3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b

General

Target

3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Size

76KB
MD5

a0cf7b1b5b808777831e96248419def9
SHA1

345b025e16bf83484f29a65dd56e50577240e219
SHA256

3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b
SHA512

9ae695c132c11ade355abad84e026ec0b0a291c69b7768f4cec74c79ace0312cc5aeb8f6e4b4375ca0997d0a6823494e7a31645e9fe15a9219a67b2d989c78c7
SSDEEP

1536:93330L3U4HFH8DVDFi1OJ3pe8D7H/Hy9yDTy1Gq2pjVrs2ryrd1vUQuq6:93330Tx8FFiwJ3pe8D769LEq2Hs2qo

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\nsstljje.exe	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\qrhljwvn.exe	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\sekbhrbe.exe	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\njqrsbcq.exe	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe

Modifies registry class 22 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{006B5FAA-66BA-46D0-81D5-DE8B4ED06551}	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{006B5FAA-66BA-46D0-81D5-DE8B4ED06551}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{006B5FAA-66BA-46D0-81D5-DE8B4ED06551}\LocalServer32	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\ = "lrbebqervhtztvee"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\ = "hxhrkscbeccqjkls"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\\nsstljje.exe"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\\njqrsbcq.exe"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\jre\\sekbhrbe.exe"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "khhnczznehxnztlh"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{006B5FAA-66BA-46D0-81D5-DE8B4ED06551}\ = "vhjbllcjbnezhjer"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\db\\qrhljwvn.exe"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "kbrsjlhrllrjntte"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "lvtbcsjvhzskbhxx"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "wcchrtznskwrkrnt"	3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe

C:\Users\Admin\AppData\Local\Temp\3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe
"C:\Users\Admin\AppData\Local\Temp\3b92ec6f910cbfe9231bad3aa1a2ecad0afb85950d9564f58ccadfe6f054e99b.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:3960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3960-132-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3960-133-0x0000000000500000-0x000000000051E000-memory.dmp

Filesize
120KB

Download
memory/3960-134-0x0000000000500000-0x000000000051E000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads