5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 10:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Size

320KB
MD5

a2f1003cc63b140abe5bde19a55d4040
SHA1

f41fca3e68634c9c89c1301dc859a10a84c12e6f
SHA256

5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08
SHA512

808ddb024ccb22b92f1ed25db27b268df87c30973055a03b0ef9c62b273bb3966458a1412eb103cb84b64ba4d444ae94126cc165f05e25281961fe3ceebef58a
SSDEEP

6144:HV2LnvH2RfS155ONNXBuWoJBO9OMbHLkAqF7Ief9UmM7/uT:sf2EB0NxDIBuOFe7/uT

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\rvhrjtnt.exe	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\qrhljwvn.exe	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\nsstljje.exe	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\njqrsbcq.exe	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\kznjrtew.exe	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\Welcome.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\hrbhlxhb.exe	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\README.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\sekbhrbe.exe	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\tsbknceh.exe	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\jtlnctqk.exe	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe

Modifies registry class 58 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35E8DF2A-8021-28AD-F2B0-6EE031352150}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\rvhrjtnt.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}\ = "ewlrzecnjesbshxj"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\db\\qrhljwvn.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\ = "bchllszstnhckhwl"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\ = "tbezltcevnettjsj"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}\ = "eqwvjhjswtthtthk"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "teqevkxbenthceks"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\\nsstljje.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\jtlnctqk.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35E8DF2A-8021-28AD-F2B0-6EE031352150}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\bklnbknw.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\ = "lkhqskssclhktehw"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35E8DF2A-8021-28AD-F2B0-6EE031352150}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\vlbvwvhv.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\ = "jktrsvsxszhnssze"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\ = "lktskwqesjbcbnck"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "jtrtrjjxjbvrqktk"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}\ = "vkvqezsxqhkqvthk"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\hrbhlxhb.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\tsbknceh.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "htshhtejbhnjlqzl"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "brxvberkksbwhvsj"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\nxqsxhql.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\jre\\sekbhrbe.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\bkbbtzlb.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\kznjrtew.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}\ = "clsskxblvqtxtejx"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35E8DF2A-8021-28AD-F2B0-6EE031352150}\ = "bewckttnljthsjll"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\ = "jzernwnjwnwsbsjr"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}\ = "svlvnjbhknnxqwlh"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\\njqrsbcq.exe"	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}	5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe

C:\Users\Admin\AppData\Local\Temp\5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe
"C:\Users\Admin\AppData\Local\Temp\5fa041de39438c3129aa50c8157ffe4e84fa579f5b5468a95c64a4b3b94f9a08.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3020-132-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/3020-133-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/3020-134-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads