d55e86610dcad29c3d2857d9dae91aa51228b1fa001ea2d7bda88b9a2b5570a9

Analysis

max time kernel
120s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-03-2023 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gvq1.exe
Size

4KB
MD5

f328a95046e3a2514c36347eaec911c0
SHA1

8ec9c18384ca1e08a397bf7b3d46b6d784669ef0
SHA256

d55e86610dcad29c3d2857d9dae91aa51228b1fa001ea2d7bda88b9a2b5570a9
SHA512

2fc3621433c5da3dcb5b9d9133cd9d63d8f53fd60c81ddab8b83bad60efb98942fc38a63dfa98edfc8358c8e4e345a7ec8fa3aa14c18d4337cdd90ea0aed4718
SSDEEP

48:65uxic/UNMSAjItYiA254tdqlkCuFCpfbNtm:cc9jItYbaC+zNt

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 6 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6997E408-D4C0-45C5-8DD9-EF275BA8488B}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{0D162199-1006-4BD8-90DC-31E4EAEA86C4}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat	svchost.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\gvq1.exe
"C:\Users\Admin\AppData\Local\Temp\gvq1.exe"
1⤵
PID:4572

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:1932

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsuB7FA.tmp
Filesize
36KB

MD5
761388ca8095173f6963b1d23ad8a68b

SHA1
41e2693d0efc36cb0b97ea215d554932c46464ab

SHA256
369a2323cb569b44970884d5af3d70e38c9cfb59a54d929fabb51ba46593aa06

SHA512
2db4576927b4325dc51ce1755d55b00f7153a10424ca79fb7f32f8c92a5dec899c3961b44a15a129f1e5234b53a89c8946192703b88b10e70e86670e5831ebdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsuBC83.tmp
Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
b375c0019827e70634f149c3172bde13

SHA1
d0eccb2645f050499582bd98c90ac898671d4215

SHA256
0636c88f5989487b298cc5dc1294962ba77e2e850007481b286fc23077a9e77c

SHA512
2f30a0bd28c1fab3744159a4988c608c73485d6a4b42aa91808e3f55ea989e74f6e05a4d04d885d17cfecb7fbf60a5ec37024be977f342d670ea33633b7611c9

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
978041be4cb1f87eaf8a6c8468cd9106

SHA1
52ea353fa6d6f9fe309287b15439cf781d2ed38d

SHA256
cd32c6e42dc05eee46be8121e86f786f0f45b606c057d761d20774fb0057fe72

SHA512
11e7335db85abf4e001fe48ebc747755ad167750d33848a2ce2b26a30d07b7bf84efc0b03fb1f33190930595f187f5eca2938107779be30ccf49d5217026e0bf

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
604b8972a8311fb622364a046cee29bc

SHA1
0ab2b400ed58b0aba2fe45e44cb8ce6c489956a6

SHA256
2b06f5157398ac93b72c1aed00ceef4347af0e65a94fa55beab0b3ad5e4eae44

SHA512
ed6079bcc87071f9989a1989a95bd66c5faf2130e81305e076c42ce977bf8ec7e109682c6e6782f27de988ee037896713f69370c5bac4b61652aeb4bc3fa4d03

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
11146acf5c20fc3421c98001d2e8ad0c

SHA1
b7d94b422d26cb833090cb4ba9425de1d09f55df

SHA256
affa2a506b9fc92b31dbfd6bee9e49584561900dc828d204c3d354e89eff7238

SHA512
a743e470f3be5ca91d86c33940f2f704af99f359a47a4cdd66402693538101f29c4e7a1bd59c00a1478cc49e390696467f6bfda72d4c3c13dec40f7be3c600e6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
202d2d91aa237f57425b18d4bd12126c

SHA1
f78afa9814a6ac452ba31006da34cc0c329ceed9

SHA256
d37948e5034b274630c7d4ffed817d3b42f83db1dcbfc10cf767283bbd4bec26

SHA512
cd7a83deb3347b8ca0c58fc8d062a312ef90c30457ce0e7622a19452fd016eea2fff225cedf6859e7fb60bd622f92fb20ef90f64f63c6c6b0edf2823f807818b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
a30b7cb9230de27fd1a651b7fb13ff17

SHA1
4fc6004bd38b1c01b8935c8cbc8d87216caa14c2

SHA256
f78c3deac0bd16c8565953b298c01aa2c93daec5229111033731289fca1f8302

SHA512
81c5a8b4b612b80ff8e583175cc0c60f565bb8d7ab275264701cdb9b360ed213204bba6d1114bc02d4691218b258ca68b33601db22fb69a98e16e86effb91d89

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
5b396da9fc07fb1b5ae5221590fa2cfb

SHA1
09aa06547d7f4fbb98c4dc40c26d7d0d1b74f748

SHA256
34e603ddb34ce1a8da99c21371e83a3bcf1ae881f91392fef9dcc16580840aaf

SHA512
aceb52fb1026f5fe100de71e8cbe0ccc063bd7c4e62b24748549666bb39bd0f93f58d08bb5fda90b328cd99d4325947e8327c39723fc4823fdbb64d6b0188afa

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
cc9517ecbef5eb28367f56a7f20a4e41

SHA1
86b5bfc767767b6638b7065baaa1778ffee71a8f

SHA256
172bb0ee9042b6d7a25980b095907ee0b6a612d6ef1ab3014f24acb3b8fa33ca

SHA512
1188e0d604620d3408ba4ecb236dcea1d95bc78dab2dedb0e961501b2f1bd626b60655dd8b5af9286a336a884f2f420e93421a976217867c45b4e7957542ef87

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
f1dc80ad0c8069f6e74918ad110662d3

SHA1
c682ac020a4be7658f3039808a9a1de3b16b1c9c

SHA256
273068148ea38643a7c0cb0cddf1f532b3c60edaeeeadab335f4722de0d1d8c6

SHA512
039dc1a2c866fb17ed2612d41bbf5e6ea4c385a52d47ca82587f91e70e837ad5462806dd6e00ce604cbf4bb855d294f83307f0f6c60008196b1cdcc95ac34b8a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
fcbfc7f4ea8513c65c7124bff2da6679

SHA1
99840fb08cdd907d7d91ac7163b433ab41f54a4e

SHA256
11d67a1fdd9dff98d2b1a2525d48ed9ab9577687af9830197a6bcd04e38c0546

SHA512
3d055fd75dd5a9eb1e35bc7943b11b0fed8c3887a2858c34b7c99024c6bdff5eec8ef169b43c136d5645202532a4cbdfe0e1423be6cef7a99a51bef857bb02a0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
a586cbdef3575e531b817f4af9697545

SHA1
c0aef276541627eda2b3e680e7ec8561f8ef6619

SHA256
a87024d6526b4286fb62c3d52a20fa5d5257296b4765c4807e53b36f174370fb

SHA512
b38b7aa2a68ef55f215226a511df900414eea6bc2a93930f7605f7b63e3d41ccdcc1ec24391ce5af34c5e389355a53d553fb9181185b3c20de9ccdc50e505479

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
a5caa15effe11fc9a9e74dfd5ad7341e

SHA1
3b8ff0098999d30d81a171a3f76a6b3cfbc66a27

SHA256
a3a06d01fcb98acd12588b4f888069b14d57b29c95a1b02353eec3c47dea38b2

SHA512
ca0b4528fa6822e11a64e6e86d4657935c7cb2ae996960c332b4449b9c26f9bcad642e8e3010d53709d66004d1a761123565c7ffa3434a104835e0efacb9a7a4

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
4959459b9251d651fc4098495353a58c

SHA1
fc40aa90e56b544b69b8ea37690011ab4221fa36

SHA256
0b53c8f211918223535be6826a7751378a9fc62e406b336d4028494648242181

SHA512
fd5d833359e5c39077e5ec4d8c5cf90e26657bc1f38f5abe0f189fffad855c79202095590ef43314e554f44906937d73a22eb65bceb6a5a43e66e3ce3ffa863f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
23325b2fac7e1e93b2396ae5b104f4c1

SHA1
5c540ab6a787331358b4f2933bb7999b674fe329

SHA256
9d88be53074329ed09f9cc511170ba27fb5e7cbee0e092f3eca06ba0802770c9

SHA512
87352335b4755fc3aff67dc417247dfaf1aac535821079e527a76251f3e8b456e2f7feba0cb721adde7b07c944e4b2c0465cac92c6744984799761dc002bb29c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat
Filesize
66KB

MD5
36c9c3cc791a62eb86d5f750e9dbc8ae

SHA1
0bf9ada77da436860ba6139b64fd5a75d581ef78

SHA256
f8aa4cf65117cfcafcc2093142caf5f8342d06f4ed8f289e14755d6263195191

SHA512
4ccdf9a87bdea247d04a5b324c54fa32a8941bebb4f362132510ece691fd94d09ee98d1a23e10e10a09f77353b9e981de4d12f27b5e4d21625f3ee79ce911f9a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat
Filesize
66KB

MD5
248f33d5981c47585449bc025b2fe25d

SHA1
968b8b15afd81ca7d1b1041167a00fbfd9e9fca4

SHA256
f145a6dfa622f16ecb990ccfcd4aaaf741a3e76543605715a9bfe14ebb4b1265

SHA512
1d7342b471c8777523d46fd15ccd930a5080ff640927f8ac5dd6c71644e4684edb909403f017c9775535b41e599db0f1da51c920a2f746214cec53bd7186b7d8

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat
Filesize
66KB

MD5
38e8983203fe5fb1d521a88d378874a0

SHA1
266e727d5dd49b99f22f1a16f1e579fd10e718c8

SHA256
a01cba6c5d3cb47ae3773786feeb5a098c3c63f0877129c927ddfd74333ea124

SHA512
d40eca7e16aaaf13663b3bf69ae507e7f58a8fc9fc8c44b6addb13f37f8482003595150e7d4ca00665f13b91aba4fb68860bd482cb97a974d2921ef0c60b1054

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat
Filesize
66KB

MD5
85b484ea555dbac9dabe7ecf78873a0f

SHA1
b8b0a7ec6dd9bc22a26656cfd7e071ba13fda075

SHA256
3f77b46486a40f60a9d63dc8a8b40c609b7a6e57a23e33f3be9f803d47395388

SHA512
da80aac0ec2b0d9b69e254c45159a8741baee65cc78bfa471ff8f5a8385f2f2bdc386a4a7ec3ac88a205be76ad4d1a3f6b1bbcca2a59c40cda84dc9cb787732f

Download Submit
memory/4572-133-0x00000000000A0000-0x00000000000A8000-memory.dmp

Filesize
32KB

Download