2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
Size

30KB
MD5

0c7e5a8a06d25a02e3d2f575efc69330
SHA1

166106326c853686be258c962ae160db438a4b31
SHA256

2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da
SHA512

def0fb9fb7b85390183db48670e233a30bcc8e4d4d82639b918255b582945e772f5d6cfcafaf6454165758792a01121f152565ae1c26f830df090ae34423e0f7
SSDEEP

192:0TD0cOQ2IwkW8jAbKpWwD42FC/8eFWY4Wgh9IBcdtM2w0ik:pcZR9jyKpWwDjFlyWY4WXc/C0v

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\bootcfg.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\dpapimig.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\label.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\TSTheme.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\wsmprovhost.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\cmdl32.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\getmac.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\rundll32.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\shutdown.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\auditpol.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\ComputerDefaults.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\regedit.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\ROUTE.EXE	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\diskraid.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\gpupdate.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\sbunattend.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\calc.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\forfiles.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\ipconfig.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\mobsync.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\mshta.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\setup16.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\srdelayed.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\taskkill.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\WerFaultSecure.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\dialer.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\netbtugc.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\netsh.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\sethc.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\waitfor.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\attrib.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\diskperf.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\hdwwiz.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\LocationNotifications.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\MigAutoPlay.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\nslookup.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\upnpcont.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\cacls.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\mstsc.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\takeown.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\tzutil.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\dvdplay.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\isoburn.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\odbcad32.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\print.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\regedt32.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\relog.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\runonce.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\wowreg32.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\cipher.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\cttune.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\help.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\Utilman.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\AtBroker.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\fc.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\mspaint.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\printui.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\rasdial.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\resmon.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\shrpubw.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\wusa.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\dllhost.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\SysWOW64\dplaysvr.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\explorer.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\hh.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\notepad.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\splwow64.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\twunk_32.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\bfsvc.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\fveupdate.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\HelpPane.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\twunk_16.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\winhlp32.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
File opened for modification	C:\Windows\write.exe	2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe

C:\Users\Admin\AppData\Local\Temp\2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe
"C:\Users\Admin\AppData\Local\Temp\2118417b1b796fd386e01651b5a8b7c6cd380c5e4626b9ff255215eb1b1543da.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1600-55-0x0000000001000000-0x000000000100AB00-memory.dmp

Filesize
42KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads