a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 17:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
Size

24KB
MD5

decde218d36f40ab87bb57bb2a8bd46e
SHA1

79223fbbebd02a201131107f7b44c989795b577f
SHA256

a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07
SHA512

6c23acf8daccb04ed7c370834fe9fec4439b9cfaf92b5ef1eca0692114c186c22f2f5d968cbe970e693d6f1a75c398c214c2891c660d8157b822d7c96a871216
SSDEEP

192:/TryrNLtWYp/nMSQOB7byHmPIPs/C1ikhjWS4tWfC:/TryJLtWS/ntH7bDPIPs/doWSvC

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1932	cmd.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\dpwsockx.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDLT1.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDROPR.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\psbase.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\shgina.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDINASA.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\mscoree.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\ntprint.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\secinit.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\cewmdm.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\hhctrl.ocx	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\mssrch.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\wmpsrcwp.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\cryptdlg.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dhcpcsvc6.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\netsh.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\wscmisetup.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\mspatcha.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\wshcon.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\FXSXP32.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\hnetcfg.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\iasads.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\locale.nls	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\mdminst.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\NlsData0047.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\WsmRes.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\snmpapi.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\compobj.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dllhost.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDUR.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\qasf.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\MuiUnattend.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\odbcint.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\openfiles.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\TRAPI.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\ACCTRES.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\C_10006.NLS	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDCZ1.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File opened for modification	\??\c:\windows\SysWOW64\license.rtf	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\UIRibbonRes.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File opened for modification	\??\c:\windows\SysWOW64\vcruntime140.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\wpcsvc.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\xpsrchvw.xml	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\spwizres.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\uxlib.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\DeviceMetadataParsers.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\imm32.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\input.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\pla.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\ReAgent.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File opened for modification	\??\c:\windows\SysWOW64\vfpodbc.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDUGHR.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\l2gpstore.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\MP3DMOD.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\NlsLexicons0010.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\WlS0WndH.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDSORS1.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\NaturalLanguage6.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\NlsData0049.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\runonce.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\scansetting.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\capiprovider.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\d3d10level9.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\eappgnui.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1168	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 1932	1168	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe	27
PID 1168 wrote to memory of 1932	1168	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe	27
PID 1168 wrote to memory of 1932	1168	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe	27
PID 1168 wrote to memory of 1932	1168	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe	27

C:\Users\Admin\AppData\Local\Temp\a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
"C:\Users\Admin\AppData\Local\Temp\a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\SysWOW64\cmd.exe
  cmd /c a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.bat
  2⤵
  - Deletes itself
  PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.bat

Filesize
148B

MD5
95cbb922d1816f2d5b100b05283d6b51

SHA1
bfff3e75b7360aae24d9428e63e074126beb2e79

SHA256
865e4d6c26280c45421de2eafd3daff68c88edce26813b3ab074cdf8c8f6dd90

SHA512
5c3f6557a0a84aa181c9bb5ea6d85c5c4f2476d5d4ac7f47e86fdb48afcf323efd16a82b9ac62745d67fa04f297a31a236ca64d8272eeb6cf6cb44848fcb95ad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads