Overview

overview

10

Static

static

bad749cf90...70.exe

windows7-x64

1

bad749cf90...70.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1s
  • max time network
    57s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-10-2022 05:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bad749cf90bba616c3b4dc66bcc60a62b3bcd6286b731e90740f578a0e6d4970.exe

  • Size

    779KB

  • MD5

    d1822b2bd8c78299a0d9b89548800861

  • SHA1

    9e04cf773926d88d69d617289a3d413c915a1447

  • SHA256

    bad749cf90bba616c3b4dc66bcc60a62b3bcd6286b731e90740f578a0e6d4970

  • SHA512

    8e4f805c2ff1ba145f1544d3c68b8af834ce557aba1a43d6fb6622cfdae259bec7a65f4a7edb889a2c600c5b838456032f1e40d0c44da48088d56fef9b537e9f

  • SSDEEP

    12288:QK2mhAMJ/cPlZZbsRcrjztWwctzEDwU4FhTtcc68h7UHy5y+TS4SMQaD/FYkSZQI:N2O/GlZZSc/zcwSQ94j97Aml9SZW73cF

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\bad749cf90bba616c3b4dc66bcc60a62b3bcd6286b731e90740f578a0e6d4970.exe
    "C:\Users\Admin\AppData\Local\Temp\bad749cf90bba616c3b4dc66bcc60a62b3bcd6286b731e90740f578a0e6d4970.exe"
    1⤵
      PID:1628
      • C:\Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
        "C:\Users\Admin\AppData\Roaming\xdkqa\cvfts.exe" erams.qjj
        2⤵
          PID:876
          • C:\Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
            C:\Users\Admin\AppData\Roaming\xdkqa\cvfts.exe C:\Users\Admin\AppData\Roaming\xdkqa\MURFG
            3⤵
              PID:2016

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\xdkqa\MURFG
          Filesize

          29KB

          MD5

          4bf8a273570f3400671e8311a72317be

          SHA1

          905fdfdad7a5bf76d88b8d332d2e37d01f9f4bf1

          SHA256

          66a2518c216c0cbec1527d5ec5365a616654ffdb100de0934230aa7cf873d97c

          SHA512

          599c269ba51b89c9fcbf738df64499f8976f9227be80b7af7097c36ddb0830a7d62976043ae101970197b8ea44b592d11ace23c59a4cf2427fa50a3eab9a4f9e

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\YMQGIX
          Filesize

          12KB

          MD5

          560b4aa3fd209bce8e7a17fe3eb2d504

          SHA1

          aa6a2400b2d6d9cbd6e13babde7d342ba378d420

          SHA256

          8d4a0dcb9411aa81c597bc4a8d55419402651ab6f04e661844644a4ef9b23d3b

          SHA512

          80b3ade3e8b2a6778b61595a5b3dd04e42fc62380a95a857549e88527d86f0ec9127a9ea79fdbf7b1f218368701bb186c314ac8509bf94ec8cc52637712125f7

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\biqkv.mai
          Filesize

          715B

          MD5

          e1c916e6c61237903f840887f1905de7

          SHA1

          17fe92a7872bf76f21fdd5c239046094465e3608

          SHA256

          1df7d095be52f8929793cfedad7bb8b08815c2f8630338f623e11ba30c7c55f9

          SHA512

          1d4c3511b5e4547a0dcd6d751319fb78c82307abeabbadc7abc387928e31c2810c2e9eee8c865dfaec5dc6d6f5bdd92b5afdf4bb7eb5be72b22962bad375432a

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\bqkin.ghb
          Filesize

          518B

          MD5

          3140137ba775ee3755f2cac17594671b

          SHA1

          0a3245e363966da6dfb6068adc568ca179319311

          SHA256

          ffa9d9dfb086537d56345becc58098ebf80c21edff724ae1006952f126425090

          SHA512

          bcd84fa42601fe2b494177a28322cc1df48423063f6dbe5e760c64862c96e4249b22131e47dfb6b7c439c1a6c6270b17e1aab695be35b22e29ceccd0774e371c

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\cnwuc.qmq
          Filesize

          490B

          MD5

          215eecb607900c112dc001aefc537230

          SHA1

          b8bd78aa40b27baec9cda9defeaec1e1b2edfc1e

          SHA256

          800d1699fac1d5f81808d5ffa0182a7468dd2a37b8df05929e1053450438a1e8

          SHA512

          b5c229129383159b2607585be98860cae28cd4ad31fd5a8f0a7e54c2d663656b80c4504ef49060adbd6d6e9a63d51d2ac2029955745794933a2f4c810c35020e

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
          Filesize

          53KB

          MD5

          64f3ee029074cd02f49ee3cfa430c203

          SHA1

          ea2fd724cfb5aa70ad0c549e9e3c40d11a9869d0

          SHA256

          dce05f21717727624db2392a1192155b6607bc0644171c58929d29d12311aaf7

          SHA512

          d5aed033c96c2ab62f3c17e380f8a00a57eefaef3c4ebbe8fb4c1f1ca22e1915e9d2960ed061f9066c1960c49e68d203c5f2c986965e50c0cda3b44e5962b161

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
          Filesize

          50KB

          MD5

          14dcd89e6912ba598aa99e525b90f313

          SHA1

          902efc272d7a204bb027e15bf7e6360688621052

          SHA256

          bf1156bbe932acc9b474d559d565791d2f0e774d57487a8426d3ecffc29d261c

          SHA512

          a5a4bd53a0665cb4e835a18a269859dc5d1aaa0cac5706e8d359e71f2e8bc5998612deb87edee74e07a9cfe06f1bb98d559c2e30a1b708f12417ce4763ce2008

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
          Filesize

          12KB

          MD5

          cba216aa634fe06367492dfca7f96d7f

          SHA1

          4c9880d660707109c6826d809781fcd1dc05b9d3

          SHA256

          939bbb5b9b6a3982db17fc7d9549c83034c79ef8c39d15bc17f79138669ca849

          SHA512

          cdbbf85e3d2a60e7435a6263dad011e01b28e0f8565eb6496ea29a137e61292dccafbb3a457b0f0c570ef867828c22e81cde1bbddf27bb67039a11eda38ec17a

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\deefo.boc
          Filesize

          614B

          MD5

          03a0a784e0f4af96e7d0d477b314c09c

          SHA1

          eb6f0ae424fe0fce5be59ff31194e74526a1d3b5

          SHA256

          d24f376c500d63a801d7b781546b4c6a03690b421e9caee796b2f5bff782fbc0

          SHA512

          8ca10e491e4fa233f54dfe7784ab5af85e2ed0cea43fc690d8ae7905d9b45e7de351ea42d893b2bb8fe4634de736bcf5c7cee04a9c7720309234009877849983

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\erams.qjj
          Filesize

          47KB

          MD5

          471095e3412cb7fe22a68c3144e46248

          SHA1

          c7e3e8b17f7f23af402d281aafe410ae117d073c

          SHA256

          f7607f4bbd37039a34023b2e31351140e5c0af3e3697ca419acaa258ee2e9f6f

          SHA512

          f7e64852e82ff84bbbcfeb2c35da9840a2909c6a7ae985617a4248783c787ee2fabc32b7d197256add01f4c082af9b709b1fc36f07ca67402285d5cb8753f2e7

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\ipcne.stv
          Filesize

          69B

          MD5

          0127ada206fc0d1199e2b5aeeae08b71

          SHA1

          1c7581ff1f0e89da2462abd556d5c400e935f7fb

          SHA256

          1f97bcf15c0448e666c276ce8d020310076c81a4fad956150651acd46a36f1e8

          SHA512

          9f09045c6153061917ab90c56b688fd9c6419cea45c034ec1bcc2167b94c8a2508770a509538ddeeb28e10c6aef2215655c03d1664e52c0402d47f8522a5bf0b

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\iumje.jeo
          Filesize

          322B

          MD5

          407993b4990acb2da91ac69a7cd0f7e3

          SHA1

          c4dad33e31e42af16452b4d83d084e067ad4b598

          SHA256

          bb78378b82c74348ee170843d352276f0190b49fa2f7366b4b0cd45f142a4a87

          SHA512

          5ca2b25826033296493ea1014af1591e83f4f7ca43d9aa88197a1f25a6f56744300b35d4518bcbb0d7c2917b361d0664a1590cf4b2c592ff510a0bb0595235d7

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\jculp.ipb
          Filesize

          151B

          MD5

          4f8ae0125c7c832ac365e32a38b4ff7c

          SHA1

          24c44872dbcfef9954743174eb1e8541f23d2308

          SHA256

          debebd06b840708f2f7578a4c7ad2a74806b44e610ba972f243b8a5e5c85a5b0

          SHA512

          9f5417740332315f01c17aecd1e065babcc188fb3d3d83e4c38b3841b4afa7bba55b76694d48f5a20e340e773c021e654cc00ba6a94d6e05545eaf1ac071a87c

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\kc
          Filesize

          14KB

          MD5

          fdf8358fb7e4b221d16a358dedf3550d

          SHA1

          e24b2f02e978d03a2abfb873834dbfdbada55e81

          SHA256

          6e314e46045db3ae087eca3e20a837b95753b35288b1f6286d2c4961b6123665

          SHA512

          637a32d981dc313f098dce8f3707ee4a05aa490e13bb09a7d94e317ad5480a3b559abc8daf525d2163d1c921dfe8e9e879fb2ab4a8e4e638a102adf6a857adb5

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\llbha.eml
          Filesize

          232B

          MD5

          06016c50ccd23723695f988848c94e57

          SHA1

          3bea075bbf64c144357ddc7bd2d00c70ea77381c

          SHA256

          2b5eb6c09a4c267c3b113844c93f0ed908831db1b4f17cddf718d9eefb02e1f0

          SHA512

          dd1c970f0a2c03bfd50307b10cbea2a0645b67d1866390be1b62a2ee1bd286f1c1b5a60f1e35e8f373c13c494e94fdbc055b2d1fceaad32481d5e114e054b43f

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\ormtx.nnt
          Filesize

          344B

          MD5

          bb4ad69dea7cb930513207431098ace6

          SHA1

          794bdb4034ad40ed2f85b994c816a477a186351b

          SHA256

          dad2de178c582a5e0cdf20bbe5fbf9cb86d182f6ed4ed8027ca348d5bba52d89

          SHA512

          285934638f6242d06638ea9d5d0ac0fe5fe5768262e12a2529c5201fbb359751314745cf1bd2fce35e231c13189a262ed740d979df286303e3b26568d55fea2f

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\todjb.qtg
          Filesize

          97B

          MD5

          c35bae4817a01d7c33f0e2dfa6aa4acf

          SHA1

          6a3e28ccdd748e2030ebabc325f44c1cc87e9635

          SHA256

          51dd06889efd0d10b715d156f7caac1ea24b3506d2072192c5fd1e5709e57250

          SHA512

          14ad502ae6e92d1edecbedfd42529b8b5674f8801c9300f567d0ab34982524b1a3e632dbf9719d65b1b42910bd539a63710c2f67f93cfd819cac3bcd146d5c84

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\tu
          Filesize

          15KB

          MD5

          de87f0937b6a0a402b3b09645d5828f5

          SHA1

          e1ebd096b4eb1d49db27fe8ac6106df9c8e28a6f

          SHA256

          df28a237c4b1cee01a68b440b4f56536a9a47e6485fc81b55ec8856435d78722

          SHA512

          f014d5e1e17760e63de132b8b2ba5a88ccc5ae32df520f45e5c2802295215e58d428d4ca673e95a58253cdc238dde7c4e6c2747e6a80d943f8712010f1faa6cd

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\uvnof.trr
          Filesize

          294B

          MD5

          8712cf87b2f9408098f527144eec7e1a

          SHA1

          c616d9e41bf69b19b3fa4b3e641c2b5f9ae5f07c

          SHA256

          e9b902446216a4d957da17ffd38a84d3214e05da3bc749333ce5bf706bb06f89

          SHA512

          9415913823914bdda784bd8c7f82ba278f437c40dc6f92ef33fca23d816b93e57bb1e1e6b04c5feab1307291f46c8f9bb7045291512ada48eececec347218286

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\vbcju.fqg
          Filesize

          112B

          MD5

          b7af9a9105f2fcd6609bb1c8c03483b7

          SHA1

          fcd3a7d9d4a7553d72b2d81427f66de98ace3ccc

          SHA256

          58894fc086c297a053afe4aaa9fbc247b4db75ad66318ba9a69a5ee0089d3275

          SHA512

          9ffc73635e67aa6f060c623f6aaf57ba10244211e2d631833602eaf528cb90a7264c228fa546b7cfb14c00d74ad324aa4b19b9f0ef48251299e124c7809f5382

          Download Submit
        • C:\Users\Admin\AppData\Roaming\xdkqa\xlqhq.llv
          Filesize

          228B

          MD5

          6ccd6fbde99d702c3a8e9945d7f95f80

          SHA1

          a022325da53f57be088a8cc4c39801b2b98e3b11

          SHA256

          0c291881413ae95ac9399bd8fe7ed295112f191ca5bc4555632c831974290b42

          SHA512

          8453ff36eae89c392d62b0f36aee025e182c4930606d0b832a9aed58c090f8a24ee453aff19c16c17d74ef218dc2b37e62b0876888f6a36ba5d008a02337fd24

          Download Submit
        • \Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
          Filesize

          28KB

          MD5

          a9721c92207ef1afc6f1ca71c53cdfef

          SHA1

          ea12c3c1459ec5326442ff900db3246dc77f87a2

          SHA256

          3bfdc31dce5341b7d4ac389fa73bdbf7ef272f78d057d280a8803bc139648756

          SHA512

          b8902cd9b8a5050113f27a79985ec980db56ba8fede7a019d0213a170e297a1f98546feb24a2b7cbc42e71126a7008d4face619aaef2d5e3b748643e8163907c

          Download Submit
        • \Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
          Filesize

          23KB

          MD5

          cdd08e9a9bf492cbde756c2f742a1ddf

          SHA1

          ae34a34fd0bbe174b9cfef26dda86fb1e7fb9cea

          SHA256

          a609b19db0ce5296516f9b67acb948e09def994a0371628ce709534b86c1ce42

          SHA512

          f67c772cbcc63c4cf0dee18f3a0cb741fd8a7fdf2623d5bb3bad1b828858c53a29c04c53df9b7427dd328c94bc73b228c533ffd4606167bcf3d174741ccad6b3

          Download Submit
        • \Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
          Filesize

          27KB

          MD5

          eb31b8a77ce19a349e0f8f3ec310f2cd

          SHA1

          be1fee0cd1eef74ea2b372dedd0b894a369edd00

          SHA256

          52622fff267e853b3aef0794dae3a9ae55d1bedacfd846b18f9afa254bc77577

          SHA512

          e8ba40b30d6fc7843132570e4e466bcd81170b0cfcc3f5e99fe880834777ba3307af13690ee3d0b92195bec76300f8e8ed16b20dc1b00401f2eff2638840bad8

          Download Submit
        • \Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
          Filesize

          20KB

          MD5

          5ed90b8837c60975ce67d851899cb4f1

          SHA1

          1bb2e39ce4f1c9a012b59d679faa23dd0ce2aae2

          SHA256

          e35c5f4f72eab84c1af04e3170f1e488a6add97b00d1f1ece80742c21b82de38

          SHA512

          a648a6b1fb3133e3e5258037945915ee72eb802f87733bf705758cd9b36b4e6c78c6b0fa7604a07eaf6a055169d47b88eaed860f9ddecbfabc670186f708d5bf

          Download Submit
        • \Users\Admin\AppData\Roaming\xdkqa\cvfts.exe
          Filesize

          30KB

          MD5

          2e974672f6213125a22dc1384b88acf0

          SHA1

          1769a10699b8e8c45456a0effed95ef6ef316411

          SHA256

          e8f4d27e88c1aadcd9327e152b35be1a0e123c1e2d20693f597dc889c24efe8a

          SHA512

          dac70c718c07899c7171114702dae9e2f53ae53d616dfe68c668e56e7a72bae838097d351231c890b8d5769dfd07795fe8af36544728a6c94ceed863a2a2ad4f

          Download Submit
        • memory/876-59-0x0000000000000000-mapping.dmp
          Download
        • memory/1628-54-0x0000000076201000-0x0000000076203000-memory.dmp
          Filesize

          8KB

          Download
        • memory/2016-81-0x0000000000000000-mapping.dmp
          Download