97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57

Analysis

max time kernel
173s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
Size

469KB
MD5

80f2a7ab611abd0e3e2f3e34bea2db83
SHA1

b21884a2336b2140259beec457e39d509171b340
SHA256

97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57
SHA512

a3409fa21f699fdf5500842d24508afcc1a67be2641b4d693e0d303f8e24173e21d1058599a48f903a27a1c8ca48356a0d8e8e7f50c878ff75b64944c6dc8dd2
SSDEEP

12288:Hr3ZBIR6Um1xs4B5IDx7jnClb0FwljX1cE3q8Ni:zZB269wIKDtU3QE3qV

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wbem\oeminfo.ini	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File created	C:\Windows\SysWOW64\wbem\hac.exe	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File opened for modification	C:\Windows\SysWOW64\wbem\hac.exe	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File opened for modification	C:\Windows\SysWOW64\wbem\hctabt.dll	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File opened for modification	C:\Windows\SysWOW64\wbem\logos.jpg	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File created	C:\Windows\SysWOW64\wbem\logob.bmp	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File opened for modification	C:\Windows\SysWOW64\wbem\logob.bmp	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File opened for modification	C:\Windows\SysWOW64\wbem\Batch.bat	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File created	C:\Windows\SysWOW64\wbem\csrss.exe	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File created	C:\Windows\SysWOW64\wbem\logo.jpg	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File opened for modification	C:\Windows\SysWOW64\wbem\logo.jpg	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File created	C:\Windows\SysWOW64\wbem\wfpr.exe	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File opened for modification	C:\Windows\SysWOW64\wbem\wfpr.exe	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File created	C:\Windows\SysWOW64\wbem\oeminfo.ini	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File created	C:\Windows\SysWOW64\wbem\Batch.bat	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File opened for modification	C:\Windows\SysWOW64\wbem\csrss.exe	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File created	C:\Windows\SysWOW64\wbem\hctabt.dll	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
File created	C:\Windows\SysWOW64\wbem\logos.jpg	97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe

C:\Users\Admin\AppData\Local\Temp\97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe
"C:\Users\Admin\AppData\Local\Temp\97b478055ce531f7fbe85887df4e13fceeddddad375757af670a7b9bb5491b57.exe"
1⤵
- Drops file in System32 directory
PID:4300

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads