cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7

Analysis

max time kernel
58s
max time network
4s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 03:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7.exe
Size

58KB
MD5

5cad60cb76b696f702461fe56db3ca1b
SHA1

01b13f41ee2bcd6ed008765266c6cf2baa81a270
SHA256

cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7
SHA512

826df3e940ad475520250af09b1b51411d8cc065130215b6b7a44e55a1b8bb46e27c114e57d05b02492c37f8db56151a6bf15e835a2bc24b3a6c9f378159d133
SSDEEP

1536:kZ8/1BIMD5M/RguiBiUm7RRflSCuAP4hwcZ8E:9BIMD+ZguiBU7hcC4hRN

Score

1^/10

Malware Config

Signatures

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0804EF98-6C93-EC08-12F9-CF84939F930D}	cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0804EF98-6C93-EC08-12F9-CF84939F930D}\ = "brrqenejkbjxqllx"	cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0804EF98-6C93-EC08-12F9-CF84939F930D}\LocalServer32	cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0804EF98-6C93-EC08-12F9-CF84939F930D}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7.exe"	cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7.exe

C:\Users\Admin\AppData\Local\Temp\cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7.exe
"C:\Users\Admin\AppData\Local\Temp\cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7.exe"
1⤵
- Modifies registry class
PID:4264
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /installservice
  2⤵
  PID:4312
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /start
  2⤵
  PID:636
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\cac5801fc03eb4b44336b86e85e857c884ce8e10a26a996baea43b7cd5ad93b7.exe
  2⤵
  PID:1448

C:\Windows\SysWOW64\urdvxc.exe
"C:\Windows\SysWOW64\urdvxc.exe" /service
1⤵
PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\urdvxc.exe

Filesize
22KB

MD5
006b2592f55c12ff7e23edaffae3b5b2

SHA1
c78fe8a6ebb7909ab26419aa70633cbdf7dfbda0

SHA256
26169eaa724bc3b6ea6d5aa0d08673b186ea7e5818284b1d499ad6d834b03c05

SHA512
d5ea5e6970bc4013b4da856b68fa5a837899a22d6046e6dea56474c86a13f9cf7dfca807fa450bf48a9c4322b946642a1cb660d1c371270284f8ef20cd10c36b

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
26KB

MD5
625124c5c8e835de69d83c99b31422a4

SHA1
1ca58c9301f3f5045813b6da80b20de056294ccd

SHA256
fe097b91f9cc377c92c02973ff13576871322ec19460866f076270b23fe30046

SHA512
ae2542384b8811acf03ec558ee4432543b15e0fb56b01119c0cc17294777cd54e606bb756af877644f47cc37560e8d01f102c8c511a0b2f46b7dc8341f715d2b

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
25KB

MD5
bcec441fc4d7f5c19959facbdf4adcef

SHA1
3a9c1c0d4bee66638398594576cea3c934e0263f

SHA256
09538814b407c9dec540ef04ee6e6070a93bffbb2e48f3caf458a60e4a5fbfc6

SHA512
597b2f48045278d3d13b56cfb37745d935ffdbd92cb7f8c16dddc4bf36ce047e48ce539281f76af2336ff9105dcaf6c75a6c19fd9f89a598bb55c47c18a9b084

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
14KB

MD5
5f82cd08f6e49eaff216cf3e437adfad

SHA1
2b37193faf85c04967fbbd1cc50d75760487bf99

SHA256
c13a0f4cfd2a752b43004bf62c0db068c3f2086f27d338090039ca4dd648ce3e

SHA512
3dded163e6b90934961f264d6288a21568f11ad45fd33f976bb18eecaeaa120f622af5f568bde6d80f41e76bccd544a57489735dea0c28b22c8fa771e1426c4d

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
4KB

MD5
a562fe2a0bdd92dc7e26a58eca4f4cad

SHA1
6c4d779b6d903e3acc9389117b17c45a5fae3e44

SHA256
06cd562223c6caa2cf1ed11156dfaddf43b8b38f00e655f6df7aa46626385cfe

SHA512
3d28578afbfd41d63eaf68b08d8db7c0b6189594a973782aeea8cdb4f11e1ae4fcb7b877fb42ab0c27bc3d325873d2a654dda7c3c4adb6fee13b5bf37c45a154

Download Submit
memory/636-141-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/748-142-0x0000000000510000-0x000000000052F000-memory.dmp

Filesize
124KB

Download
memory/1448-145-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/4264-132-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4264-133-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/4312-137-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads