Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
30-10-2022 21:11
Static task
static1
Behavioral task
behavioral1
Sample
1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe
Resource
win10v2004-20220812-en
General
-
Target
1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe
-
Size
22KB
-
MD5
a12c0d4c5e835cf71b1660ecc17262e0
-
SHA1
4035f6365426f3f590bb4f31207361796c5be3cd
-
SHA256
1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd
-
SHA512
161c3d8e4bf31e44523b1061447405d1542bd6a730ef7d815e66257eeae463269c81e74d1f6ab0be0cba4e926386e8d089485db338a9cc3c248e6ab9e5d6fbaa
-
SSDEEP
192:PSIrAO3Pt3BOpxMnwD9fcodmSSeC0Wo8P2WeKqZ2xMMNNAX:P9USPKxD9ZZSeC0Wo8P2W+Z69Y
Malware Config
Signatures
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\shutdown.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\AdapterTroubleshooter.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\lodctr.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\NETSTAT.EXE 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\shrpubw.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\dcomcnfg.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\ftp.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\LocationNotifications.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\mshta.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\icsunattend.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\msiexec.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\replace.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\InfDefaultInstall.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\regini.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\wimserv.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\chkdsk.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\dpnsvr.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\EhStorAuthn.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\iexpress.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\regsvr32.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\RunLegacyCPLElevated.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\sdchange.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\setup16.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\CertEnrollCtrl.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\DWWIN.EXE 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\migwiz\migwiz.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\print.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\convert.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\eventcreate.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\srdelayed.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\wscript.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\dvdplay.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\autofmt.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\fixmapi.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\Netplwiz.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\notepad.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\cmdkey.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\ReAgentc.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\Robocopy.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\grpconv.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\svchost.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\bootcfg.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\dnscacheugc.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\doskey.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\hh.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\cmdl32.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\dllhst3g.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\driverquery.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\eudcedit.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\AtBroker.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\charmap.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\icacls.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\logman.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\cliconfg.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\makecab.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\ROUTE.EXE 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\ntprint.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\proquota.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\rundll32.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\SearchIndexer.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\autochk.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\SysWOW64\eventvwr.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\ehome\ehprivjob.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe File opened for modification C:\Windows\ehome\Mcx2Prov.exe 1fd5029d7ad98c97720198746d380fd521fb0248144fe65a1da9d67dd740cbcd.exe