92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5

Analysis

max time kernel
151s
max time network
185s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 16:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Size

303KB
MD5

0536effe941742636ea559e144813c44
SHA1

b64fd6e2bc468140a4c32793a6ac02c5e0e6833d
SHA256

92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5
SHA512

43d137b7c5e06d4c236531dd1e90ed68318d5f475871d2f40433410274e00e755f20976bbe62c39bc90e03c08abc2030fd7cea13aec1e97254a744c77e45f784
SSDEEP

3072:bROmKcFcI/n+b89vGk9logQq56iNOu0Jsw:Rhn+b8x5b6i/f

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ypgbdezn.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\olopidgp.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\qnjcwuyf.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\lxanchcj.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\ojwaczwx.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\iexguply.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\ihczjixr.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\xypgbrqq.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\nnwausaf.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\yxeeacmt.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\yuzcwjwv.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\gfzpwgti.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\wvaggkcr.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\kvttubwi.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\xlhrvsnd.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\qcqxxgww.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\bqvidbdr.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\orawdnyr.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\ebtycjbr.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\kaasclvy.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\royojjhq.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\jkuqdkqf.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\ysfjlvzt.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\wdscoptw.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\dwbgcmew.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\hvjrcfdn.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\didlmbnr.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\swdzalsz.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\olbaepvw.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\ylhjotov.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\zjehdvsb.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\fwdxchom.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\bzdfvvjh.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\sdxbwnmo.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\nscrmpph.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\hcqawrxo.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\cwwpldap.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\lpsxmuod.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\fejuqrmn.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\guymrhgg.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\wgzqhiyi.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\bclbgfsl.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\luvilwmp.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\bttgwvoe.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\zpncrewr.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\jebhtoyf.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\bdmghmlg.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\pkgnkhpj.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\cwjqdrul.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\jbdhwcog.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\zjbjqczx.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\eglnvgyb.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\giclwjpk.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\ylxevkvw.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\whbmoxpa.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\wmxlzldi.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\mchwrrqh.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\arcpluwo.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\ppxcaeur.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\gzqfvcjx.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\nautvyvs.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\nkvpweka.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\gylkjkqb.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Windows\SysWOW64\rssgbdtq.dll	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\wcbqecij.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\jfvpxlsw.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\lzotnhsm.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\intpfxle.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\ocqxbljc.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\ikhddtea.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\vmnrnftl.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\cnixuzsv.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\qwwtnquw.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\psljpbiu.exe	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\ciqanwwb.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}\LocalServer32	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A7006CC-89E6-852B-C5A1-61F8EA8080BF}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\vmnrnftl.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}\InprocServer32\ = "C:\\Windows\\SysWow64\\jdjqlwsp.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}\InprocServer32\ = "C:\\Windows\\SysWow64\\qyvfvluv.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}\InprocServer32\ = "C:\\Windows\\SysWow64\\sdxbwnmo.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7A9C6E0-EFF2-101A-8185-00DD01108C6B}\InprocServer32\ = "C:\\Windows\\SysWow64\\txebdjkx.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A7006CC-89E6-852B-C5A1-61F8EA8080BF}\ = "ctxyhieovriasgns"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}\LocalServer32	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\wcbqecij.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBB01606-C5CA-7FC3-AA58-413AFB3ACCFE}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}\InprocServer32\ = "C:\\Windows\\SysWow64\\ofwvqwew.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8A7954B-FD3F-2DCF-876A-47C83E9B5EB3}\ = "ednuzjjtccpapcrn"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\lzotnhsm.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}\ = "rdqimdtokqtvlfam"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\qwwtnquw.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBB01606-C5CA-7FC3-AA58-413AFB3ACCFE}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32\ = "C:\\Windows\\SysWow64\\loxwjnew.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\rdofvnhd.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C73865E0-2A95-0FBE-6EBC-BC02BAAF8C03}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C73865E0-2A95-0FBE-6EBC-BC02BAAF8C03}\LocalServer32	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBB01606-C5CA-7FC3-AA58-413AFB3ACCFE}\LocalServer32	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\qzflmntn.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F748B5F0-15D0-11CE-BF0D-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\xcogsghj.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}\ = "gwncicwikwabohtz"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBB01606-C5CA-7FC3-AA58-413AFB3ACCFE}\ = "myqxbmakjciromux"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\omzoajuq.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\qcqxxgww.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}\LocalServer32	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\rxzgnjvw.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\wmaasumh.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}\InprocServer32\ = "C:\\Windows\\SysWow64\\zvqdworu.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}\InprocServer32\ = "C:\\Windows\\SysWow64\\efksufpx.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C73865E0-2A95-0FBE-6EBC-BC02BAAF8C03}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ikhddtea.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\hpsnvxvg.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE1CC4E0-F69A-8C34-637E-41619F719524}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A60334F-F421-DC67-FAF8-EF1B53B3D674}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9AD2775D-F31C-F60D-7D3E-392176D8B3E8}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE1CC4E0-F69A-8C34-637E-41619F719524}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\intpfxle.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}\LocalServer32	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8A7954B-FD3F-2DCF-876A-47C83E9B5EB3}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ocqxbljc.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}\LocalServer32	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\cnixuzsv.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9AD2775D-F31C-F60D-7D3E-392176D8B3E8}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\psljpbiu.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22c6c651-f6ea-46be-bc83-54e83314c67f}\InProcServer32\ = "C:\\Windows\\SysWow64\\kdazldni.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\tlborhme.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\pgspukei.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9DB36CF-A4B4-F0A5-31B4-4B293AE7B5A2}\LocalServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\jfvpxlsw.exe"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A7006CC-89E6-852B-C5A1-61F8EA8080BF}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39490AAE-F9B3-6FEA-B2E9-2A3650828934}\ = "sutgxvbjlrfsafin"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F4D95DA-CCBE-3BB1-948C-85098C813B88}\ = "pwxemzvwdtufiyen"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3FD0FC9-9F5B-BC30-5190-C17E410BF0BF}	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\ = "C:\\Windows\\SysWow64\\iexguply.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\fsyczcme.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\xddygjvr.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32\ = "C:\\Windows\\SysWow64\\ivfumkus.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C73865E0-2A95-0FBE-6EBC-BC02BAAF8C03}\ = "znncxtqlsbsjtthx"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9AD2775D-F31C-F60D-7D3E-392176D8B3E8}\ = "utgpnyqniecjbrhd"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}\InprocServer32\ = "C:\\Windows\\SysWow64\\nvazxsuw.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\ = "C:\\Windows\\SysWow64\\bhzosaep.dll"	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8A7954B-FD3F-2DCF-876A-47C83E9B5EB3}\LocalServer32	92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe

C:\Users\Admin\AppData\Local\Temp\92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe
"C:\Users\Admin\AppData\Local\Temp\92f77705f0bb852da7a625322d542249b403c124f22749cf87cc71a5f1bcb1e5.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1780-54-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download
memory/1780-55-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/1780-56-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/1780-57-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads