f3179c84d96bacec06f48367a24f3d3acdba463c93bd1103832403b39f4bcf99

Analysis

max time kernel
135s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 09:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TELDAT_EntryCl_Win_230_146.exe
Size

28.4MB
MD5

3e19807e762d51398a30b73fcc301e1d
SHA1

ed05dff46d0b6b87152abf0f906d1bdd08bb6ffd
SHA256

f3179c84d96bacec06f48367a24f3d3acdba463c93bd1103832403b39f4bcf99
SHA512

d0a18db1a113160aa72bb04210ae16d5533873317d29cf8d18b69b907c81a98b175042800b5b73f44d7dd78e5bdfb9457b566c71c26725ca013d4a2cac58d754
SSDEEP

786432:fuSDoRf9mHLCWWgdWThWl61DA6bNAtj/OOz:f7sB9ILx7dYhu6dA6bu5/OOz

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 36 IoCs

pid	Process
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe
3040	TELDAT_EntryCl_Win_230_146.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctoBF87.tmp	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\ObjC0C4.tmp	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ispB619.tmp\Setup.dll	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ispB6E7.tmp\iGdi.dll	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iusBFF7.tmp	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsPC084.tmp	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKeBF47.tmp	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotBF67.tmp	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctoBF87.tmp	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscBFA7.tmp	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iusBFF7.tmp	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ispB619.tmp\temp.000	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ispB6E7.tmp\temp.000	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKeBF47.tmp	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotBF67.tmp	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscBFA7.tmp	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsPC084.tmp	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb	TELDAT_EntryCl_Win_230_146.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\iKernel.rgs	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\iKernel.rgs	TELDAT_EntryCl_Win_230_146.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\ObjC0C4.tmp	TELDAT_EntryCl_Win_230_146.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}\ProxyStubClsid32\ = "{F4817E4B-04B6-11D3-8862-00C04F72F303}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17773851-7FF4-44C1-B084-1E1EDB2BFD4D}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}\TypeLib\Version = "1.0"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C5C8B37-CCB7-11D5-ABEC-00B0D0238DF5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E156322-57D4-448B-BAB4-35DC0C7ADF53}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00345390-4F77-11D3-A908-00105A088FAC}\ProxyStubClsid32	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1AE441C6-2C13-49CE-909A-57A81F74F38E}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}\ = "ISetupCABFiles"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6FFDEFD7-3EC4-4E5A-9EFC-AD04E14A9934}	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}\TypeLib\Version = "1.0"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00A0DBE3-B12E-4DC3-8C27-4197CA4DF76B}	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9D1BC05A-7056-458F-B605-A6298C8BD4B1}	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}\ = "ISetupRegistry2"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5469EE67-1493-402F-8E2C-99936C9E4983}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0E67BBC9-18CB-4B22-BACD-687CDF6387B6}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1ABEE7-FEDB-45AF-A01B-0B4DE6887573}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}\TypeLib	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A74C06E4-12DF-4060-9AA7-83CFAA66D604}\ = "ISetupCABFile4"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}\ProxyStubClsid32	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E156322-57D4-448B-BAB4-35DC0C7ADF53}\TypeLib	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E156322-57D4-448B-BAB4-35DC0C7ADF53}\ = "ISetupCABFileMsi"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4143914-2238-40F8-A74C-67C4B8ACB27A}\TypeLib\Version = "1.0"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}\TypeLib	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1ABEE7-FEDB-45AF-A01B-0B4DE6887573}\TypeLib\Version = "1.0"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}\TypeLib	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9D1BC05A-7056-458F-B605-A6298C8BD4B1}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}\TypeLib\Version = "1.0"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}\ProxyStubClsid32	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3CD7A86-04E4-4B47-88E8-3EE03A3DEE56}	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\TypeLib	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91CD1F51-7199-46FA-9629-9C89D2F1AE22}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}\TypeLib	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}\ProxyStubClsid32	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B12A5014-0AA8-451A-B621-F717998B0B53}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}\TypeLib\Version = "1.0"	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}\TypeLib	TELDAT_EntryCl_Win_230_146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00A0DBE3-B12E-4DC3-8C27-4197CA4DF76B}\TypeLib\Version = "1.0"	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8D5B971-D521-4113-82D6-869817B452DE}\ProxyStubClsid32	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}\ProxyStubClsid32	TELDAT_EntryCl_Win_230_146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9D1BC05A-7056-458F-B605-A6298C8BD4B1}	TELDAT_EntryCl_Win_230_146.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 3040	5076	TELDAT_EntryCl_Win_230_146.exe	83
PID 5076 wrote to memory of 3040	5076	TELDAT_EntryCl_Win_230_146.exe	83
PID 5076 wrote to memory of 3040	5076	TELDAT_EntryCl_Win_230_146.exe	83

C:\Users\Admin\AppData\Local\Temp\TELDAT_EntryCl_Win_230_146.exe
"C:\Users\Admin\AppData\Local\Temp\TELDAT_EntryCl_Win_230_146.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Users\Admin\AppData\Local\Temp\TELDAT_EntryCl_Win_230_146.exe
  -deleter
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  PID:3040

Network

DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

64.13.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.13.109.52.in-addr.arpa

IN PTR

Response

93.184.220.29:80

322 B
7
40.125.122.176:443

260 B
5
20.189.173.12:443

322 B
7
8.238.20.126:80

322 B
7
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
131.253.33.203:80

322 B
7
40.125.122.176:443

260 B
5
209.197.3.8:80

322 B
7
40.125.122.176:443

260 B
5
40.125.122.176:443

260 B
5
40.125.122.176:443

260 B
5
40.125.122.176:443

260 B
5

8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

64.13.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

64.13.109.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe

Filesize
5KB

MD5
d54d4fc54f1fbab076e6a1fc754d8352

SHA1
a3bcebe0e3acae9d9112f8f9eccc2ec445a2f3f4

SHA256
2b9a3e75b7b1fd385f13c1d7764e39e0783f6607feb5cd77ad5741fed741e0d3

SHA512
da86ab1ab4c1e63991ce4cb5c515f8407008587d49179af1fbe3e46b015d112a6180bc86f049171c8348651890ceea2ad6c588dd76f924b62ce1b78ae97a12eb

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

Filesize
304KB

MD5
b438fa73acd654fea5cef199c848d2da

SHA1
f15dbcc9057c796aa39d1bcd76979272c3d34e36

SHA256
ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

SHA512
c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

Filesize
304KB

MD5
b438fa73acd654fea5cef199c848d2da

SHA1
f15dbcc9057c796aa39d1bcd76979272c3d34e36

SHA256
ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

SHA512
c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

Filesize
304KB

MD5
b438fa73acd654fea5cef199c848d2da

SHA1
f15dbcc9057c796aa39d1bcd76979272c3d34e36

SHA256
ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

SHA512
c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

Filesize
304KB

MD5
b438fa73acd654fea5cef199c848d2da

SHA1
f15dbcc9057c796aa39d1bcd76979272c3d34e36

SHA256
ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

SHA512
c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

Filesize
68KB

MD5
4dd218f71e2e374b72dc54ea69b2cccb

SHA1
6b2d1ca56c95f1872b577bbc5e860d83ea11d7f8

SHA256
14aa51181c15d8b1deafc5272dbdb592f0df20a225f533bc891a9bb28fdf3dc4

SHA512
03b2f28eb260ba257d2b5191ac3d2f81e117d87b0cf1e351d13fc7e8cd1cb6e51c5a19303634621e8f73c58e851a0e1c09ae66c1ad7de7869a3bc47996870764

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

Filesize
68KB

MD5
4dd218f71e2e374b72dc54ea69b2cccb

SHA1
6b2d1ca56c95f1872b577bbc5e860d83ea11d7f8

SHA256
14aa51181c15d8b1deafc5272dbdb592f0df20a225f533bc891a9bb28fdf3dc4

SHA512
03b2f28eb260ba257d2b5191ac3d2f81e117d87b0cf1e351d13fc7e8cd1cb6e51c5a19303634621e8f73c58e851a0e1c09ae66c1ad7de7869a3bc47996870764

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

Filesize
68KB

MD5
4dd218f71e2e374b72dc54ea69b2cccb

SHA1
6b2d1ca56c95f1872b577bbc5e860d83ea11d7f8

SHA256
14aa51181c15d8b1deafc5272dbdb592f0df20a225f533bc891a9bb28fdf3dc4

SHA512
03b2f28eb260ba257d2b5191ac3d2f81e117d87b0cf1e351d13fc7e8cd1cb6e51c5a19303634621e8f73c58e851a0e1c09ae66c1ad7de7869a3bc47996870764

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

Filesize
180KB

MD5
8ad3694ed719c2a58c0c4e865d244ac2

SHA1
dea792ffb0caca892c7cb415ce2b1f235a7e36e0

SHA256
931d1dbd0e07e457cc733a464c27259fd9d925ee93695ccd6a6c99efe3a92a7e

SHA512
f23b60bcd945f69513e82f41241b631b017803ce60595489327cc2503049cb68c0e09a30a2e41d50c4bec6cff87acb608debde30463a303a3898a0f9dc68bd5e

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

Filesize
180KB

MD5
8ad3694ed719c2a58c0c4e865d244ac2

SHA1
dea792ffb0caca892c7cb415ce2b1f235a7e36e0

SHA256
931d1dbd0e07e457cc733a464c27259fd9d925ee93695ccd6a6c99efe3a92a7e

SHA512
f23b60bcd945f69513e82f41241b631b017803ce60595489327cc2503049cb68c0e09a30a2e41d50c4bec6cff87acb608debde30463a303a3898a0f9dc68bd5e

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

Filesize
180KB

MD5
8ad3694ed719c2a58c0c4e865d244ac2

SHA1
dea792ffb0caca892c7cb415ce2b1f235a7e36e0

SHA256
931d1dbd0e07e457cc733a464c27259fd9d925ee93695ccd6a6c99efe3a92a7e

SHA512
f23b60bcd945f69513e82f41241b631b017803ce60595489327cc2503049cb68c0e09a30a2e41d50c4bec6cff87acb608debde30463a303a3898a0f9dc68bd5e

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll

Filesize
708KB

MD5
6c5249a68c2b40f971e152ced8ac5de9

SHA1
64d7a6397b1b31e731cecfd32dc0b1ee31bd9c93

SHA256
1b18eea064a285fcd3431c328e54e59608f2690a82cb29535365d6232efd4f91

SHA512
c59daef7e6e0d3687ea4085bc31c8ff8c6d26f289a6a8730f0363e93e2e0a6ca339093fab734ca5d57f4f43a179a0b6d4e7b5b0580399f9b7f6caa4268316446

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll

Filesize
708KB

MD5
6c5249a68c2b40f971e152ced8ac5de9

SHA1
64d7a6397b1b31e731cecfd32dc0b1ee31bd9c93

SHA256
1b18eea064a285fcd3431c328e54e59608f2690a82cb29535365d6232efd4f91

SHA512
c59daef7e6e0d3687ea4085bc31c8ff8c6d26f289a6a8730f0363e93e2e0a6ca339093fab734ca5d57f4f43a179a0b6d4e7b5b0580399f9b7f6caa4268316446

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll

Filesize
708KB

MD5
6c5249a68c2b40f971e152ced8ac5de9

SHA1
64d7a6397b1b31e731cecfd32dc0b1ee31bd9c93

SHA256
1b18eea064a285fcd3431c328e54e59608f2690a82cb29535365d6232efd4f91

SHA512
c59daef7e6e0d3687ea4085bc31c8ff8c6d26f289a6a8730f0363e93e2e0a6ca339093fab734ca5d57f4f43a179a0b6d4e7b5b0580399f9b7f6caa4268316446

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll

Filesize
260KB

MD5
31af9f68da4cd10953bc7390bb73e3cb

SHA1
2011c015abaff738e8ac13df440af30d1c2b3d49

SHA256
23edc672e1d7d235137a7db96683ea351584ae088f6e819bdbecf33fc63d0b6e

SHA512
1c051df7fc47b2a66b1d79979c317694cf350666fd5357451659348704383516e18fdd147f78696876f47f8040438ad61b7f1e761244483bb1c00813a3edc5d4

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll

Filesize
260KB

MD5
31af9f68da4cd10953bc7390bb73e3cb

SHA1
2011c015abaff738e8ac13df440af30d1c2b3d49

SHA256
23edc672e1d7d235137a7db96683ea351584ae088f6e819bdbecf33fc63d0b6e

SHA512
1c051df7fc47b2a66b1d79979c317694cf350666fd5357451659348704383516e18fdd147f78696876f47f8040438ad61b7f1e761244483bb1c00813a3edc5d4

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll

Filesize
260KB

MD5
31af9f68da4cd10953bc7390bb73e3cb

SHA1
2011c015abaff738e8ac13df440af30d1c2b3d49

SHA256
23edc672e1d7d235137a7db96683ea351584ae088f6e819bdbecf33fc63d0b6e

SHA512
1c051df7fc47b2a66b1d79979c317694cf350666fd5357451659348704383516e18fdd147f78696876f47f8040438ad61b7f1e761244483bb1c00813a3edc5d4

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll

Filesize
188KB

MD5
8d0a0a1161851d65d43498978a9b257d

SHA1
8e063d6754dadd9f4af6693dbe3fced7a5693917

SHA256
fba1fc97678eb080c4ffb23777450da41e8645c1b76f44b6c4b7172155a27552

SHA512
b9099f531f05bdfba8c473ad6cb62e94eab1fbfa07dd3792f32c412df527ee698994231784b2f6937b85177bd5f99fe56c3f45a025c7731ebcbba2d84194db17

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll

Filesize
188KB

MD5
8d0a0a1161851d65d43498978a9b257d

SHA1
8e063d6754dadd9f4af6693dbe3fced7a5693917

SHA256
fba1fc97678eb080c4ffb23777450da41e8645c1b76f44b6c4b7172155a27552

SHA512
b9099f531f05bdfba8c473ad6cb62e94eab1fbfa07dd3792f32c412df527ee698994231784b2f6937b85177bd5f99fe56c3f45a025c7731ebcbba2d84194db17

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll

Filesize
188KB

MD5
8d0a0a1161851d65d43498978a9b257d

SHA1
8e063d6754dadd9f4af6693dbe3fced7a5693917

SHA256
fba1fc97678eb080c4ffb23777450da41e8645c1b76f44b6c4b7172155a27552

SHA512
b9099f531f05bdfba8c473ad6cb62e94eab1fbfa07dd3792f32c412df527ee698994231784b2f6937b85177bd5f99fe56c3f45a025c7731ebcbba2d84194db17

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsPC084.tmp

Filesize
100KB

MD5
3457dcc17c0408dc4257635b904676db

SHA1
f62b5874cfa4d9ea0c05c0943b8258729b7cb419

SHA256
a470ade7c3d5ed57a88842f7e783fd519db4e364ef70cf7f160ffc6b207631e8

SHA512
49f1898ee5f42026fcdcc200d48e9ceac23ea6c3387b703ab0079b3b37ce47dfa028dcd330f51c9df36b5602ed1e09092d54abe6d0271c4be1d71beaedee2d9c

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

Filesize
32KB

MD5
344fa3082534503bcf3e34e7ddd06bd2

SHA1
7681ba15f5908400fb7a7bc8729ac54261e81c9a

SHA256
3adbfa58816d351cc58ab568ade9f1bcbc5b4c1edce8b7ef11e425424aceec37

SHA512
1dd6a54a053890ac3e80adeeb95eb398a501f56bcea0bfbca3dc8ea217c49ebd0dd164e6526a7a1722c956540689cb65e098a497a6a39b53eb0a6a1c19f1f55b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

Filesize
32KB

MD5
344fa3082534503bcf3e34e7ddd06bd2

SHA1
7681ba15f5908400fb7a7bc8729ac54261e81c9a

SHA256
3adbfa58816d351cc58ab568ade9f1bcbc5b4c1edce8b7ef11e425424aceec37

SHA512
1dd6a54a053890ac3e80adeeb95eb398a501f56bcea0bfbca3dc8ea217c49ebd0dd164e6526a7a1722c956540689cb65e098a497a6a39b53eb0a6a1c19f1f55b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

Filesize
32KB

MD5
344fa3082534503bcf3e34e7ddd06bd2

SHA1
7681ba15f5908400fb7a7bc8729ac54261e81c9a

SHA256
3adbfa58816d351cc58ab568ade9f1bcbc5b4c1edce8b7ef11e425424aceec37

SHA512
1dd6a54a053890ac3e80adeeb95eb398a501f56bcea0bfbca3dc8ea217c49ebd0dd164e6526a7a1722c956540689cb65e098a497a6a39b53eb0a6a1c19f1f55b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

Filesize
32KB

MD5
344fa3082534503bcf3e34e7ddd06bd2

SHA1
7681ba15f5908400fb7a7bc8729ac54261e81c9a

SHA256
3adbfa58816d351cc58ab568ade9f1bcbc5b4c1edce8b7ef11e425424aceec37

SHA512
1dd6a54a053890ac3e80adeeb95eb398a501f56bcea0bfbca3dc8ea217c49ebd0dd164e6526a7a1722c956540689cb65e098a497a6a39b53eb0a6a1c19f1f55b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

Filesize
32KB

MD5
344fa3082534503bcf3e34e7ddd06bd2

SHA1
7681ba15f5908400fb7a7bc8729ac54261e81c9a

SHA256
3adbfa58816d351cc58ab568ade9f1bcbc5b4c1edce8b7ef11e425424aceec37

SHA512
1dd6a54a053890ac3e80adeeb95eb398a501f56bcea0bfbca3dc8ea217c49ebd0dd164e6526a7a1722c956540689cb65e098a497a6a39b53eb0a6a1c19f1f55b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

Filesize
32KB

MD5
344fa3082534503bcf3e34e7ddd06bd2

SHA1
7681ba15f5908400fb7a7bc8729ac54261e81c9a

SHA256
3adbfa58816d351cc58ab568ade9f1bcbc5b4c1edce8b7ef11e425424aceec37

SHA512
1dd6a54a053890ac3e80adeeb95eb398a501f56bcea0bfbca3dc8ea217c49ebd0dd164e6526a7a1722c956540689cb65e098a497a6a39b53eb0a6a1c19f1f55b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

Filesize
32KB

MD5
344fa3082534503bcf3e34e7ddd06bd2

SHA1
7681ba15f5908400fb7a7bc8729ac54261e81c9a

SHA256
3adbfa58816d351cc58ab568ade9f1bcbc5b4c1edce8b7ef11e425424aceec37

SHA512
1dd6a54a053890ac3e80adeeb95eb398a501f56bcea0bfbca3dc8ea217c49ebd0dd164e6526a7a1722c956540689cb65e098a497a6a39b53eb0a6a1c19f1f55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ISPackFiles.ini

Filesize
542B

MD5
108b571ecec7407e56ce60d5eab57301

SHA1
c0230aa9fb705914cdf43618be06e452c78ab85a

SHA256
62f794b1503a3688e10039db5f85c650f29a8b8fd189fcdc0c7a1e63ac68f2ad

SHA512
353e43b9f3fb481d5dac21fcdff765daacfb16c93d2c949aabddc62ab734bd25ec351dba1e2370817f1cd9178c9acda5788286aa97bd24a954715790739fbf6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\byeAD5C.tmp\Disk1\data1.hdr

Filesize
50KB

MD5
250084e62d1f8b279f74e9e552fa4dfc

SHA1
78645451552c2cf9f94b21b4b501e532f28531f5

SHA256
e4bdcc7643b3113303fdf09a0bc82977e081a63e34b0f5031cfe346b68214d04

SHA512
70d8ce2fb833908214ebb7ccf34f97210cfe525606b6dc4a06edd6414438c5caba7cefb793f95f30f9ae777d8ee4939ca61200c12307064f2563d0be97361711

Download Submit
C:\Users\Admin\AppData\Local\Temp\byeAD5C.tmp\Disk1\engine32.cab

Filesize
447KB

MD5
f9241c4b099a4b799a9554c3b9189685

SHA1
cb4792dc46a166bba96523eadff0beddbb19f28a

SHA256
f18223b2c44af042b6cb35720a6f808cb1f270bf176263ffb1bc60aa4813eee0

SHA512
b72aa211a9f9799d39d5332a436744061c1c287ff0c0c2e881297c1976c8bd2e954aa4cf10fe89b8a7674e0c02f5961415d06b0934f72c84ff7790b8150a6581

Download Submit
C:\Users\Admin\AppData\Local\Temp\byeAD5C.tmp\Disk1\prod.si

Filesize
65B

MD5
2987475e575700220f1f23864d9ba619

SHA1
049bdc5a71b0d0781e65b0659edeb4372ddea134

SHA256
715d92faa4faf0de1ec076ca232798af7948aedd1a02089eba4314f9cf867e6b

SHA512
8ce65484aadecd45fe00b61007c6ca1ce8c6606469cdb5f7e60555a291c7f75fdc626295b9c530f37f616745ebc27b9e91d9307f581c59c88570621a4f607ca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\byeAD5C.tmp\Disk1\setup.ibt

Filesize
436KB

MD5
ab8c05ee07c56952431963731eb82bb3

SHA1
c32334eaf5a3db1f7f65baf0e9ce12fa0f44e10a

SHA256
4b54bc15bec97d1c99071f5dd0c15b69ded8cbd100e83e06eae26951df1e11a7

SHA512
6a48bcfc22fdaeb1547778941d728c40f49ec5eec95476ea36778b0bf5a6739939816e06b3d25592404acdbda662d24bdbfab5f1d8f8454654444754d5b7b8b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\byeAD5C.tmp\Disk1\setup.ini

Filesize
495B

MD5
2a2fbcf413ab25c85cb272c11af2c45a

SHA1
fd0e33defa52a03381fa660d6272b79e2cf85b00

SHA256
ef8a52e74c3dc51c912c51694e3a955b1dea0687e29d2619720049389c86f3a9

SHA512
0730c95a135ce860170d0a87b7d1998df4ca887146a521039d6470abf03b703d8ce5fa60db3258c87593cc2fce807816367ec3e21a10efade1539b8687c9944b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ispB442.tmp\setup.dll

Filesize
304KB

MD5
b438fa73acd654fea5cef199c848d2da

SHA1
f15dbcc9057c796aa39d1bcd76979272c3d34e36

SHA256
ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

SHA512
c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ispB442.tmp\setup.dll

Filesize
304KB

MD5
b438fa73acd654fea5cef199c848d2da

SHA1
f15dbcc9057c796aa39d1bcd76979272c3d34e36

SHA256
ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

SHA512
c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ispB442.tmp\setup.dll

Filesize
304KB

MD5
b438fa73acd654fea5cef199c848d2da

SHA1
f15dbcc9057c796aa39d1bcd76979272c3d34e36

SHA256
ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

SHA512
c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ispB6E6.tmp\_Setup.dll

Filesize
372KB

MD5
23e8aa7789a60eb6851c30c6fedbf806

SHA1
7bf3d293b68d3dfa724cbfe5fce05c6a29276536

SHA256
d6b8fb12970878768f50b48e4cee016adf88f47000f4575f87b08c17d92c0c6d

SHA512
f3b35a3dcf61943d4a6efff916a84547091ef0076657dbdad55c9ffc1be9cfbab4ffa820a83b98e8fcc2847bab832c53e1e77a36ea1e2bb8360dd22235ec2f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\ispB6E6.tmp\_Setup.dll

Filesize
372KB

MD5
23e8aa7789a60eb6851c30c6fedbf806

SHA1
7bf3d293b68d3dfa724cbfe5fce05c6a29276536

SHA256
d6b8fb12970878768f50b48e4cee016adf88f47000f4575f87b08c17d92c0c6d

SHA512
f3b35a3dcf61943d4a6efff916a84547091ef0076657dbdad55c9ffc1be9cfbab4ffa820a83b98e8fcc2847bab832c53e1e77a36ea1e2bb8360dd22235ec2f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\ispB6E6.tmp\_Setup.dll

Filesize
372KB

MD5
23e8aa7789a60eb6851c30c6fedbf806

SHA1
7bf3d293b68d3dfa724cbfe5fce05c6a29276536

SHA256
d6b8fb12970878768f50b48e4cee016adf88f47000f4575f87b08c17d92c0c6d

SHA512
f3b35a3dcf61943d4a6efff916a84547091ef0076657dbdad55c9ffc1be9cfbab4ffa820a83b98e8fcc2847bab832c53e1e77a36ea1e2bb8360dd22235ec2f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\setB61A.tmp

Filesize
164KB

MD5
97344738221d2ae326d675c9ae92c9ab

SHA1
69fcb42f7de431a4dd0447f37f8609824370ef44

SHA256
a34471a64ef01e349ad64c7643b1a09ee8063144d259330f98e2a69a5303398e

SHA512
0cce6da545c4456637605c645b6d8614fc9185b171afb82935c657c1ae113cec458f69d9a8db429a9b9395c5ba9b8de535774a6a9a367d4d87d4d1544d82dbf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\NCPDLG.DLL

Filesize
190KB

MD5
06432d169bf8f3b526ebf7a68f9e9b2c

SHA1
0d004012517e2ade16a68fba048c6028eee17aa3

SHA256
6a153b278479888897e9fae492b26a694f564c1447b08b6fc0ce6447072e79c5

SHA512
c3f2d980aef4851ace0876dc951282e4e40526e39dcee924af0e569d88ef58f97d833a27cc3b85060765cabb3910a3922056129a3ad6cddeccca020f8ffd3417

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\NCPDLG.DLL

Filesize
190KB

MD5
06432d169bf8f3b526ebf7a68f9e9b2c

SHA1
0d004012517e2ade16a68fba048c6028eee17aa3

SHA256
6a153b278479888897e9fae492b26a694f564c1447b08b6fc0ce6447072e79c5

SHA512
c3f2d980aef4851ace0876dc951282e4e40526e39dcee924af0e569d88ef58f97d833a27cc3b85060765cabb3910a3922056129a3ad6cddeccca020f8ffd3417

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\NCPDLG.DLL

Filesize
190KB

MD5
06432d169bf8f3b526ebf7a68f9e9b2c

SHA1
0d004012517e2ade16a68fba048c6028eee17aa3

SHA256
6a153b278479888897e9fae492b26a694f564c1447b08b6fc0ce6447072e79c5

SHA512
c3f2d980aef4851ace0876dc951282e4e40526e39dcee924af0e569d88ef58f97d833a27cc3b85060765cabb3910a3922056129a3ad6cddeccca020f8ffd3417

