ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exe
Size

2.5MB
MD5

0de2bcd7f0289975042ff6f3b8aed417
SHA1

36c1d9090ce1cbc2b07ad3b83fd057abb8b53d9a
SHA256

ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca
SHA512

571983e450ee98a67e400afb6f283d0122a3565e5b6e4e9a6fd367af38a5ee321459ad24ed1c14799492e9e33811e7ba4970d0dd611402b6c36dbed7bbed48ec
SSDEEP

49152:h1Os3PHVmVhYwiLtKkKyW4nFU0I+NP/f7I3lMOaYjdxvL0HV:h1OYHVl71RnFXINxv0

Score

8^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

mOfDwGpjVivQgzi.exe

pid process

996 mOfDwGpjVivQgzi.exe
Loads dropped DLL 4 IoCs

Processes:

ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exemOfDwGpjVivQgzi.exeregsvr32.exeregsvr32.exe

pid process

884 ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exe
996 mOfDwGpjVivQgzi.exe
632 regsvr32.exe
560 regsvr32.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
996	mOfDwGpjVivQgzi.exe

pid	process
884	ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exe
996	mOfDwGpjVivQgzi.exe
632	regsvr32.exe
560	regsvr32.exe

Drops Chrome extension 3 IoCs

Processes:

mOfDwGpjVivQgzi.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngfkpejjecpckjahnpgpkpmbppmgdbof\1.3\manifest.json	mOfDwGpjVivQgzi.exe
File created	C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngfkpejjecpckjahnpgpkpmbppmgdbof\1.3\manifest.json	mOfDwGpjVivQgzi.exe
File created	C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngfkpejjecpckjahnpgpkpmbppmgdbof\1.3\manifest.json	mOfDwGpjVivQgzi.exe

Installs/modifies Browser Helper Object 2 TTPs 11 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

regsvr32.exemOfDwGpjVivQgzi.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}	mOfDwGpjVivQgzi.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}	mOfDwGpjVivQgzi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\	mOfDwGpjVivQgzi.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}	mOfDwGpjVivQgzi.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects	mOfDwGpjVivQgzi.exe

Drops file in System32 directory 4 IoCs

Processes:

mOfDwGpjVivQgzi.exe

description	ioc	process
File opened for modification	C:\Windows\System32\GroupPolicy	mOfDwGpjVivQgzi.exe
File opened for modification	C:\Windows\SysWOW64\GroupPolicy\gpt.ini	mOfDwGpjVivQgzi.exe
File created	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	mOfDwGpjVivQgzi.exe
File opened for modification	C:\Windows\System32\GroupPolicy\GPT.INI	mOfDwGpjVivQgzi.exe

Drops file in Program Files directory 8 IoCs

Processes:

mOfDwGpjVivQgzi.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.dll	mOfDwGpjVivQgzi.exe
File created	C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.tlb	mOfDwGpjVivQgzi.exe
File opened for modification	C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.tlb	mOfDwGpjVivQgzi.exe
File created	C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.dat	mOfDwGpjVivQgzi.exe
File opened for modification	C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.dat	mOfDwGpjVivQgzi.exe
File created	C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.x64.dll	mOfDwGpjVivQgzi.exe
File opened for modification	C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.x64.dll	mOfDwGpjVivQgzi.exe
File created	C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.dll	mOfDwGpjVivQgzi.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

mOfDwGpjVivQgzi.exe

pid process

996 mOfDwGpjVivQgzi.exe
996 mOfDwGpjVivQgzi.exe
996 mOfDwGpjVivQgzi.exe
996 mOfDwGpjVivQgzi.exe

pid	process
996	mOfDwGpjVivQgzi.exe
996	mOfDwGpjVivQgzi.exe
996	mOfDwGpjVivQgzi.exe
996	mOfDwGpjVivQgzi.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exemOfDwGpjVivQgzi.exeregsvr32.exe

description	pid	process	target process
PID 884 wrote to memory of 996	884	ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exe	mOfDwGpjVivQgzi.exe
PID 884 wrote to memory of 996	884	ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exe	mOfDwGpjVivQgzi.exe
PID 884 wrote to memory of 996	884	ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exe	mOfDwGpjVivQgzi.exe
PID 884 wrote to memory of 996	884	ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exe	mOfDwGpjVivQgzi.exe
PID 996 wrote to memory of 632	996	mOfDwGpjVivQgzi.exe	regsvr32.exe
PID 996 wrote to memory of 632	996	mOfDwGpjVivQgzi.exe	regsvr32.exe
PID 996 wrote to memory of 632	996	mOfDwGpjVivQgzi.exe	regsvr32.exe
PID 996 wrote to memory of 632	996	mOfDwGpjVivQgzi.exe	regsvr32.exe
PID 996 wrote to memory of 632	996	mOfDwGpjVivQgzi.exe	regsvr32.exe
PID 996 wrote to memory of 632	996	mOfDwGpjVivQgzi.exe	regsvr32.exe
PID 996 wrote to memory of 632	996	mOfDwGpjVivQgzi.exe	regsvr32.exe
PID 632 wrote to memory of 560	632	regsvr32.exe	regsvr32.exe
PID 632 wrote to memory of 560	632	regsvr32.exe	regsvr32.exe
PID 632 wrote to memory of 560	632	regsvr32.exe	regsvr32.exe
PID 632 wrote to memory of 560	632	regsvr32.exe	regsvr32.exe
PID 632 wrote to memory of 560	632	regsvr32.exe	regsvr32.exe
PID 632 wrote to memory of 560	632	regsvr32.exe	regsvr32.exe
PID 632 wrote to memory of 560	632	regsvr32.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exe
"C:\Users\Admin\AppData\Local\Temp\ad7dcda900b09c87ec4092c492b2c53146be7f7e0313940258251ed292ef96ca.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:884

C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\mOfDwGpjVivQgzi.exe
.\mOfDwGpjVivQgzi.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:996

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.x64.dll"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:632

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.x64.dll"
4⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
PID:560

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.dat
Filesize
7KB

MD5
c9e576a7bca52eaeca4a0b2a5cef6d8f

SHA1
8d1dc8b7fe4f5f5b66f67c79c776cac365cf5758

SHA256
bdf58414a6fb65ba6bcbc246650aa26e4f0bc75727531b715e8d5665fdfc9d65

SHA512
631ada024f11c4df00c23289635551c3aae895abb4de4eebc461ac64ebdc5dece65db4d7d569e2d537472c44f1fb9f082d4d3a6f1ef0b4936004a8ffdb7e2d5b

Download Submit
C:\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.x64.dll
Filesize
885KB

MD5
1a6b1013f17c1cdc6e98f82cd2568ea8

SHA1
c96e7bdba616743a5c05b08a342d89ed102376b0

SHA256
fa9dd2bd7850053b251c9b5f27f1ac43ad04abf85de61b1928b7c2d562d3290a

SHA512
10596f46c52ca3f50d6b3c7c894fff8b41f4fe920c6e5e0138cf7e95e85bfe1db8d5f1a63939832cd48cf29f571dd36de40ebb931fb9b14a106518ae4fc17ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\[email protected]\bootstrap.js
Filesize
2KB

MD5
df13f711e20e9c80171846d4f2f7ae06

SHA1
56d29cda58427efe0e21d3880d39eb1b0ef60bee

SHA256
6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4

SHA512
6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\[email protected]\chrome.manifest
Filesize
35B

MD5
fc18aff432386c02c7ed53b0d6d4a27d

SHA1
69d001301123fbeb9a52f53490c051d01c113d38

SHA256
ed434a807f68e6573307b6f076f4a24cbfbd115e64deedd2b0d9d3b8c457b487

SHA512
0ba6e09ff29382f10ee92547fda6981981eb25a26411d8167519b4d6064f1f0aeba35227d13eee66663a86c0fdd84aba975f11103e38410b7deec1188dbc0cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\[email protected]\content\bg.js
Filesize
8KB

MD5
d6f16d5fcb18aa491b11aca42d2dfcf3

SHA1
ec48acd936b5914e119a3054a3d051ecb631e5ac

SHA256
db122246e997b5d70afbf3f1c80509ef2a61ebd130d144c5b1711c12ca61c3e9

SHA512
f72a52562bbae1a09dddb05dba97fece56a8f742b8f062440053bf5eb09d977c4f2ab468e32bdc75e9917567db31b5722e9c8a7da25a113de20cb71808b9bff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\[email protected]\install.rdf
Filesize
591B

MD5
395640f90ba5c4b3d6c365fc04198b7e

SHA1
7e5d8f2e5f02ae9551d08bb9a9d3bfad4582bc15

SHA256
8b8ea372ad226d9cb9bc62e9e5f9ab570575ef6ce5e65bf174645fc780c59589

SHA512
0906487fa686342fb7aa6a8d14a5f62a708c551a7fbfcd454764e31d7c7552ab28cd981b41aed9af61eb45509d909e8be929b029e4edd657d4d416ed9139fcd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\gK6IqYd4Z3g32a.dll
Filesize
747KB

MD5
d949da968ea04ac3a7ddf0e300bb32be

SHA1
581d7d799c538b8e9e578cf57c420fb802d5a201

SHA256
5c4756451acf8622efa75639f9131ca8215c165e2ef21cc1ab7f8fee77db462b

SHA512
fd00e332af52646425f0d4032bb1bbfc85a44ff274bcf212f1264a29be546db4c1ceab7da32c70248a6baa2c55d2dff47dcb2ac441c783a1d9d1260c4685eb7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\gK6IqYd4Z3g32a.tlb
Filesize
3KB

MD5
5b503f1b4056c3d4fbf2d03f88e1adfe

SHA1
c8d659ea27bf0ca0bbfd46865d5796589bf9ef68

SHA256
231ef0fef77ab6c7fea053f64a9ce7f9e21646b868bfe391962262fc15c9bb6c

SHA512
229207201368d9674258389df19132070390f913aa5cc21b7567c515be5f5e0f07cdaa460d497ae355f27f00f7fc75538783d8890f6c9c0e861a7ecb8f520bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\gK6IqYd4Z3g32a.x64.dll
Filesize
885KB

MD5
1a6b1013f17c1cdc6e98f82cd2568ea8

SHA1
c96e7bdba616743a5c05b08a342d89ed102376b0

SHA256
fa9dd2bd7850053b251c9b5f27f1ac43ad04abf85de61b1928b7c2d562d3290a

SHA512
10596f46c52ca3f50d6b3c7c894fff8b41f4fe920c6e5e0138cf7e95e85bfe1db8d5f1a63939832cd48cf29f571dd36de40ebb931fb9b14a106518ae4fc17ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\mOfDwGpjVivQgzi.dat
Filesize
7KB

MD5
c9e576a7bca52eaeca4a0b2a5cef6d8f

SHA1
8d1dc8b7fe4f5f5b66f67c79c776cac365cf5758

SHA256
bdf58414a6fb65ba6bcbc246650aa26e4f0bc75727531b715e8d5665fdfc9d65

SHA512
631ada024f11c4df00c23289635551c3aae895abb4de4eebc461ac64ebdc5dece65db4d7d569e2d537472c44f1fb9f082d4d3a6f1ef0b4936004a8ffdb7e2d5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\mOfDwGpjVivQgzi.exe
Filesize
760KB

MD5
dcd148f6f3af3e3b0935c4fcc9f41811

SHA1
ee9bdbc7c568c7832d90b85921ab20030b6734cd

SHA256
f8689641199c6fc430121797965485d95abfbc430753e0e668817ab3b511a1e4

SHA512
34be8e60dc2decf8287a71516f359e80bb858ce52218dde1b01c821c9b95be38821f068b79b0da8dbe90865560e7ddab77b25e3971dda9be667fb3ae8f174886

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\mOfDwGpjVivQgzi.exe
Filesize
760KB

MD5
dcd148f6f3af3e3b0935c4fcc9f41811

SHA1
ee9bdbc7c568c7832d90b85921ab20030b6734cd

SHA256
f8689641199c6fc430121797965485d95abfbc430753e0e668817ab3b511a1e4

SHA512
34be8e60dc2decf8287a71516f359e80bb858ce52218dde1b01c821c9b95be38821f068b79b0da8dbe90865560e7ddab77b25e3971dda9be667fb3ae8f174886

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\ngfkpejjecpckjahnpgpkpmbppmgdbof\QdsjxAXx.js
Filesize
6KB

MD5
636cc278897694e0fadea7e8eead1700

SHA1
55776ff7695be16cd07c28501c425fe6917098bb

SHA256
52f81372143b500b42c1d1fe9c35993f6435ebf05b4e946044e01e3ea0b12c4d

SHA512
6f8bee79d6ab918ed565716921a0402997270b8101202647c979e28853314a8324ecd3ff4df911a6dac6092edd3ff4d538c2dac5e48032c56a84085ddc42e9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\ngfkpejjecpckjahnpgpkpmbppmgdbof\background.html
Filesize
145B

MD5
5c8f1bc204ea3e35310b1f39b4e46a18

SHA1
b331897d972e0797fc099ed1402d583cb56b797a

SHA256
6aa594d65b1d7b0d299ff5d2e3d83b2b5c504d7bddcce6763aaf8e3dc4fa636f

SHA512
ee0386aa7875d0403f2971f6e45c36a8a050c1a313923b31f7c2e5e069ee8cc8cb83cb7cd2d999ee4ad67ad77fe69f66b805e9d71473dbb9c8f668ef42ef63cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\ngfkpejjecpckjahnpgpkpmbppmgdbof\content.js
Filesize
144B

MD5
fca19198fd8af21016a8b1dec7980002

SHA1
fd01a47d14004e17a625efe66cc46a06c786cf40

SHA256
332b00395bc23d4cb0bf6506b0fbb7e17d690ed41f91cf9b5d1c481cb1d3e82a

SHA512
60f4286b3818f996fab50c09b191fbc82ed1c73b2b98d00b088b5afbbc0368c01819bd3868bd3c6bcb2cd083b719e29c28209317c7411213a25f923cfc1f0e47

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\ngfkpejjecpckjahnpgpkpmbppmgdbof\lsdb.js
Filesize
531B

MD5
36d98318ab2b3b2585a30984db328afb

SHA1
f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5

SHA256
ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7

SHA512
6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB108.tmp\ngfkpejjecpckjahnpgpkpmbppmgdbof\manifest.json
Filesize
498B

MD5
664e2884e17f23553a19eee317642194

SHA1
a28ccc088d6b6692646150f3e8f111e568723fb4

SHA256
ee4ef853224cde2aa7e54351c02bc811af939202b82e19cbd1cc011fc3565191

SHA512
b2cef8c4dfb6a0648f21c53393b982c9171d8a0344a94970c13866ebd2870de2cd99dab5984000b10802c54a748230104c7997c3d2cd3ac5e97c9355a4cb7ecb

Download Submit
\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.dll
Filesize
747KB

MD5
d949da968ea04ac3a7ddf0e300bb32be

SHA1
581d7d799c538b8e9e578cf57c420fb802d5a201

SHA256
5c4756451acf8622efa75639f9131ca8215c165e2ef21cc1ab7f8fee77db462b

SHA512
fd00e332af52646425f0d4032bb1bbfc85a44ff274bcf212f1264a29be546db4c1ceab7da32c70248a6baa2c55d2dff47dcb2ac441c783a1d9d1260c4685eb7e

Download Submit
\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.x64.dll
Filesize
885KB

MD5
1a6b1013f17c1cdc6e98f82cd2568ea8

SHA1
c96e7bdba616743a5c05b08a342d89ed102376b0

SHA256
fa9dd2bd7850053b251c9b5f27f1ac43ad04abf85de61b1928b7c2d562d3290a

SHA512
10596f46c52ca3f50d6b3c7c894fff8b41f4fe920c6e5e0138cf7e95e85bfe1db8d5f1a63939832cd48cf29f571dd36de40ebb931fb9b14a106518ae4fc17ef9

Download Submit
\Program Files (x86)\Vaudix\gK6IqYd4Z3g32a.x64.dll
Filesize
885KB

MD5
1a6b1013f17c1cdc6e98f82cd2568ea8

SHA1
c96e7bdba616743a5c05b08a342d89ed102376b0

SHA256
fa9dd2bd7850053b251c9b5f27f1ac43ad04abf85de61b1928b7c2d562d3290a

SHA512
10596f46c52ca3f50d6b3c7c894fff8b41f4fe920c6e5e0138cf7e95e85bfe1db8d5f1a63939832cd48cf29f571dd36de40ebb931fb9b14a106518ae4fc17ef9

Download Submit
\Users\Admin\AppData\Local\Temp\7zSB108.tmp\mOfDwGpjVivQgzi.exe
Filesize
760KB

MD5
dcd148f6f3af3e3b0935c4fcc9f41811

SHA1
ee9bdbc7c568c7832d90b85921ab20030b6734cd

SHA256
f8689641199c6fc430121797965485d95abfbc430753e0e668817ab3b511a1e4

SHA512
34be8e60dc2decf8287a71516f359e80bb858ce52218dde1b01c821c9b95be38821f068b79b0da8dbe90865560e7ddab77b25e3971dda9be667fb3ae8f174886

Download Submit
memory/560-77-0x0000000000000000-mapping.dmp

Download
memory/560-78-0x000007FEFC201000-0x000007FEFC203000-memory.dmp

Filesize
8KB

Download
memory/632-73-0x0000000000000000-mapping.dmp

Download
memory/884-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download
memory/996-56-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads