0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888

Analysis

max time kernel
139s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2022, 00:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
Size

405KB
MD5

a17a6e18c78cbd48ad4ff88aec4834e0
SHA1

0c80125be8b636fe9d502b822c28ba9691c6ff49
SHA256

0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888
SHA512

908d4d358c8fcd983d92f044bd180d90439f80379672ba29290e98efadfa7031c609e43eb130f66f3e6562fae9e494560e618808b5b0c18cf91626edf2d857d3
SSDEEP

6144:7CNbLqcVTpwikcpFaTIdoYuqmO5MpOumHhwT:72LzVTpwr2t/uqmO5MpOumBwT

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Register-CimProvider.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\fltMC.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\fontview.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\rasphone.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\eventcreate.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\quickassist.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\runonce.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\waitfor.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\autochk.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\certutil.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\dpnsvr.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\net.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\RmClient.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\diskperf.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\grpconv.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\hh.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\runas.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\srdelayed.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\wevtutil.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\driverquery.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\MRINFO.EXE	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\powercfg.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\prevhost.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\icacls.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\netsh.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\OposHost.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\bthudtask.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\instnm.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate_isv.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\unlodctr.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\w32tm.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\write.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\rasautou.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\secinit.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\TpmTool.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\ARP.EXE	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\gpresult.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\SearchFilterHost.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\CameraSettingsUIHost.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\odbcad32.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\InfDefaultInstall.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\msinfo32.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\ndadmin.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\WerFaultSecure.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\winrshost.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\dccw.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\recover.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\findstr.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\regini.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\shrpubw.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\SndVol.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\chkdsk.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\control.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\cttune.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\systray.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\TRACERT.EXE	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\TsWpfWrp.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\wecutil.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\efsui.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\label.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\msra.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\SysWOW64\sxstrace.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winhlp32.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\write.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\bfsvc.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\explorer.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\HelpPane.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\hh.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\notepad.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
File opened for modification	C:\Windows\splwow64.exe	0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe

C:\Users\Admin\AppData\Local\Temp\0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe
"C:\Users\Admin\AppData\Local\Temp\0b7bc4b4626c6513b26fd03f58c61ddb1df13dae1e063424b730ee24c2e51888.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4752-132-0x0000000001000000-0x0000000001069000-memory.dmp

Filesize
420KB

Download
memory/4752-133-0x0000000001000000-0x0000000001069000-memory.dmp

Filesize
420KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads