a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07

Analysis

max time kernel
146s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 17:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
Size

24KB
MD5

decde218d36f40ab87bb57bb2a8bd46e
SHA1

79223fbbebd02a201131107f7b44c989795b577f
SHA256

a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07
SHA512

6c23acf8daccb04ed7c370834fe9fec4439b9cfaf92b5ef1eca0692114c186c22f2f5d968cbe970e693d6f1a75c398c214c2891c660d8157b822d7c96a871216
SSDEEP

192:/TryrNLtWYp/nMSQOB7byHmPIPs/C1ikhjWS4tWfC:/TryJLtWS/ntH7bDPIPs/doWSvC

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\msdart.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\SyncSettings.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\user.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dfrgui.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dwmapi.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File opened for modification	\??\c:\windows\SysWOW64\mfc120ita.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\LicenseManagerApi.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\NetCfgNotifyObjectHost.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\pcwum.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\sdohlp.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\xcopy.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dbgcore.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\diskperf.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDINHIN.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\IasMigPlugin.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\oleaut32.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\usk.rs	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\agentactivationruntimewindows.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dot3hc.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\hgcpl.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\MSAlacDecoder.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\ndfetw.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\RegCtrl.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\wsmanconfig_schema.xml	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\adrclient.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\appmgmts.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\DeviceCredential.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\uxlibres.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\WinSATAPI.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dhcpcmonitor.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dpnaddr.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\UserDeviceRegistration.Ngc.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\rnr20.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\SecurityAndMaintenance_Error.png	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\shwebsvc.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\usoapi.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dimsroam.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\nshipsec.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\pidgenx.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\mssrch.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\rasctrnm.h	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\UIAutomationCore.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\Windows.UI.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\zipcontainer.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\chartv.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\colbact.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\MixedRealityRuntime.json	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\fwpolicyiomgr.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\resmon.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\wincredprovider.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dpwsockx.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\dxtrans.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\eventcls.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\mshtml.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\rsaenh.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\TpmInit.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\url.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\WerFaultSecure.exe	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\IPELoggingDictationHelper.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDBULG.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\KBDINMAL.DLL	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\odbccr32.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\ucrtbase_clr0400.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
File created	\??\c:\windows\SysWOW64\Windows.Networking.Proximity.dll	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3064	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 1604	3064	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe	80
PID 3064 wrote to memory of 1604	3064	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe	80
PID 3064 wrote to memory of 1604	3064	a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe	80

C:\Users\Admin\AppData\Local\Temp\a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe
"C:\Users\Admin\AppData\Local\Temp\a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.bat
  2⤵
  PID:1604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a1b90e39dd988d9f5e9a16011f5398b1408b87fbfa49b5d5699ed32abf282a07.bat

Filesize
148B

MD5
95cbb922d1816f2d5b100b05283d6b51

SHA1
bfff3e75b7360aae24d9428e63e074126beb2e79

SHA256
865e4d6c26280c45421de2eafd3daff68c88edce26813b3ab074cdf8c8f6dd90

SHA512
5c3f6557a0a84aa181c9bb5ea6d85c5c4f2476d5d4ac7f47e86fdb48afcf323efd16a82b9ac62745d67fa04f297a31a236ca64d8272eeb6cf6cb44848fcb95ad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads