27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
Size

50KB
MD5

14631d9c8f1aa8755620bfc6c282b6f5
SHA1

4c58f005760bb59bde475af8b6b5de921c766252
SHA256

27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b
SHA512

1504eeee5bd0296b2fa8ca5014047e01b2ec9da218a0390d4349417634a3ff7af41c8ac9b8b7a73c9fe9954e289e30ec28434b3fcfaab93dac9016331fbe7b8c
SSDEEP

768:16DsHA4Dp1vbx1ptLbFWvW/++UnBZc4qNfFbpc6:1Hrp1v1/tvFWvWwng4qNfFbph

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SetIEInstalledDate.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\syskey.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\WerFault.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\wininit.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\ctfmon.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\gpupdate.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\openfiles.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\dllhst3g.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\logagent.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\setupSNK.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\systeminfo.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\ARP.EXE	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\chkntfs.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\cmstp.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\taskeng.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\sxstrace.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\TSTheme.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\CertEnrollCtrl.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\hdwwiz.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\PkgMgr.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\PresentationHost.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\sdbinst.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\WPDShextAutoplay.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\wscript.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\cscript.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\iexpress.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\netbtugc.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\icsunattend.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\mobsync.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate_isv.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\typeperf.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\cmdkey.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\cttune.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\grpconv.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\wuapp.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\fltMC.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\ocsetup.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\PING.EXE	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\secinit.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\srdelayed.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\cmd.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\ComputerDefaults.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\resmon.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\SndVol.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\WSManHTTPConfig.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\xpsrchvw.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\calc.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\certreq.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\SecEdit.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\shrpubw.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\charmap.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\logman.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\auditpol.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\autochk.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\cacls.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\takeown.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\w32tm.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\cleanmgr.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\eudcedit.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\SysWOW64\netiougc.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winhlp32.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\explorer.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\fveupdate.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\hh.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\notepad.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\splwow64.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\twunk_16.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\twunk_32.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\bfsvc.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\HelpPane.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
File opened for modification	C:\Windows\write.exe	27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe

C:\Users\Admin\AppData\Local\Temp\27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe
"C:\Users\Admin\AppData\Local\Temp\27288dea1bc136e81b3edbcb28899d3fc98b7308d37b86a481b50e8619ee1e4b.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/816-54-0x0000000001000000-0x0000000001010B00-memory.dmp

Filesize
66KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads