5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 10:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Size

124KB
MD5

a2ccda2d64349c3638e3a27b8f7db2d0
SHA1

2c3ca8e6cd64f0f0d47e836c070ea19dee9573cb
SHA256

5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332
SHA512

d43d5d05cdc0d1d3c7550fba3e582ec55e88899e67ba61e3f825d0ca6dd1b6e61ddf2e0560b62dec74f171c98bddc45638f8e11b9bac274a4dcc187acbd10b48
SSDEEP

1536:sZe6Q0BzI74/b9eBeGmeJg5B7x3uhp4UOx7Pq1zHvesZrVjihWAwBeWb0:ommq1zPesZrdFj/o

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\emkkknaw.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\lcvhpvmm.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\vnpeclvd.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\eioqgcap.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\frfcowwy.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\jmoucsax.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\hyyfkxsy.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\iqefpzgu.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\tmschaos.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\zkrbqlts.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\psfkbear.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\uuqpfmnd.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\gepgsagv.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ajtpefrf.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ceiapmkp.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ywvadasx.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\tztjmsiw.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\znftyyjt.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\tiorpkzg.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ptclcqhm.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\nscmpvxs.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\iqaercgu.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\pscdiikk.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\nfsoqubz.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\kqjudrso.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ugsnchsh.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\dwkcjufp.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\picctwhf.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\iajswpdn.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\geedbpcd.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\yxdhlffs.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\tuutpnws.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\yffmnddj.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ncnlnqdk.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\pbixjczb.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\cbnmqxne.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\khbbexum.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\vwfcnrvy.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ewxfijsk.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\egvwmgko.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\jgitpiou.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\uvqloedj.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\snybaonu.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\qmmurpwy.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\lhjgbjmd.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\svdtgnri.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\sffccjnn.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\xenybjcs.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\uxevuvdq.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\luavisvw.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\mugsmhgt.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\pqybxlxg.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ulxegbrs.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\lyhoznyb.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\klozkgmp.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ibkbfjau.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\xhhqrmzc.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\qfvqkbpn.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\fosobdyx.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\tzkawfsn.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\mwplmiar.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\ljzzeenc.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\abdbqbvl.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
File opened for modification	C:\Windows\SysWOW64\xwfoxwyc.dll	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe

Modifies registry class 40 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32\ = "C:\\Windows\\SysWow64\\tyasuojn.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\gsxzsguv.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}\InprocServer32\ = "C:\\Windows\\SysWow64\\mudddsba.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c73f6f30-97a0-4ad1-a08f-540d4e9bc7b9}\InProcServer32\ = "C:\\Windows\\SysWow64\\mczzvfgq.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D}\InprocServer32\ = "C:\\Windows\\SysWow64\\yffmnddj.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22c6c651-f6ea-46be-bc83-54e83314c67f}\InProcServer32\ = "C:\\Windows\\SysWow64\\cssswowz.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\olgukjee.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\wcxsgiim.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\avjwjtdn.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\lulboqmf.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\aivslkfa.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B35A261B-B9AD-DB1E-26EA-A5A3E886974A}	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B35A261B-B9AD-DB1E-26EA-A5A3E886974A}\LocalServer32	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\mwenkrvr.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F748B5F0-15D0-11CE-BF0D-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\qbwyadpd.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7A9C6E0-EFF2-101A-8185-00DD01108C6B}\InprocServer32\ = "C:\\Windows\\SysWow64\\mhralhjl.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B35A261B-B9AD-DB1E-26EA-A5A3E886974A}\ = "rnzogwxdrbzccaiw"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\qosxmpwa.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}\InprocServer32\ = "C:\\Windows\\SysWow64\\mxixmzug.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dkthrhxz.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32\ = "C:\\Windows\\SysWow64\\yxdhlffs.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\plorcitv.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32\ = "C:\\Windows\\SysWow64\\pncubwbh.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\hlacavnw.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\myftolet.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\wtqvmwwe.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\uygkuyzf.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\reorvdsr.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CBBABF0-36B9-11CE-BF0D-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\qmmurpwy.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B35A261B-B9AD-DB1E-26EA-A5A3E886974A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\hqmemgkm.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}\InprocServer32\ = "C:\\Windows\\SysWow64\\ivefnytb.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\wgptofqk.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\wrjlwooq.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC9F2F90-E877-11CE-9F68-00AA00574A4F}\InprocServer32\ = "C:\\Windows\\SysWow64\\hajndrxb.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}\InprocServer32\ = "C:\\Windows\\SysWow64\\ibkbfjau.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}\InprocServer32\ = "C:\\Windows\\SysWow64\\xihdpznk.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\pvdbehxt.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\ydeioint.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}\InprocServer32\ = "C:\\Windows\\SysWow64\\ilznhyyr.dll"	5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe

C:\Users\Admin\AppData\Local\Temp\5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe
"C:\Users\Admin\AppData\Local\Temp\5ccf2e2ee4ee3470140798f874ae82c488aa2c9da55c3a748130b60771b8a332.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-54-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download
memory/2016-55-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2016-56-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/2016-57-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads