Analysis
-
max time kernel
176s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 01:23
Static task
static1
Behavioral task
behavioral1
Sample
60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe
Resource
win7-20220901-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe
-
Size
1.1MB
-
MD5
03186a0f97d0d7735a077edf9cc51cca
-
SHA1
75be83ab326d4c2449c0445f0ef986150a2c38d6
-
SHA256
60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730
-
SHA512
f71895f15a76ca7d6e4d9b4f143750ff748b1cf7ed43bc8dd00bddbc7275c532ec783dd141bbb0c216b1c6ba7c267539647e37c344a8b52225177cb361bd778f
-
SSDEEP
6144:DW0rv6W0rvX/eSqjc3HsTaxoqREhlyJKEl6DuSt1llrHTripHtPeax4G5XNVt7Pa:uX/eOyaiqywSt1brip0uNPV5wNV5
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\java-rmi.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\klist.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\7-Zip\7zG.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\rmiregistry.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\7-Zip\7z.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\kinit.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\pack200.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\orbd.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\javaw.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\servertool.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmic.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\java-rmi.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\keytool.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\policytool.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmid.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\misc.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\servertool.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\rmid.exe 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2764 60acf6842cd5d49537811c93456822040aed1e0ee2feefdfdf8c4a60ea194730.exe