b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf

Analysis

max time kernel
137s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 22:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
Size

65KB
MD5

0d92a4850e5931bc3f5798026fbd00d0
SHA1

f4ca1a81333b03aa40925c116999e35121f25048
SHA256

b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf
SHA512

c20344266c71d07e9305500d55d2cd1684af13a7fc9fcf9f779ecfeaaecbb14ac3a9194fa2f0f82efbea2e1042a0b1c3b6c408c6560e8141ba6cbc6a117ca29c
SSDEEP

1536:j3NNTfnB7xBcoQ2mZR7T3O9dNdw7P8cP:xNbBFyoQzvTe9dNdIP8cP

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\perfhost.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\extrac32.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\fontview.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\iexpress.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\rasautou.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\resmon.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\TsWpfWrp.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\curl.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\mmc.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\notepad.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\ipconfig.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\isoburn.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\netiougc.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\shrpubw.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\charmap.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\dccw.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\dialer.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\control.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\DevicePairingWizard.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\net.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\print.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\reg.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\BackgroundTransferHost.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\cmdkey.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\cmdl32.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\UserAccountBroker.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\wsmprovhost.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\tzutil.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\unlodctr.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\cipher.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\openfiles.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\regini.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\runonce.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\sethc.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\w32tm.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\certreq.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\fc.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\gpupdate.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\typeperf.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\PresentationHost.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\regedit.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\tttracer.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\ReAgentc.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\regedt32.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\tracerpt.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\CertEnrollCtrl.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\mobsync.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\MuiUnattend.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\ThumbnailExtractionHost.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\timeout.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\WerFault.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\dpapimig.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\fsquirt.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\logman.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\dfrgui.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\dllhst3g.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\HOSTNAME.EXE	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\SystemUWPLauncher.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\wermgr.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\NETSTAT.EXE	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\provlaunch.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\SysWOW64\rekeywiz.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\explorer.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\HelpPane.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\hh.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\notepad.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\splwow64.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\winhlp32.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\write.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
File opened for modification	C:\Windows\bfsvc.exe	b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe

C:\Users\Admin\AppData\Local\Temp\b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe
"C:\Users\Admin\AppData\Local\Temp\b2771529d4781eab326baadf8f8cc8eb4cec0f7a0d8c999c6e83b161237a0bbf.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4192-132-0x0000000001000000-0x0000000001013B00-memory.dmp

Filesize
78KB

Download
memory/4192-133-0x0000000001000000-0x0000000001013B00-memory.dmp

Filesize
78KB

Download
memory/4192-134-0x0000000001000000-0x0000000001013B00-memory.dmp

Filesize
78KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads