Analysis
-
max time kernel
239s -
max time network
254s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 21:41
General
-
Target
c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb.exe
-
Size
78KB
-
MD5
52ab702160cd1e8bc3f5bac2e26920d0
-
SHA1
e6d9b10458d4ab44c1e176fa17151be2eee819a4
-
SHA256
c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb
-
SHA512
052c037c93425e6dc8fbe3cc494de4f2ff4c5dacccec9257aa8a3b23715bfc5c98c10476a87b1611f635d22db2936a73aa3a5b281126100d517351def05b6983
-
SSDEEP
768:RpQNwC3BEddsEqOt/hyJF+x3BEJwRrPHisKl4qhR:7eTce/U/hKYuKPHisKldhR
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 13 IoCs
-
Disables RegEdit via registry modification 26 IoCs
-
Executes dropped EXE 15 IoCs
-
Drops file in Program Files directory 6 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Suspicious use of WriteProcessMemory 45 IoCs
-
System policy modification 1 TTPs 52 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb.exe"C:\Users\Admin\AppData\Local\Temp\c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\1979094552\backup.exeC:\Users\Admin\AppData\Local\Temp\1979094552\backup.exe C:\Users\Admin\AppData\Local\Temp\1979094552\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\PerfLogs\data.exeC:\PerfLogs\data.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
78KB
MD5ca2df8c5ae3574a9a67d78812b68d1f1
SHA17fb77750c39734c3bc4c8109bb66a26e78bbe03a
SHA2565eac4ee79fcbb36a1698cbbfaac99f9c7d193f6e002e1107da9f333c51de959d
SHA512798f2411c7002371cb676de4030e47aea2f3f6e60c85e054979e0e0311f2f9183d69ba83ebb35023d67c3664d4ce3e874b186a41e29f650d8e74d5a36aefc5b3
-
Filesize
78KB
MD5ca2df8c5ae3574a9a67d78812b68d1f1
SHA17fb77750c39734c3bc4c8109bb66a26e78bbe03a
SHA2565eac4ee79fcbb36a1698cbbfaac99f9c7d193f6e002e1107da9f333c51de959d
SHA512798f2411c7002371cb676de4030e47aea2f3f6e60c85e054979e0e0311f2f9183d69ba83ebb35023d67c3664d4ce3e874b186a41e29f650d8e74d5a36aefc5b3
-
Filesize
78KB
MD5fb28fb1e78abc92559ec4d37f5fef182
SHA1064296585fbaab47259c113c4aa542564b3f8ae2
SHA256894209a38182a47a3390885f8c7c112989ae3f94d217dbf9e8e08796b80a15c6
SHA512f9268d6360b6d3e52c468499fa2eca6f32944ede96b6a034e2ef648a7c68bda704982903d8007cc09c24e9f70a6ee530f57e0ccc80a4860ebf86d37a9a98359f
-
Filesize
78KB
MD5fb28fb1e78abc92559ec4d37f5fef182
SHA1064296585fbaab47259c113c4aa542564b3f8ae2
SHA256894209a38182a47a3390885f8c7c112989ae3f94d217dbf9e8e08796b80a15c6
SHA512f9268d6360b6d3e52c468499fa2eca6f32944ede96b6a034e2ef648a7c68bda704982903d8007cc09c24e9f70a6ee530f57e0ccc80a4860ebf86d37a9a98359f
-
Filesize
78KB
MD526b420a1c2c45655e8ca9900667e4895
SHA13d1ed0923b35cf5e6d596a50d2db5facdcc8726e
SHA2564a29e3bd89ddb45d6091ad12c1fec6c2809fccd57f70b20b5c4c1035e9c21a74
SHA512b9720ff7af396010d6e34f7ad8ae5b1fa63924c108cc1a17f3edfeefc4e65d601beefb763b8c76c0f1bbb37b1eef17e3b993a514fd3c2adc2a75128dd30c3634
-
Filesize
78KB
MD526b420a1c2c45655e8ca9900667e4895
SHA13d1ed0923b35cf5e6d596a50d2db5facdcc8726e
SHA2564a29e3bd89ddb45d6091ad12c1fec6c2809fccd57f70b20b5c4c1035e9c21a74
SHA512b9720ff7af396010d6e34f7ad8ae5b1fa63924c108cc1a17f3edfeefc4e65d601beefb763b8c76c0f1bbb37b1eef17e3b993a514fd3c2adc2a75128dd30c3634
-
Filesize
78KB
MD5ec9656396faa215333b1707ab2149277
SHA1b26a2fceab65c31e05d05b855d3c0195827fb3ca
SHA2560984a233358ee360fd2cda12a1b3abcb0ffa7da9117f8c7712d832aaa1b8dff4
SHA51211863cccc0412dd1324c9c3f772763b3f356506a4792679e6fdbef8c54b3a4be1018db7dc3622c4e3b38daf8e35483105993f69ba4ad03ee1b559bf576a5b588
-
Filesize
78KB
MD5ec9656396faa215333b1707ab2149277
SHA1b26a2fceab65c31e05d05b855d3c0195827fb3ca
SHA2560984a233358ee360fd2cda12a1b3abcb0ffa7da9117f8c7712d832aaa1b8dff4
SHA51211863cccc0412dd1324c9c3f772763b3f356506a4792679e6fdbef8c54b3a4be1018db7dc3622c4e3b38daf8e35483105993f69ba4ad03ee1b559bf576a5b588
-
Filesize
78KB
MD53eee1dd3f675e9800de147aa26e4bb46
SHA1cbd15a4ac7fb58f9ef69b04f253bed9b6fd70afe
SHA256c5ae78cb52f7e2ad0ca0e6d89c71709bc94cc0fd24c33809a9a13363928accf8
SHA512b14e26f4e2bc714bb90b40cd377c10ff5eb358db99cfb39d3a230354df28c7617bf4701389d4f0a3d4ea99750ef7d0a94601c54ba8b76f8945bee57a45ccb38f
-
Filesize
78KB
MD53eee1dd3f675e9800de147aa26e4bb46
SHA1cbd15a4ac7fb58f9ef69b04f253bed9b6fd70afe
SHA256c5ae78cb52f7e2ad0ca0e6d89c71709bc94cc0fd24c33809a9a13363928accf8
SHA512b14e26f4e2bc714bb90b40cd377c10ff5eb358db99cfb39d3a230354df28c7617bf4701389d4f0a3d4ea99750ef7d0a94601c54ba8b76f8945bee57a45ccb38f
-
Filesize
78KB
MD58d8bdb8acb3615b1696a229e8c518551
SHA103d2ab1d55f816e8d774ec7b31fc28f3f2a44508
SHA25606911e76febc445b4d0c221572ade35295afff8b01b17e1e9e87809fa165e5bf
SHA5129231cc21c7a9e8caae07afc847d178fcc3b87e97b2dc0ddc4d2b12ad877de1d678760fc70bcaf2b55f24cc02b84dd00c034761ee99fd6b7d361bd030088d29f6
-
Filesize
78KB
MD58d8bdb8acb3615b1696a229e8c518551
SHA103d2ab1d55f816e8d774ec7b31fc28f3f2a44508
SHA25606911e76febc445b4d0c221572ade35295afff8b01b17e1e9e87809fa165e5bf
SHA5129231cc21c7a9e8caae07afc847d178fcc3b87e97b2dc0ddc4d2b12ad877de1d678760fc70bcaf2b55f24cc02b84dd00c034761ee99fd6b7d361bd030088d29f6
-
Filesize
78KB
MD56ab93cec880f5c620c2413e6b63f84cf
SHA1ba0af9b0f73e8be86bc974365fbc9bd1d0932377
SHA256d9e62dd53388fb428e455227beaa210a4d1ea08876894c20333d466ff18112cc
SHA5120310d867d60096caf55889a7a097a7ced3879803346bda38a7e7947f0132cb815fe1d96339e93946f9381ef23f2f95d2e2690df3a71626cf87ac748d7f078af0
-
Filesize
78KB
MD56ab93cec880f5c620c2413e6b63f84cf
SHA1ba0af9b0f73e8be86bc974365fbc9bd1d0932377
SHA256d9e62dd53388fb428e455227beaa210a4d1ea08876894c20333d466ff18112cc
SHA5120310d867d60096caf55889a7a097a7ced3879803346bda38a7e7947f0132cb815fe1d96339e93946f9381ef23f2f95d2e2690df3a71626cf87ac748d7f078af0
-
Filesize
78KB
MD54d790b0103e4c6f771a2ffa6c20115b9
SHA1415e2790a4723d8025ec36992aa73ec5f0a0ac75
SHA2562352abcb3566519e61e1f82d4f240a2ea9d5c2413bd3047f0904f43ee50f282d
SHA512f2787e056b233dc23d8bec440becaa998f63637bc38157465bdf88fc9fe4e581ff27515029fba2e7a8be66ba21b4ebefeef2397b06f11f63dbc2a7b26e9da5ca
-
Filesize
78KB
MD54d790b0103e4c6f771a2ffa6c20115b9
SHA1415e2790a4723d8025ec36992aa73ec5f0a0ac75
SHA2562352abcb3566519e61e1f82d4f240a2ea9d5c2413bd3047f0904f43ee50f282d
SHA512f2787e056b233dc23d8bec440becaa998f63637bc38157465bdf88fc9fe4e581ff27515029fba2e7a8be66ba21b4ebefeef2397b06f11f63dbc2a7b26e9da5ca
-
Filesize
78KB
MD50e54c1d1f1edca822f1c68fb5e552721
SHA1fd85f04e3c5905fcebca4bdf1d65dcb78f3531b0
SHA256866cefaf3a27fa299c1533e5ce4f942df6f64e0d006d6f0f0ef2caab509a3d27
SHA51294aaead2fc54e9c29e258f64c9f14f8888a0afe57e2a279d52dfeff886c8df90bef5e20571bb7f74c5faff052fdf9a1ec99b7d7ec7d8ff8a31e15f8ec9293e30
-
Filesize
78KB
MD50e54c1d1f1edca822f1c68fb5e552721
SHA1fd85f04e3c5905fcebca4bdf1d65dcb78f3531b0
SHA256866cefaf3a27fa299c1533e5ce4f942df6f64e0d006d6f0f0ef2caab509a3d27
SHA51294aaead2fc54e9c29e258f64c9f14f8888a0afe57e2a279d52dfeff886c8df90bef5e20571bb7f74c5faff052fdf9a1ec99b7d7ec7d8ff8a31e15f8ec9293e30
-
Filesize
78KB
MD5ef2974d24c811fc3aaf8db9c3160e4e5
SHA1c62adff8b980ec83cba13e57de65098886aff07d
SHA25678c006b3da076471555322d61026338d99d42b9756232a25ba08bb2961134795
SHA512061d9b6a02cb0b174f5368cd5ba4056b5b319d5e73201d88d1791aab985bb8c4491b647b37fea913632cc290fbc8f450d180cf5cb09309dd4d383274077b0ab8
-
Filesize
78KB
MD5ef2974d24c811fc3aaf8db9c3160e4e5
SHA1c62adff8b980ec83cba13e57de65098886aff07d
SHA25678c006b3da076471555322d61026338d99d42b9756232a25ba08bb2961134795
SHA512061d9b6a02cb0b174f5368cd5ba4056b5b319d5e73201d88d1791aab985bb8c4491b647b37fea913632cc290fbc8f450d180cf5cb09309dd4d383274077b0ab8
-
Filesize
78KB
MD5b4f99badb96868ef621c843e86939a26
SHA124326b6cbac5f21ad90c8ecbd5609a7ff045c6b5
SHA256469cddd745e81ddfb8248e6093adef0c11cb02d5a83468f248662597aab56191
SHA512d3f994f51ce7793b46a7f6a9a35331263bda435b55ee40bed8887da8efa4b8c12e1f8dc7db246fa8e4d5236ad61e4eaa02f21786742716342dec5df8f6a0ea5b
-
Filesize
78KB
MD5b4f99badb96868ef621c843e86939a26
SHA124326b6cbac5f21ad90c8ecbd5609a7ff045c6b5
SHA256469cddd745e81ddfb8248e6093adef0c11cb02d5a83468f248662597aab56191
SHA512d3f994f51ce7793b46a7f6a9a35331263bda435b55ee40bed8887da8efa4b8c12e1f8dc7db246fa8e4d5236ad61e4eaa02f21786742716342dec5df8f6a0ea5b
-
Filesize
78KB
MD54d790b0103e4c6f771a2ffa6c20115b9
SHA1415e2790a4723d8025ec36992aa73ec5f0a0ac75
SHA2562352abcb3566519e61e1f82d4f240a2ea9d5c2413bd3047f0904f43ee50f282d
SHA512f2787e056b233dc23d8bec440becaa998f63637bc38157465bdf88fc9fe4e581ff27515029fba2e7a8be66ba21b4ebefeef2397b06f11f63dbc2a7b26e9da5ca
-
Filesize
78KB
MD54d790b0103e4c6f771a2ffa6c20115b9
SHA1415e2790a4723d8025ec36992aa73ec5f0a0ac75
SHA2562352abcb3566519e61e1f82d4f240a2ea9d5c2413bd3047f0904f43ee50f282d
SHA512f2787e056b233dc23d8bec440becaa998f63637bc38157465bdf88fc9fe4e581ff27515029fba2e7a8be66ba21b4ebefeef2397b06f11f63dbc2a7b26e9da5ca
-
Filesize
78KB
MD5b5ff8a5bccb735f2a42ae21bcd1ecf50
SHA1533127923905616d638cddb47e7ed652d1709d66
SHA2568688d100c83947a3d970317f50f857478344c5619c3e5490756ee21c58e5143a
SHA512cf5dab5edf9dc71c4fbb5eeaea30774c9e35018835c823065dccca8c1014af57e8527887648e2a7aa7328ecc5b963b3766da69624927db7176cb510b42e931fe
-
Filesize
78KB
MD5b5ff8a5bccb735f2a42ae21bcd1ecf50
SHA1533127923905616d638cddb47e7ed652d1709d66
SHA2568688d100c83947a3d970317f50f857478344c5619c3e5490756ee21c58e5143a
SHA512cf5dab5edf9dc71c4fbb5eeaea30774c9e35018835c823065dccca8c1014af57e8527887648e2a7aa7328ecc5b963b3766da69624927db7176cb510b42e931fe
-
Filesize
78KB
MD5d6b00c7254342be51942caa32851b088
SHA1fc6edf1f1b19e206c054e66e25eb27ba33e661bc
SHA2566559e7bcdd6c10bdd0abd65e3d8bdad52a6292d1183c3ea7f384830778634178
SHA5128a87f8ec871bc2fd7ea2e113dfbb68bc1efaab2864646f99d4f8e9bd6399967dc51f410768b7ae7702799bed16d916298df52975594276ef035e60eee5dcabd4
-
Filesize
78KB
MD5d6b00c7254342be51942caa32851b088
SHA1fc6edf1f1b19e206c054e66e25eb27ba33e661bc
SHA2566559e7bcdd6c10bdd0abd65e3d8bdad52a6292d1183c3ea7f384830778634178
SHA5128a87f8ec871bc2fd7ea2e113dfbb68bc1efaab2864646f99d4f8e9bd6399967dc51f410768b7ae7702799bed16d916298df52975594276ef035e60eee5dcabd4
-
Filesize
78KB
MD5ca2df8c5ae3574a9a67d78812b68d1f1
SHA17fb77750c39734c3bc4c8109bb66a26e78bbe03a
SHA2565eac4ee79fcbb36a1698cbbfaac99f9c7d193f6e002e1107da9f333c51de959d
SHA512798f2411c7002371cb676de4030e47aea2f3f6e60c85e054979e0e0311f2f9183d69ba83ebb35023d67c3664d4ce3e874b186a41e29f650d8e74d5a36aefc5b3
-
Filesize
78KB
MD5ca2df8c5ae3574a9a67d78812b68d1f1
SHA17fb77750c39734c3bc4c8109bb66a26e78bbe03a
SHA2565eac4ee79fcbb36a1698cbbfaac99f9c7d193f6e002e1107da9f333c51de959d
SHA512798f2411c7002371cb676de4030e47aea2f3f6e60c85e054979e0e0311f2f9183d69ba83ebb35023d67c3664d4ce3e874b186a41e29f650d8e74d5a36aefc5b3
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
-
-
Filesize
84KB
-
Filesize
84KB
-
-
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
-
-
Filesize
84KB