99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23

General

Target

99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Size

441KB
MD5

35bf4ab212827bf252272a2aaf21b3ce
SHA1

22516dce53c484df6340bc60f09c104f6c1a0a6d
SHA256

99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23
SHA512

3fdbe01f01423b54779a3f7aa6a87e6954c50efd5a4e93096365d706f24ed6329b2338c97503d46858d8c6572418cd03d12de6ac3631511f02d3780c25df6d1f
SSDEEP

6144:WYFLHGeOf1F2idZecnl20lHRxp3gQncduD7yB9VCO6Sco4q8+dE6CqCqds3j:Wg7HOXF3Z4mxxrDqVTVOC3W

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 51 IoCs

Processes:

99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe

description	ioc	process
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\■35dh上网导航-最精彩神秘的网址大全！.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File opened for modification	C:\Program Files\Internet Explorer\MUIE\iexplore.exe	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File opened for modification	C:\Program Files (x86)\NetMeeting\Common\2313	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\6679.tmp	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\VANCL 凡客诚品在线销售男装女装童装鞋配饰家居.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\京东商城-中国专业的电脑、手机、数码、家电、日用百货网上购物商城.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\麦考林网上购物，享受网购乐趣，尽在麦网购物商城! 时尚女装内衣配饰化妆品美容保健童装母婴家居用品男装等购物精品!2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files\Internet Explorer\MUIE\iexplore.exe	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\tmp854.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\tmp554.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\■绝色高清电影网.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\■极光网络电视-极速高清网络电视在线观看2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\一本小说网--免费阅读武侠、言情、网游、玄幻等小说.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\当当网—网上购物中心：图书、母婴、美妆、家居、数码、家电、服装、鞋包等，正品低价，货到付款2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\最新电视剧大全.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\最新电视剧大全2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\淘宝网 - 淘！我喜欢2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\淘宝商城-品牌正品商城保障2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File opened for modification	C:\Program Files\Internet Explorer\MUIE	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\desktop.scf	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\8151.tmp	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\1583.tmp	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\6954.tmp	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\■绝色高清电影网2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\tmp427.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\487.tmp	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\■35dh上网导航-最精彩神秘的网址大全！2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\tmp304.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\884.tmp	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\5777.tmp	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\■71755小游戏-最好玩的在线小游戏！2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\淘宝商城-品牌正品商城保障.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\京东商城-中国专业的电脑、手机、数码、家电、日用百货网上购物商城2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\淘宝网 - 淘！我喜欢.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\卓越亚马逊网上购物图书，手机，数码，家电，化妆品，钟表，首饰等在线销售2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\当当网—网上购物中心：图书、母婴、美妆、家居、数码、家电、服装、鞋包等，正品低价，货到付款.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\麦考林网上购物，享受网购乐趣，尽在麦网购物商城! 时尚女装内衣配饰化妆品美容保健童装母婴家居用品男装等购物精品!.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\清纯诱惑美女图2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\VANCL 凡客诚品在线销售男装女装童装鞋配饰家居2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\卓越亚马逊网上购物图书，手机，数码，家电，化妆品，钟表，首饰等在线销售.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\tmp550.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\tmp727.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\tmp986.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\8185.tmp	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\tmp527.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\■71755小游戏-最好玩的在线小游戏！.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\■极光网络电视-极速高清网络电视在线观看.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\中国福利彩票，时时彩、体育彩票投注中心！【彩票大赢家】.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\中国福利彩票，时时彩、体育彩票投注中心！【彩票大赢家】2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\清纯诱惑美女图.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
File created	C:\Program Files (x86)\NetMeeting\Common\2313\temp2\一本小说网--免费阅读武侠、言情、网游、玄幻等小说2.bak	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile\shellex	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cuh1	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\ = "????"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\IsShortcut	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\NeverShowExt	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\DefaultIcon\ = "C:\\Program Files\\Internet Explorer\\iexplore.exe,0"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\shell\open\command\ = "\"C:\\Program Files (x86)\\NetMeeting\\Common\\2313\\soxerg.exe\" \"%1\""	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\shell\open\command	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\shell\ = "open"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\shellex\ContextMenuHandlers\	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\shell\open\command\ = "\"C:\\Program Files (x86)\\NetMeeting\\Common\\2313\\soxerg.exe\" \"%1\""	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\shellex	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile\shell\open\command\ = "\"C:\\Program Files (x86)\\NetMeeting\\Common\\2313\\soxerg.exe\" \"%1\""	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\shellex	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cuh1\ = "cuh1file"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cuh1a	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile\ = "????"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile\shell\open	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile\shellex\ContextMenuHandlers\	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\shell\open\command\ = "\"C:\\Program Files (x86)\\NetMeeting\\Common\\2313\\soxerg.exe\" \"%1\""	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\ = "????"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\shell\ = "open"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\shellex\ContextMenuHandlers	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\shellex\ContextMenuHandlers	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\shellex	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\ = "????"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile\DefaultIcon\ = "%SystemRoot%\\explorer.exe,0"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\shell\ = "open"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\NeverShowExt	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\IsShortcut	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\shell	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\NeverShowExt	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\shell\ = "open"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile\IsShortcut	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\DefaultIcon	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\shell\open\command	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\NeverShowExt	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\shell\open\command	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\DefaultIcon	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile\shell	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\shell\open	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\DefaultIcon	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\shellex\ContextMenuHandlers	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\shellex\ContextMenuHandlers\	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\IsShortcut	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\shell	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\DefaultIcon	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\DefaultIcon\ = "%SystemRoot%\\explorer.exe,3"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\shellex\ContextMenuHandlers\	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\shell\open	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cuh1b\ = "cuh1bfile"	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1afile\shell\open\command	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\900efile\shellex\ContextMenuHandlers\	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bt89file\shell\open\command\ = "\"C:\\Program Files (x86)\\NetMeeting\\Common\\2313\\soxerg.exe\" \"%1\""	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1file\shell\open	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\shell	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\shell\open\command	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cuh1bfile\shell\open	99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe

C:\Users\Admin\AppData\Local\Temp\99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
"C:\Users\Admin\AppData\Local\Temp\99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:968

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/968-54-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download
memory/968-55-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/968-56-0x0000000000380000-0x00000000003D4000-memory.dmp

Filesize
336KB

Download
memory/968-57-0x00000000031B0000-0x00000000031B3000-memory.dmp

Filesize
12KB

Download
memory/968-58-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/968-59-0x0000000000380000-0x00000000003D4000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing