917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a

Analysis

max time kernel
152s
max time network
47s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 02:43

Target

917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
Size

167KB
MD5

22305d9182ff93fa264af4a149e313a4
SHA1

573de59562d5651b1983b3ae0bb4f4017aca186f
SHA256

917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a
SHA512

e05f44e06c62adba7887100e52d1ff10c85ad063790899568794ed9cfe8b89f581338899a3a41927e30a7f76b4b45a2028d98836e361cbf76dbc72aab6f813cd
SSDEEP

3072:r1MS//RqkHiimZ/nfrkzgRjtldxIFKBC+:SeRq66DkcjdcKT

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
944	NETBIOS.EXE

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\$RECYCLE.BIN\S-1-5-21-3385717845-2518323428-350143044-1000\DESKTOP.INI	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\$RECYCLE.BIN\S-1-5-21-3385717845-2518323428-350143044-1000\DESKTOP.INI	NETBIOS.EXE

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\SysWOW64\NETBIOS.EXE	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\WINDOWS\SysWOW64\sysl0gon.exe	NETBIOS.EXE
File opened for modification	C:\WINDOWS\SysWOW64\sys9751.tmp	NETBIOS.EXE
File opened for modification	C:\WINDOWS\SysWOW64\sysl0gon.exe	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\WINDOWS\SysWOW64\sys92BF.tmp	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File created	C:\WINDOWS\SysWOW64\netbios.exe	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\WINDOWS\SysWOW64\netbios.exe	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe

C:\Windows\SysWOW64\netbios.exe

Filesize
175KB

MD5
e333da0c55f0d219767b512dd7e27c26

SHA1
2bfdc9e6f69febd75c00aef8c79cf389cea5c7d2

SHA256
94dad27bbee0ef22c54ca524315209949caddd195b0fbf5a845e6f92c87474d6

SHA512
2897e83d074256778eef59e59e65b7cd9b3aca5f61b8db5118a6fde0b31ff174fae6af082d0910e7ccbc17f0c24639361a359edc1d01cca2e5a96bd4c9320c18

Download Submit
memory/944-58-0x0000000000400000-0x000000000042AF54-memory.dmp

Filesize
171KB

Download
memory/1640-54-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download
memory/1640-55-0x0000000000400000-0x0000000000428F54-memory.dmp

Filesize
163KB

Download