e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
Size

16KB
MD5

e602c30a561877fa43235ba9694ba45e
SHA1

58d64a83cb4f2ddaf21dc3109c6a261d44ed1474
SHA256

e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96
SHA512

a52c9a848b58697faa1b050c341c7b24c81a6d4cbc7ce1334b78abd8c1ea4ed7825f306826edfdcdb65f466dd2c6b1193bf25ce552cd5861d70b06b70d5f5df6
SSDEEP

384:obMxQ5QrXIt0H7tvm/jAc67vn7OeNhWvKLWgZ69G:KQDtmkcYPldZ4G

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 54 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dpnsvr.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\fontview.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\perfmon.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\regedt32.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\WPDShextAutoplay.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\at.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\convert.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\cttunesvr.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\explorer.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\secinit.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\efsui.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\raserver.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\runonce.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\systray.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\tracerpt.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\autochk.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\charmap.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\dcomcnfg.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\ntprint.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\TsWpfWrp.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\wuapp.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\mspaint.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\tzutil.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\MRINFO.EXE	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\SearchFilterHost.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\cleanmgr.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\TapiUnattend.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\where.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\bitsadmin.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\reg.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\SetIEInstalledDate.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\InfDefaultInstall.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\LocationNotifications.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\TCPSVCS.EXE	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\winrshost.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\powercfg.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\setup16.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\TSTheme.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\dialer.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\extrac32.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\mtstocom.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\control.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\icacls.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\ieUnatt.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\netiougc.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\ReAgentc.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\findstr.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\dvdplay.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\mountvol.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\replace.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\msdt.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\SysWOW64\wecutil.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\HelpPane.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\hh.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
File opened for modification	C:\Windows\splwow64.exe	e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe

C:\Users\Admin\AppData\Local\Temp\e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe
"C:\Users\Admin\AppData\Local\Temp\e6b502871398f338bbbc510bbe59cedf62098e4e717d7e4577390f7341788d96.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:944

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads