5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29

Analysis

max time kernel
59s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
Size

23KB
MD5

31813436acd6f249222f3aee0884cfc0
SHA1

3be5bc981ff4bbbd94d2d537f1229e19e2dd3de7
SHA256

5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29
SHA512

bd094625c9a98cbfa42a91498a5719ed755a770e8b54739aadecabb78b4d00a1540471ee9bce411a466d3a3c1b7b8f2018fdb0ac54371c73065739b1af180c96
SSDEEP

192:hFcNQ8wzI4ErHopJoTRUlnCyKf9Z10uGirMXhM6VxcnW38Q9W2y38WtmW:ANQ8eIPfREcZSvVuW38Q9WnsW0

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wininit.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\WSManHTTPConfig.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\HOSTNAME.EXE	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\osk.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\wecutil.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\credwiz.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\pcaui.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\ddodiag.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\runonce.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\setupSNK.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\cipher.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\sc.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\SetIEInstalledDate.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\tracerpt.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\MigAutoPlay.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\rekeywiz.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\taskkill.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\dnscacheugc.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\MuiUnattend.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\net1.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\ntprint.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\at.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\cmd.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\colorcpl.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\cscript.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\unregmp2.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\WerFaultSecure.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\runas.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\syskey.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\TsWpfWrp.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\unlodctr.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\resmon.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\shrpubw.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\dplaysvr.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\eventcreate.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\mshta.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\PresentationHost.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\dpapimig.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\esentutl.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\rasphone.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\xwizard.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\ROUTE.EXE	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\prevhost.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\sethc.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\wlanext.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\auditpol.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\DpiScaling.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\msra.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\newdev.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\CertEnrollCtrl.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\EhStorAuthn.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\typeperf.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\WPDShextAutoplay.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\msfeedssync.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\ntkrnlpa.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\TCPSVCS.EXE	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\xcopy.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\doskey.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\logman.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\ReAgentc.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\SysWOW64\systray.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\explorer.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\hh.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\splwow64.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\twunk_32.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\bfsvc.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\fveupdate.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\HelpPane.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\notepad.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\twunk_16.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\winhlp32.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
File opened for modification	C:\Windows\write.exe	5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe

C:\Users\Admin\AppData\Local\Temp\5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe
"C:\Users\Admin\AppData\Local\Temp\5ed7e0055d1f50213226d069f6856f23edbf8e3222ea8447d5ff44e8b964aa29.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1308-54-0x0000000001000000-0x0000000001008B00-memory.dmp

Filesize
34KB

Download
memory/1308-55-0x0000000001000000-0x0000000001008B00-memory.dmp

Filesize
34KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads