filesize
72KB

MD5
9528c3d07f2b176a4237019ccc0e53ec

SHA1
268c7ee3119ce0c82384b077517ce2577da729be

SHA256
99dbaaf0c0b6a1eb52b3c6c7d9a794c7ca8d460b8f06e2cc1b34d2f2afce8297

SHA512
80fb3a1a7761b7c34f745844df72f5246cb37419c266901cb6c488a1c61ba7c1ac9c78b92ec0cf82f2a2cdfb11d453cdd0d699ee84c943712399c7796c308640

Download Submit
\PerfLogs\backup.exe

Filesize
72KB

MD5
9528c3d07f2b176a4237019ccc0e53ec

SHA1
268c7ee3119ce0c82384b077517ce2577da729be

SHA256
99dbaaf0c0b6a1eb52b3c6c7d9a794c7ca8d460b8f06e2cc1b34d2f2afce8297

SHA512
80fb3a1a7761b7c34f745844df72f5246cb37419c266901cb6c488a1c61ba7c1ac9c78b92ec0cf82f2a2cdfb11d453cdd0d699ee84c943712399c7796c308640

Download Submit
\Program Files\7-Zip\Lang\backup.exe

Filesize
61KB

MD5
4996be33b8b180f1023f0291c7d64ad9

SHA1
058ad012dd75baca7f38e68b7d47810432a1c76f

SHA256
af36067032d84e856254f80cc175ed445989fddbaa907a82eb284ba462873fce

SHA512
e8766f3b8f3353ecc60784cef031a8330531b3e4392a5d17e055a0c1791fa1f15b2251b62d98f2b01c4e7ff3cbcb878bbc83b8781d79851055873b4f980c13ff

Download Submit
\Program Files\7-Zip\Lang\backup.exe

Filesize
68KB

MD5
600f7565a8cf09f455eee10361213f6a

SHA1
e0f3a6a87f91305e211a96b229006e869068b56d

SHA256
502cf4dc7f744c4c3f855fedfe1cda4757fc57b4926fbdc8ca6c343dc267a55f

SHA512
c21ded7413f5f0a4aff1da840d960ef3ae155cf4544576aaf50d84bf386279d885811943d0e4c9cd311088e66348619d5f3252e788e6a05ee3a624bf37373031

Download Submit
\Program Files\7-Zip\backup.exe

Filesize
72KB

MD5
d16939dac9269b3ed20f15c585fd0203

SHA1
989f99008d3bdd1c7a96155c79544bb5f87e06fa

SHA256
07407bd3dad0f69f0676986b403e4ecf1d5b8a5eae394dc9b137f2bb34fe4703

SHA512
3af3dd68565c468f64fd91a65e57db2c08015b6de893e090da6e27bcfd94e2e5b0e6a3454bf7055c730672a2d1a2802892d84dd8e9df40e7e22b9acd11a7b8ee

Download Submit
\Program Files\7-Zip\backup.exe

Filesize
67KB

MD5
d84cad91640f46da397db3efa75771b5

SHA1
a759c384df230071de8c26128772e69fe36a8d50

SHA256
ced6432f626f2584c9470e246454f95f4bf3dc97ce85be76f6c98eca9a5a2db9

SHA512
5995dceb9873e631fa24c1758d98321d831f1ae3bae44de87597e7f0315d40ffed0890b3b1274dd3d5c328bab88844a6a4541f235ed844aa842049fb0d570931

Download Submit
\Program Files\Common Files\Microsoft Shared\backup.exe

Filesize
37KB

MD5
33f025197407d58291038a7bb433cd08

SHA1
1e1529e650b87ba764d3810206f29cb7a78c02c3

SHA256
3badcd85e37956202690cd52e9611dfcb012b784c9c335fc7c0c5a3422779996

SHA512
789e96bdc1a699a277f779fbb3eca49b3e29bcb5ab311af218a1748aa5210fbf00a018a130cc95253c8e52b9452302fdd7a610012811c1c54e539b0d2dca8505

Download Submit
\Program Files\Common Files\backup.exe

Filesize
65KB

MD5
970ecd449c4956952a314cdf8192836a

SHA1
285cf784acbe1ae620b0f33e6559af6e8b81db6a

SHA256
cb0d90f0505bc53aa590f5934a621d04291b52f8da1d82f16d71d694a5384b66

SHA512
d7d489b620c80164c33893dc8a074b24c566f251cbe3878ca094ce26953ca0e19c8d9d09884f2f4d93624468d2b8fbcbb47718dbdae7f67fbdd485cc290a9a92

Download Submit
\Program Files\Common Files\backup.exe

Filesize
66KB

MD5
6504687b2f2c9575573705360c4ad3c9

SHA1
77d665ed5a78ee934b2309200c653e3ac286967b

SHA256
c5c8f4af65abe61636197d9e5cd987bf7b54ccd3aa3c9ad62c0d85ee5d9895d3

SHA512
ae2b9c32a8a163902d7abcbc40c91178e819e46c1070a757c5706b841b5ee3be5def9c591cdae1ed6efadae193baad7b289741b029e9d2618c22c2432358423a

Download Submit
\Program Files\backup.exe

Filesize
52KB

MD5
311062273ae2aae87d102af1ad8fbeac

SHA1
d8c4eb9ad9ede9ecfb06b68fc193c1c25270a069

SHA256
480d4e0716f29aa82a75d521c08db1f2af300982cb4e3da381410dba7db5cad3

SHA512
851aca2151a8291c1a807dc9b653bd94ede4b9796fe619240cb7f65d8b3bc454ba7fb9746ffd8c3233b535c59e743d3616e236d20ca1a04ecc49f4dd07dec9f2

Download Submit
\Program Files\backup.exe

Filesize
60KB

MD5
7a0400da1ef3ef39cbaca8939cdd9dba

SHA1
9f9488667da4855fa047f46cbdee30b5e7278d58

SHA256
cc9647f6fa6c7cbd87ac5559db213eff50d37ddb0a1d19d5d0b50ce4605fd1c2

SHA512
37bd13173f4bed68322c0e429915e4a1b1c1bfa6d6dc3c3acd25609d0a846d456266e1518309e7510812440fb7e8c74387f1dbaaa11156ee233564cbfab956ad

Download Submit
\Users\Admin\AppData\Local\Temp\1467291919\backup.exe

Filesize
36KB

MD5
f5279174933efe7d70e07665afa155fc

SHA1
32f0827fd01e7f7c375683eb25e3c5b70c39d6a6

SHA256
e92b9837755b3e12f8fc7712c2fb23356afb98fba8bc0ba4d6cc416c4a6ed883

SHA512
5724b6864e419c7a90c1d4b67e943d3749ecdcf363e747081bec612e78b59f97b98b860dd42adce976b1024e63b19f323553cc65ec0137af2dab1c4210a4bc33

Download Submit
\Users\Admin\AppData\Local\Temp\1467291919\backup.exe

Filesize
55KB

MD5
183a3cd8272535ad2fa825ee4a3e37c9

SHA1
21d02153dd823efb9aafaccce61295ec18d1074a

SHA256
c3c46a33111d15d144c78f689c1b65f78e495a3b513fdb10c47c6095e4712ed5

SHA512
84a0de063ef003039e297e36b1bf123acf94989d09e95b0dc7eadae98c9d5078ee3bdbd3e5881dad73d69d41641690e768cbde40c86ac04c0cf84bd0d41731a2

Download Submit
\Users\Admin\AppData\Local\Temp\Low\backup.exe

Filesize
72KB

MD5
239858aa8b7746b06807e864ee3a0cf3

SHA1
2b63f6707cd6178cb8e26cf0d371feb0146ac20c

SHA256
0750b768661779e0401adec25e42234cd6b5c5c07606c083669d5c8b9919bae5

SHA512
f3ad3a8a8af7b0e71582a693434e7166edc5faf1a2d886edb0761d9f23754afa838298d51b26c1604dd40e9e271a1d656ed204db61c43f3ce6f172460adbde1e

Download Submit
\Users\Admin\AppData\Local\Temp\Low\backup.exe

Filesize
72KB

MD5
239858aa8b7746b06807e864ee3a0cf3

SHA1
2b63f6707cd6178cb8e26cf0d371feb0146ac20c

SHA256
0750b768661779e0401adec25e42234cd6b5c5c07606c083669d5c8b9919bae5

SHA512
f3ad3a8a8af7b0e71582a693434e7166edc5faf1a2d886edb0761d9f23754afa838298d51b26c1604dd40e9e271a1d656ed204db61c43f3ce6f172460adbde1e

Download Submit
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe

Filesize
72KB

MD5
239858aa8b7746b06807e864ee3a0cf3

SHA1
2b63f6707cd6178cb8e26cf0d371feb0146ac20c

SHA256
0750b768661779e0401adec25e42234cd6b5c5c07606c083669d5c8b9919bae5

SHA512
f3ad3a8a8af7b0e71582a693434e7166edc5faf1a2d886edb0761d9f23754afa838298d51b26c1604dd40e9e271a1d656ed204db61c43f3ce6f172460adbde1e

Download Submit
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe

Filesize
72KB

MD5
239858aa8b7746b06807e864ee3a0cf3

SHA1
2b63f6707cd6178cb8e26cf0d371feb0146ac20c

SHA256
0750b768661779e0401adec25e42234cd6b5c5c07606c083669d5c8b9919bae5

SHA512
f3ad3a8a8af7b0e71582a693434e7166edc5faf1a2d886edb0761d9f23754afa838298d51b26c1604dd40e9e271a1d656ed204db61c43f3ce6f172460adbde1e

Download Submit
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe

Filesize
36KB

MD5
54f3242676402928d64bf4904732f5b7

SHA1
6ed39b0a464ecba9132c11d5ed37504e2bb4db93

SHA256
74976623d66022da05d107c678500f44138ed19383318d1474064e86ecd65392

SHA512
1352e276a73c306f1cbf7ef2dc9dd706b5651f84ab70faa45dfe603c5345156840066976856289e9b27b9dee29265f991d296c581bb6ff929754eae119a08076

Download Submit
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe

Filesize
72KB

MD5
239858aa8b7746b06807e864ee3a0cf3

SHA1
2b63f6707cd6178cb8e26cf0d371feb0146ac20c

SHA256
0750b768661779e0401adec25e42234cd6b5c5c07606c083669d5c8b9919bae5

SHA512
f3ad3a8a8af7b0e71582a693434e7166edc5faf1a2d886edb0761d9f23754afa838298d51b26c1604dd40e9e271a1d656ed204db61c43f3ce6f172460adbde1e

Download Submit
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe

Filesize
61KB

MD5
17529de0d2d543801cf06b5c71f86c6d

SHA1
afe2c9b88575703ed89ba5252395d1cbcc664f94

SHA256
0b68ecface02926f5848b749d8be93ce2ffbb232c77cf2e13ac231b4b34e6075

SHA512
aa2920a103fee6420828ce1b35077712831ba382544f73a7e95c0576c68acd293aed3662e906d13c65f1c831b45c8b88606f232270bceff97f987e844dc2041d

Download Submit
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe

Filesize
37KB

MD5
ee0f34f70d9fae21e26527810b993cb4

SHA1
e45abb44ef1fdaef242702be96cec38da46a45b1

SHA256
8ed92f558ce3f052c5a05d2a1db77d1e91f714983608d6559de7688966a95424

SHA512
04be5b7db37b134b0dd445ed1b2634e2c39f0e7a54f9b3d9c06321c403cda3c5538700e95708ed833c75e30ae247fc4346cf9c529faf672864297f67a0a9b7a9

Download Submit
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe

Filesize
33KB

MD5
3a54060f324038c08d80fcb4ca6b6903

SHA1
e772304fc9e532a34d4081444800731ec9a6b906

SHA256
cb8e0b90302cb2b2af4d28ab3ddb238adf2f131259f336e8d769881c9d1ecb0f

SHA512
64dc1ed2d59b5b3eb8cf88c40f21e94de6c5c88aadeedb684a84b96b45e14a008ce7fd35bee0d5fe18c10671279107b2d08d0fd7a91d5e3ac944a7a17e17823e

Download Submit
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe

Filesize
32KB

MD5
36c2d2137831987b01bb64314c11cae4

SHA1
26d902dc28666270b8c3715bbb001633ffe1903f

SHA256
ef8e7fdae4c9d22733df16ad7e7e8e7bb6eaa9a983f6b58da093dbf10a616661

SHA512
641b9ad95d692a14c9d5f8e61ed292d9a7c55822c518a6ab5c80074cecba7f44909c30b81433aca26626edf06fbb2449f29bc445de1396f5d766519cd055a7bd

Download Submit
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe

Filesize
62KB

MD5
3e27f94670388833a9bf44bc9a98697d

SHA1
974cc344b1c9f0fb2714a3be12d3118b17ea60ed

SHA256
e30cf1ce8c14f88ee6bd1a5579a2488b90380473700144da1ab1a1471c94a9af

SHA512
d7ff6b63449e9598a9796af3c7dd0d8f9d7b9d7b9dd6f3c89372d4c3a76e4458cfc5e17c0ead26a7f3a30e4fc8359c9856b3b8b5607bd19f9ec39790fd30fc85

Download Submit
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe

Filesize
66KB

MD5
b86234276148820841937c04a0d31e09

SHA1
4941feb2be25fd2b02aedf26c3c2a65710941e7a

SHA256
255dca7f94b5a745a9f282b25e20f5fa7dd323c937c9b36c9c3b82b00bb14e9a

SHA512
5a3e42992c8423e7a1b006ec7eeb404a753461d90a39883b2c52e0edfc530ad37382210f89c8fbc1b0a628642c478caebcde4f7e0894f0bc207211c2938f8ea1

Download Submit
memory/1920-132-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads