Analysis
-
max time kernel
176s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
21-11-2022 17:22
Behavioral task
behavioral1
Sample
dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe
Resource
win10v2004-20221111-en
General
-
Target
dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe
-
Size
7KB
-
MD5
040d31fee8dc69b4c0585494696d4a50
-
SHA1
9434a9b4f3e17a66de0ca3f7c1fd4d5e88ddc188
-
SHA256
dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3
-
SHA512
ee18c862771ce6ca126bf33e701fac2a2281e17fe550f31f8352ac20137a9744ee9e96007007d8a5f1dccb034e61b17b83a015752c2da0a16635f24f974125ca
-
SSDEEP
96:FpLZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx1TaCy4oTQeINBXlqfi:zzdrr1FG1WDCgmjPZ1kANVl05MUA
Malware Config
Signatures
-
Detected Xorist Ransomware 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2124-133-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Processes:
resource yara_rule behavioral2/memory/2124-132-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/2124-133-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe" dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe -
Drops file in Program Files directory 64 IoCs
Processes:
dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exedescription ioc process File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\PREVIEW.GIF dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-100.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\7-Zip\Lang\ro.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\weatherdotcom.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\nl-NL\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileLargeSquare.scale-200.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalStoreLogo.scale-125_contrast-black.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-100.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-100.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\THMBNAIL.PNG dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\ringless_calls\Ringlesscalling_25more_360x120_2x.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-unplated.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-256.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-16_altform-lightunplated.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\MediumTile.scale-200_contrast-white.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupSmallTile.scale-125.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\LargeTile.scale-125.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileWide.scale-100.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-30_contrast-black.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireMedTile.scale-100.jpg dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookMedTile.scale-100.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\15.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-256_altform-unplated.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-64_altform-unplated_contrast-white.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_altform-unplated_contrast-white.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\LargeTile.scale-125.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\SmallTile.scale-125.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-200.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-150.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-400.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageWideTile.scale-400.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\moe_status_icons.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-24_contrast-white.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\PREVIEW.GIF dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-24.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\4px.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\91.jpg dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileSmallSquare.scale-200.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sq-AL\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\calls_emptystate_v3.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\smsconnect\SMSConnect2x.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\11.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ShareProvider_CopyLink24x24.scale-125.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-200.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe -
Modifies registry class 10 IoCs
Processes:
dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\ = "CRYPTED!" dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Zalk dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Zalk\ = "QJMEELMBVJVHQYV" dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\DefaultIcon dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe,0" dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open\command dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe" dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe"C:\Users\Admin\AppData\Local\Temp\dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3.exe"1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
PID:2124