Analysis
-
max time kernel
146s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
07-11-2022 15:34
Static task
static1
Behavioral task
behavioral1
Sample
e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe
-
Size
629KB
-
MD5
0d2e025a73af8d966d5c17cd1d84f503
-
SHA1
e46ed9dcbee3b6d800784385ff5d83155578dfda
-
SHA256
e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215
-
SHA512
2ac284b8f2cc82a66c250cc4721071ae16055704fc3c4f2d6e99560d60c3734d51e15830e5035a450cb9eeeb80bd497f2f3a2c55b9da8b3520528e34b5a99e1a
-
SSDEEP
12288:51bXE7gzoWjnn/ICOtMDYCZ9QV3f98LCXF4XCU6epyyc:51bXEEzljnYMRZU4m4X64c
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe sIRC4.exe" e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\sIRC4.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\ielowutil.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\java.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\javadoc.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\xdccPrograms\ConvertInkStore.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\TabTip.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\TabTip.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\appletviewer.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\javah.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\xdccPrograms\Uninstall.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\xdccPrograms\mip.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\idlj.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\javaws.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javaw.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\xdccPrograms\FlickLearningWizard.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\chrome_proxy.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\iediagcmd.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\ieinstal.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\javafxpackager.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXEAAF.tmp e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javah.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\notification_helper.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\java.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\ielowutil.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\jabswitch.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXEAEF.tmp e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\xdccPrograms\7z.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\OSPPSVC.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\elevation_service.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\chrome.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\ieinstal.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javafxpackager.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\setup.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\apt.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\chrome_pwa_launcher.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\master_prefere.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jabswitch.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\jarsigner.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\java-rmi.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\ShapeCollector.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\VSTOInstaller.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\master_prefere.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\iexplore.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\apt.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javac.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javap.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\mip.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\extcheck.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\javap.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javaws.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\iexplore.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\jar.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jarsigner.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\xdccPrograms\7zFM.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\7zG.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\xdccPrograms\InkWatson.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\ShapeCollector.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\msinfo32.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javadoc.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\DC++ Share\javaw.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXEB0F.tmp e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File created C:\Windows\SysWOW64\sIRC4.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe e38b2f1d3a2ccd2142354450cfb9f2383bf5c2678821a2fafc77df5449288215.exe