917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a

Analysis

max time kernel
205s
max time network
217s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
Size

167KB
MD5

22305d9182ff93fa264af4a149e313a4
SHA1

573de59562d5651b1983b3ae0bb4f4017aca186f
SHA256

917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a
SHA512

e05f44e06c62adba7887100e52d1ff10c85ad063790899568794ed9cfe8b89f581338899a3a41927e30a7f76b4b45a2028d98836e361cbf76dbc72aab6f813cd
SSDEEP

3072:r1MS//RqkHiimZ/nfrkzgRjtldxIFKBC+:SeRq66DkcjdcKT

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4688	NETBIOS.EXE

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\$RECYCLE.BIN\S-1-5-21-2295526160-1155304984-640977766-1000\DESKTOP.INI	NETBIOS.EXE
File opened for modification	C:\$RECYCLE.BIN\S-1-5-21-2295526160-1155304984-640977766-1000\DESKTOP.INI	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\SysWOW64\sysl0gon.exe	NETBIOS.EXE
File opened for modification	C:\WINDOWS\SysWOW64\sys6F15.tmp	NETBIOS.EXE
File opened for modification	C:\WINDOWS\SysWOW64\sysl0gon.exe	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\WINDOWS\SysWOW64\sys6E0C.tmp	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File created	C:\WINDOWS\SysWOW64\netbios.exe	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\WINDOWS\SysWOW64\netbios.exe	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\WINDOWS\SysWOW64\NETBIOS.EXE	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BR.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\7ZG.EXE	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7ZG.EXE	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\DESCRIPT.ION	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AF.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AN.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\CY.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7-ZIP32.DLL	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BE.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7Z.SFX	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BR.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BA.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\EL.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BG.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\EO.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AF.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\7ZCON.SFX	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7ZFM.EXE	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AST.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BA.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\CS.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7-ZIP.DLL	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BG.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\DA.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\EN.TTT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7-ZIP.CHM	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7ZCON.SFX	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\7ZFM.EXE	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\DESCRIPT.ION	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AN.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BE.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\CA.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\ES.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\7-ZIP.CHM	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\ET.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\7Z.SFX	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AR.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AZ.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\CO.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\DA.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\ET.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7Z.EXE	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\DE.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\EL.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AZ.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\HISTORY.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AR.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\EN.TTT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\7Z.DLL	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\7Z.DLL	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\CO.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\DE.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\7-ZIP.DLL	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\CA.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BN.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\HISTORY.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\CS.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\CY.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\ES.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7Z.EXE	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\AST.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\BN.TXT	NETBIOS.EXE
File opened for modification	C:\PROGRAM FILES\7-ZIP\LANG\EO.TXT	917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
File opened for modification	C:\PROGRAM FILES\7-ZIP\7-ZIP32.DLL	NETBIOS.EXE

C:\Users\Admin\AppData\Local\Temp\917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe
"C:\Users\Admin\AppData\Local\Temp\917ea41b144f45b6bd90ec28298a7f2de5741016b70625ac5c6b0f6abdf3092a.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
PID:3840

C:\WINDOWS\SysWOW64\NETBIOS.EXE
C:\WINDOWS\SysWOW64\NETBIOS.EXE
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
PID:4688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\WINDOWS\SysWOW64\NETBIOS.EXE

Filesize
175KB

MD5
92df7b39bbec2941cf9151d83b21e421

SHA1
86d0eb6682717fc49a7c260d7d5da26adb8b492d

SHA256
344c3d0a810f6044c264ec09fa26ebcc8e42a7d1a3fcec3c277d1ce5850420ba

SHA512
daa5fcc3205319e685d630354237a675f1dbef9a93210e9e50bd6eba56e84b76d149fbbff996b5d1a036bda63ccd0b83d33b4f461e141214d175f33a9c5cae9d

Download Submit
C:\Windows\SysWOW64\netbios.exe

Filesize
175KB

MD5
92df7b39bbec2941cf9151d83b21e421

SHA1
86d0eb6682717fc49a7c260d7d5da26adb8b492d

SHA256
344c3d0a810f6044c264ec09fa26ebcc8e42a7d1a3fcec3c277d1ce5850420ba

SHA512
daa5fcc3205319e685d630354237a675f1dbef9a93210e9e50bd6eba56e84b76d149fbbff996b5d1a036bda63ccd0b83d33b4f461e141214d175f33a9c5cae9d

Download Submit
memory/3840-132-0x0000000000400000-0x0000000000428F54-memory.dmp

Filesize
163KB

Download
memory/3840-136-0x0000000000400000-0x0000000000428F54-memory.dmp

Filesize
163KB

Download
memory/4688-135-0x0000000000400000-0x000000000042AF54-memory.dmp

Filesize
171KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads