57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2

General

Target

57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Size

76KB
MD5

3c6f13f9194e840df4fe14c20bfedd7e
SHA1

77c5d09fe28eb46d5f2ca6b5e01b8397e0dee3a8
SHA256

57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2
SHA512

7ac31c0ace0766e464b668a1332b9afedae731da97be2663c531fa26bcd03d8d6166074228d59b05257814d4fc886189900cdc1d2eb2dfaac208f6f4aef5c295
SSDEEP

1536:J4CrTb9wJWJGnPteODFb5Tdti63S5UzEC7bMn2X6NSjEErxTWDTMqhGKYIZTET8x:J4CP5wrnYODFbba5+bX6cjBkMqhGKZTF

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 13 IoCs

Processes:

57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\qrhljwvn.exe	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\sekbhrbe.exe	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\nsstljje.exe	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\njqrsbcq.exe	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe

Modifies registry class 22 IoCs

Processes:

57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\db\\qrhljwvn.exe"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\\nsstljje.exe"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "knxbhlnxkehtrhtk"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1C6D1A7-46A9-48AD-8378-501768D8233A}	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1C6D1A7-46A9-48AD-8378-501768D8233A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\ = "khltqbbjwcblenhe"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "ckhjjjtebtesrves"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1C6D1A7-46A9-48AD-8378-501768D8233A}\LocalServer32	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "cjchsrrwjeecerzk"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\jre\\sekbhrbe.exe"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "csqksbnelrernhlj"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\\njqrsbcq.exe"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1C6D1A7-46A9-48AD-8378-501768D8233A}\ = "kecxeszqblhvwhlc"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\ = "bebqxsrhljjnbchk"	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32	57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe

C:\Users\Admin\AppData\Local\Temp\57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe
"C:\Users\Admin\AppData\Local\Temp\57d3039b64d7937f8194c1d448f492e1d113dec9d8e8b518044a5b673c62efc2.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-132-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1388-133-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1388-134-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1388-135-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download

Analysis

Sharing