dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8

Analysis

max time kernel
165s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
Size

85KB
MD5

0de1606a532bf528b1a540476c169900
SHA1

6f3819167f60af9cdf692ef8e45c772680eecd0a
SHA256

dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8
SHA512

9dc659a3feccbf96066de1c7c1f358880b53c83653ec3e08855e5150a3e518ec051c37ce64407dc22757d24891c2e48649384407d925b1f0f35bfe079b1341fd
SSDEEP

1536:larO2R3XZVPlF31n1TClFvLLcAGJn+yRJCPDzpNUibYz7K3wO3z8cp:lV2BZVPlFlnxClFvLLcA+sPDzpJk7FOJ

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\FeslOgs.com	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe

Drops file in Windows directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win32dc\DAoC + trainer.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\Sims 2(hack).exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\DAoC_fix.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\Quake3_patch.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File opened for modification	C:\Windows\win32dc\Quake3 + trainer.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\DAoC + trainer.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File opened for modification	C:\Windows\win32dc\Quake3 nocd.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\Quake3_codes.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File opened for modification	C:\Windows\win32dc\Doom 3_cdfix.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\Quake3 nocd.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File opened for modification	C:\Windows\win32dc\Quake3_codes.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File opened for modification	C:\Windows\win32dc\Quake3_patch.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\Half-Life 2(nocd).exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2(nocd).exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\Quake3 + trainer.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\Doom 3_cdfix.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File created	C:\Windows\win32dc\Doom 3 + codes.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
File opened for modification	C:\Windows\win32dc\DAoC_fix.exe	dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe

C:\Users\Admin\AppData\Local\Temp\dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe
"C:\Users\Admin\AppData\Local\Temp\dc8e1efc3ad98238246bbbdd7b560859341eb00fc84726459174f2cc19ccb8f8.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2468

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads