628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5

Analysis

max time kernel
174s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
Size

591KB
MD5

a2a1b1d9d3eb5b8b58def67300ccb100
SHA1

bd8e9e5d1d0578169fb29a0c84a5dd92c267eb23
SHA256

628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5
SHA512

3f98e25e2f04400688d352b52e9a148f489231599fcb37c11d37e077c8c30787f2c6aca2a90803ca0e0798092dff97aac87981b95bf901a670455dcd1dbea8d3
SSDEEP

6144:haA+YfESSKRzSBhMmAMzbgTJlQw7ZYIW7lEykhC6G8GYx:haocKRzSQmpgTJlQbIW5EykhXhx

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\cliconfg.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\compact.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\ddodiag.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\sxstrace.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\takeown.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\cttune.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\mobsync.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\nslookup.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\replace.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\taskmgr.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\instnm.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\MigAutoPlay.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\cmdkey.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\wowreg32.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\autochk.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\doskey.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\LocationNotifications.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\OptionalFeatures.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\setup16.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\hh.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\pcaui.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\SyncHost.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\vssadmin.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\cmdl32.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\diskraid.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\drvinst.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\mstsc.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\NETSTAT.EXE	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\runas.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\tracerpt.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\WSManHTTPConfig.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\hdwwiz.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\ndadmin.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\rasdial.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\sort.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\attrib.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\dxdiag.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\EhStorAuthn.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\sfc.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\findstr.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\perfmon.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\raserver.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\winrshost.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\wuapp.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\icacls.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\SysWOW64\InstallShield\setup.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iisreset.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-international-core_31bf3856ad364e35_6.1.7600.16385_none_459f562ff37206dd\MuiUnattend.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.1.7601.17514_none_b8bffa4921e2a435\mblctr.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\migwiz.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d\printui.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.1.7600.16385_none_8fbb77bb3cd808d1\pcawrk.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_6.1.7601.17514_none_352b5454878cd498\AxInstUI.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-autofmt_31bf3856ad364e35_6.1.7601.17514_none_441a424cd5cda219\autofmt.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deployment_31bf3856ad364e35_6.1.7600.16385_none_57e3e87206ff08ca\setupugc.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\find.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cttunesvr_31bf3856ad364e35_6.1.7600.16385_none_4befc8eb38093bb1\cttunesvr.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_5269b9a9a14782a8\efsui.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.1.7601.17514_none_412fcd2afecdc412\mqsvc.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_6.1.7600.16385_none_fa057619380ff901\nbtstat.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_installutil_b03f5f7f11d50a3a_6.1.7601.17514_none_0826be6cc9481df4\InstallUtil.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_6.1.7601.17514_none_cb4d60191a09a7b0\PresentationSettings.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\ehome\ehmsas.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File opened for modification	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\relog.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-anytime-upgrade_31bf3856ad364e35_6.1.7600.16385_none_fb591b6cf023ade3\WindowsAnytimeUpgrade.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\typeperf.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_df35b5ac03866e22\AddInProcess32.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_5cbb962a4f0d58c1\comp.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_975df0a6f5a54628\gpupdate.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mountvol_31bf3856ad364e35_6.1.7600.16385_none_0e4e6b146b2452a9\mountvol.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.1.7600.16385_none_ae2743278c281682\net.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_855590d1705431c5\findstr.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_6.1.7601.17514_none_843a86a1bc33fcd1\bfsvc.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_7547f48c79b40229\msdtc.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\IMEPADSV.EXE	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6\msiexec.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_6.1.7600.16385_none_e47ee9c51ad9df17\ktmutil.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\autoconv.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_6.1.7600.16385_none_244ae8599e6d81bb\hh.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7600.16385_none_d009281f9a108e04\mshta.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.16428_none_a827c83273877b14\ie4uinit.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4\rrinstaller.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_02bb0612dc529329\diantz.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehshell_31bf3856ad364e35_6.1.7600.16385_none_95955bd51390781b\ehshell.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFault.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-getmac_31bf3856ad364e35_6.1.7600.16385_none_67f38861bbac1910\getmac.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.17514_none_097346be305f3966\fixmapi.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7600.16385_none_23376bf5921e7b63\auditpol.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
File created	C:\Windows\bfsvc.exe	628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe

C:\Users\Admin\AppData\Local\Temp\628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe
"C:\Users\Admin\AppData\Local\Temp\628c2fb6c6d40a5c3197267ad9dc36166babe81a040a7ed3e8273a6b581e13e5.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1372

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads