2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd

Analysis

max time kernel
208s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Size

76KB
MD5

44c0ddd1ec325428c1c8d98b7fc3b299
SHA1

2d7e7010aebd980088a43a718d38ef06e80cf713
SHA256

2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd
SHA512

80094a16c15bf789bad1d5d7f90761ee4f87a66ca599c8ad80ce4ab98aaf3ce8a75f7e96ddee683a3d53d8e647d5d91bdacae2623439250412340f0304766d49
SSDEEP

1536:TeeeqxCzG6mGdvSUPqeI0bKB/8fvsmKGID0v4o4aA6d82hW8fPL9:MzG6T1Z+B/k2wv/p8vYL9

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 5 IoCs

Processes:

2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\qrhljwvn.exe	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\sekbhrbe.exe	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe

Modifies registry class 12 IoCs

Processes:

2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\ = "tttzletjkktnejhe"	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\db\\qrhljwvn.exe"	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3B52D99-86CC-F1F8-C223-A4CC60C4852C}	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3B52D99-86CC-F1F8-C223-A4CC60C4852C}\ = "kzjcbjbreveltskb"	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3B52D99-86CC-F1F8-C223-A4CC60C4852C}\LocalServer32	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\ = "evttqbqkrnhhhbee"	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\jre\\sekbhrbe.exe"	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3B52D99-86CC-F1F8-C223-A4CC60C4852C}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe"	2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe

C:\Users\Admin\AppData\Local\Temp\2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe
"C:\Users\Admin\AppData\Local\Temp\2e5b5cd72faebf4e1bec806fa9f751bd0e3ecf4ce169b0dbbf64648b16063ffd.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4260-132-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/4260-133-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/4260-134-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download