3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c

General

Target

3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
Size

264KB
MD5

0d000323617342b514a09f92ff2f5070
SHA1

cbf7e556d8106cc2cea2d379bba0fb5ec4906fd9
SHA256

3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c
SHA512

01ae7e2c0dc112f7927e5a2186665b51fb5cd55dfc0d82e4d55b5c2cc1423baaf5087ded835f2d29103abd9d7a70781319c554e183b280fec2a5b6ae7f5c4fff
SSDEEP

6144:PraEs1nsSno6M0dCTSldS6Zx21BYfnULMg63jh:GP1nfnbI+ldHxEYPI

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 10 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server6.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server7.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server8.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server9.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server10.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server1.ini.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server4.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server5.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server2.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server3.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\CybeRLink\CybeRLink3.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink8.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink9.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\NetMeeting\test.log	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort3.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort6.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink2.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink5.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink7.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort5.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort10.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort9.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort2.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort4.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort7.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort8.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink1.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink4.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink6.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\Helicon\SeaPort1.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink10.ini	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1388	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
1388	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
1388	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
1388	3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe

C:\Users\Admin\AppData\Local\Temp\3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe
"C:\Users\Admin\AppData\Local\Temp\3904c78d0408a0fc1cf99b7d72f957cc33f1fa01ba1782cd74bc2f3409cf746c.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-54-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads