5d22fd0a6285ab8fd8495fd1ada1d0851305017c599b65df9170aa304358a08b

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/03/2023, 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d22fd0a6285ab8fd8495fd1ada1d0851305017c599b65df9170aa304358a08b.exe
Size

912KB
MD5

35772214b83f4f4efbf18cadef1ec978
SHA1

c5bde7f53ed20ff04f7d47809122dde1d83a28d5
SHA256

5d22fd0a6285ab8fd8495fd1ada1d0851305017c599b65df9170aa304358a08b
SHA512

fe5df4f1f2cba3ec1642ade23316dd561a03dbf7a081e1d5675d47e8672d8017896a9de0f2ab8393330f988eeac9a083d33e021db95329659237dc9e841eda54
SSDEEP

12288:qdEouXwpvO5J4f2cGF2BEiJ5oMBr3+rBuoWqnNsrxaEPvNnxviZA:qqFXwpvGJ82cK2KcuBuoW3rxaElxviZA

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{71AE144A-FE8D-41B5-9EE6-84CA9B74500F}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{51322B66-1971-48C9-BFC7-E89ACEDE4940}.catalogItem	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4300	5d22fd0a6285ab8fd8495fd1ada1d0851305017c599b65df9170aa304358a08b.exe
4300	5d22fd0a6285ab8fd8495fd1ada1d0851305017c599b65df9170aa304358a08b.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\5d22fd0a6285ab8fd8495fd1ada1d0851305017c599b65df9170aa304358a08b.exe
"C:\Users\Admin\AppData\Local\Temp\5d22fd0a6285ab8fd8495fd1ada1d0851305017c599b65df9170aa304358a08b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4300

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4048

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsu26D5.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsuD074.tmp

Filesize
36KB

MD5
761388ca8095173f6963b1d23ad8a68b

SHA1
41e2693d0efc36cb0b97ea215d554932c46464ab

SHA256
369a2323cb569b44970884d5af3d70e38c9cfb59a54d929fabb51ba46593aa06

SHA512
2db4576927b4325dc51ce1755d55b00f7153a10424ca79fb7f32f8c92a5dec899c3961b44a15a129f1e5234b53a89c8946192703b88b10e70e86670e5831ebdf

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
7defb1030805ed877c72cd271784c17b

SHA1
c41da71a4d8a7fd6f1a2e67f2c03d62257339473

SHA256
71d88c2d39d802400a407c9afc459f98971e524e8b1458e365149216e02ecea7

SHA512
dd4446f6aded4f0791b1cf2b44b09a47d9b3f603a9357f517f7ae93fd5e4c3d52bec2dc34debe807e616c223bdfe6ddec6b280599c0ab3fc5db0e791af6b5f12

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
4238bf3aa9c6f1faeccafc0e411cdfbc

SHA1
53065e279bc3f6dbaf13781691f4395e45390bcf

SHA256
f40a936d7701004584244f1bb97e3b2874e6cbd542c12371071bf3b76139a36b

SHA512
9cf3826376d85ed92b64086f5d5b1518d35144c973dd23cc429662177c3df3a4a780d54585b360e69f4fc641d6831cec138d376f81f35758e8bf0122f69e327e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
d90cdb508535d2ec58aaf331f4250fe9

SHA1
74e6a6dfebb699cd4ed25f4c9170fd451d6499eb

SHA256
a5beb5dac687608183f4e40ac1f9b1ede08bf27b4c6753d716a0cde2ed1c28d5

SHA512
2657a07d8fbf36baf9c1532ce4cb57f8c8063558971a36fdcf2dae370caeecf945c4e9c7315fa2039034e9a727dca9db4bb6fd54a9554f54d0222150358c5c9f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
84b5923e5d1b8ac214914600b0a41147

SHA1
553946fab4dec5dfc3b4b6eed1945353854e267f

SHA256
c4e53cf28b6562c2d12bc6b325e4eb85c5cb7c9584f0ebab303094b0b7e92c93

SHA512
30370fa9fc66805fbd3c7f8e146d3d9f6072b28e912c01e3b28f39926cd8a93ea1a766ca5d707c86c4cdca79dc31221d116b3b755e3f2af699a5e95abd92087b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
7a8350b7cf09e7356968a803f1d1aa8b

SHA1
b5db27f65d1942d256d33fd2feeeac4fc2d9681d

SHA256
2853e62835e4aefeb4674854bc7f95524c42dfb8745a4b58cc104fcbb6f3cc7f

SHA512
d678b0692d537033f45ecd4fd4e2eca38a9b89e2821bf2fe3785b4077bc4b7358daf7627c8497d90c3f920daab1188ef8e5f34054c19371a9ee597b978a8e46f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
32313264e62d6b801b55066652d2ba5f

SHA1
ab8bd93b14460a8997e127c5c480949b925ea3ec

SHA256
716c593a9f7804079d039ffd25225a285eb3c043acb4b97f0ab24a9be13643d1

SHA512
ec154470b57c48135de2256ded0802dabff0e569ae946f006c41e08e7716d92bef264918a65bd18c42e665ac54a1972e76f1be2a77be4e783dbe62a3830adea1

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
b766cbd9e1db09de864b9699ceeb8754

SHA1
6f527c97da302a14d83c39cd085024b97e0232fd

SHA256
fb5639515f897bc62a5c95efe8d73c2441991b9ef0b0d40ee776f728a91c4859

SHA512
1dda09365ad826a95ce527cc6771717724c4f860274fb9f9ba29e87b24730282d9785506b334253d44dfd7254e8e2005ebc0a754f1045401ee9f8781ffba9999

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
3ced1336c9c2785a4c2a159505e49e1c

SHA1
1b368bfc43eca2e187ba0267aef814e420120789

SHA256
368bd87029a2140edb87360e34d68742b2124e58a0ffd9535df7f6acb9d6192f

SHA512
8d05bda5fe862dfa3e323fe2ce09258aa7e4e1eae6fc023923d7b233c0e22ae9dc01070e9339c272007d490036fb43de70b9547006ea820d3ca7f729273f63bc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
e0201df8dbb37fb658233bc0679b46d4

SHA1
0093abbef17a98ec0a6f88744850c0bc1d11d7db

SHA256
f1be34a92ed1a584e973df09bc21e5d448625e97f3a58c7bedf5e7cdda79ad22

SHA512
41589d3a662a4f328345668ac92b8b387235b472066dbf02add4bfd277fd4ac6ef44e2945a79e91120b8e3807846bdf9fe0b3b73980d8ca19738afef47639e94

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
607ce1842d10b1f6da36b57d6fc892be

SHA1
3c49c44344bff5ff02a12864c46e0491a71f3d29

SHA256
e4f173f0ee1cce669f0e216e580521a91f901aa3395ce1437a50e6b8e0a0eaea

SHA512
8ef947d5813be291a5b290904651129550324bc8ccba880283ef609239e5e800536a17f138b5f0fa1c0a1ebc24e3fafa597224cad61b851cbb2d2d7c7f9e73b6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
d349e5b52b188879e851286b22254a83

SHA1
c2ce03d53d4a4077cc3141d2d837d98c96df70d3

SHA256
5e6a0a72a210586c4aaca5c0aeaf667f0551a51de9eff82456cc311d3c9dbd6d

SHA512
d2187016ec92588c0bbaed39277f610274d9f54d0275c7d10db8ff79f4debfb330670bc04e2fb579a6d2342beec9166b8ba3d063490a350dfb18afb1ab632c0c

Download Submit