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\_ISUser.dll

Filesize
164KB

MD5
4eb446d4dc0a8bb5e93cd3c7790d2edc

SHA1
6942aa06ac71eb2e59e8b86e8b54cd71dd1a92ea

SHA256
093dcc24235fdc57f969844cb8553776984ac17a34070cbdb83819b842925d7f

SHA512
da151fac732721212062b87b629b36d1e053d8cb9be9a5acd708ffab64e3b861ea30a7fbcefa45d9c0061e4cc935a6a79668fd01803a3596cb623e04f7a87350

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\_ISUser.dll

Filesize
164KB

MD5
4eb446d4dc0a8bb5e93cd3c7790d2edc

SHA1
6942aa06ac71eb2e59e8b86e8b54cd71dd1a92ea

SHA256
093dcc24235fdc57f969844cb8553776984ac17a34070cbdb83819b842925d7f

SHA512
da151fac732721212062b87b629b36d1e053d8cb9be9a5acd708ffab64e3b861ea30a7fbcefa45d9c0061e4cc935a6a79668fd01803a3596cb623e04f7a87350

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\_ISUser.dll

Filesize
164KB

MD5
4eb446d4dc0a8bb5e93cd3c7790d2edc

SHA1
6942aa06ac71eb2e59e8b86e8b54cd71dd1a92ea

SHA256
093dcc24235fdc57f969844cb8553776984ac17a34070cbdb83819b842925d7f

SHA512
da151fac732721212062b87b629b36d1e053d8cb9be9a5acd708ffab64e3b861ea30a7fbcefa45d9c0061e4cc935a6a79668fd01803a3596cb623e04f7a87350

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\_IsRes.dll

Filesize
292KB

MD5
c28852d187adeba2f46014e4e9c23545

SHA1
0081c5931a9f70b226774a414311c07deefd57e9

SHA256
144465511fbda20194526627718dd66d6ca11f1a1c58ba9a72ed415313cea28b

SHA512
822511cf0c09526887a98089ec786862f9bdbccf2aa0e5cbcff0e45bbf2b237b9e4dec19bbae47280d06217ba0db04838c6b3bc6beea35b8ad5d86b03de848b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\_IsRes.dll

Filesize
292KB

MD5
c28852d187adeba2f46014e4e9c23545

SHA1
0081c5931a9f70b226774a414311c07deefd57e9

SHA256
144465511fbda20194526627718dd66d6ca11f1a1c58ba9a72ed415313cea28b

SHA512
822511cf0c09526887a98089ec786862f9bdbccf2aa0e5cbcff0e45bbf2b237b9e4dec19bbae47280d06217ba0db04838c6b3bc6beea35b8ad5d86b03de848b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\_IsRes.dll

Filesize
292KB

MD5
c28852d187adeba2f46014e4e9c23545

SHA1
0081c5931a9f70b226774a414311c07deefd57e9

SHA256
144465511fbda20194526627718dd66d6ca11f1a1c58ba9a72ed415313cea28b

SHA512
822511cf0c09526887a98089ec786862f9bdbccf2aa0e5cbcff0e45bbf2b237b9e4dec19bbae47280d06217ba0db04838c6b3bc6beea35b8ad5d86b03de848b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\isrt.dll

Filesize
392KB

MD5
59fc48f54a1b2b46aa784ffc16495d52

SHA1
5823c7759f6ef9f0f5d41b79aa10bdc085aa0dc6

SHA256
cc3fd2f9a76c2d5fcd86d62ad5ef8d1f478c31872094ac38d82fd0b8dbaeef81

SHA512
5b4aaed3d7a1f9a16f0cee703401584f97e3ed182c86a628b6403ee407dafe199f9cfeca3ee61a45924fd35f71f4adce31d2443f9e2c2034110c1bca17e5598c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\isrt.dll

Filesize
392KB

MD5
59fc48f54a1b2b46aa784ffc16495d52

SHA1
5823c7759f6ef9f0f5d41b79aa10bdc085aa0dc6

SHA256
cc3fd2f9a76c2d5fcd86d62ad5ef8d1f478c31872094ac38d82fd0b8dbaeef81

SHA512
5b4aaed3d7a1f9a16f0cee703401584f97e3ed182c86a628b6403ee407dafe199f9cfeca3ee61a45924fd35f71f4adce31d2443f9e2c2034110c1bca17e5598c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\isrt.dll

Filesize
392KB

MD5
59fc48f54a1b2b46aa784ffc16495d52

SHA1
5823c7759f6ef9f0f5d41b79aa10bdc085aa0dc6

SHA256
cc3fd2f9a76c2d5fcd86d62ad5ef8d1f478c31872094ac38d82fd0b8dbaeef81

SHA512
5b4aaed3d7a1f9a16f0cee703401584f97e3ed182c86a628b6403ee407dafe199f9cfeca3ee61a45924fd35f71f4adce31d2443f9e2c2034110c1bca17e5598c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\ncpcfg.dll

Filesize
148KB

MD5
7d4e37f7ffcc54ff011d9b8f9a337893

SHA1
132db9193d0ed04d4132f339081710beaa2ee0e5

SHA256
833917027691d38436575a9855b2f062734c210b3abb2d74c61f86a0a8583263

SHA512
61bfa7ab000c4fa43db9d5024e43f40a1373c0e31e6baa2d7d97447263438b437c2802a3c85216107e6679222f47f88584a0064e3dbef46125d88ec4036a2348

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\ncpcfg.dll

Filesize
148KB

MD5
7d4e37f7ffcc54ff011d9b8f9a337893

SHA1
132db9193d0ed04d4132f339081710beaa2ee0e5

SHA256
833917027691d38436575a9855b2f062734c210b3abb2d74c61f86a0a8583263

SHA512
61bfa7ab000c4fa43db9d5024e43f40a1373c0e31e6baa2d7d97447263438b437c2802a3c85216107e6679222f47f88584a0064e3dbef46125d88ec4036a2348

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\ncpcfg.dll

Filesize
148KB

MD5
7d4e37f7ffcc54ff011d9b8f9a337893

SHA1
132db9193d0ed04d4132f339081710beaa2ee0e5

SHA256
833917027691d38436575a9855b2f062734c210b3abb2d74c61f86a0a8583263

SHA512
61bfa7ab000c4fa43db9d5024e43f40a1373c0e31e6baa2d7d97447263438b437c2802a3c85216107e6679222f47f88584a0064e3dbef46125d88ec4036a2348

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\ncpdrvupd.dll

Filesize
75KB

MD5
91eb1e90940174203623f45ac0ab520c

SHA1
26ebbefd33b440d9aadae5621e8fa1e5146eb4cf

SHA256
4c869d79cf0340d3c9b17286989797d41bb876169ae35dff765b0cb5055a8607

SHA512
465218c95ce3904f5f4e025f5c6b204c963a9e48b5873eb350466a8ab72ff563294af723862a7623e141f69ff9ee88734243fbef707d92557bc2a1285a534ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\ncpdrvupd.dll

Filesize
75KB

MD5
91eb1e90940174203623f45ac0ab520c

SHA1
26ebbefd33b440d9aadae5621e8fa1e5146eb4cf

SHA256
4c869d79cf0340d3c9b17286989797d41bb876169ae35dff765b0cb5055a8607

SHA512
465218c95ce3904f5f4e025f5c6b204c963a9e48b5873eb350466a8ab72ff563294af723862a7623e141f69ff9ee88734243fbef707d92557bc2a1285a534ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\ncpdrvupd.dll

Filesize
75KB

MD5
91eb1e90940174203623f45ac0ab520c

SHA1
26ebbefd33b440d9aadae5621e8fa1e5146eb4cf

SHA256
4c869d79cf0340d3c9b17286989797d41bb876169ae35dff765b0cb5055a8607

SHA512
465218c95ce3904f5f4e025f5c6b204c963a9e48b5873eb350466a8ab72ff563294af723862a7623e141f69ff9ee88734243fbef707d92557bc2a1285a534ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{87158655-861E-4511-8224-6485F34BB891}\{D0470DB1-FEF4-46AF-96A1-535706487868}\setup.inx

Filesize
336KB

MD5
36621c3da03e0253cbee2a23d6fcda63

SHA1
71b65bfa808ef06859e63a9bc7fcc9cd4764c074

SHA256
9a52f655bb11b43083b212573e69df99c66be0389b9ef99d56b0a409f3f5642f

SHA512
b82165a2337923fbb0731891912b2dd9b806615e942421a1bf63741426e6213dd02e6f66f221e45183bc805bc9ff180bc9c9cab502b30757dd142708d6ee11c2

Download Submit
memory/3040-456-0x00000000009E0000-0x00000000009F1000-memory.dmp

Filesize
68KB

Download
memory/3040-517-0x0000000004AF0000-0x0000000004B16000-memory.dmp

Filesize
152KB

Download
memory/3040-180-0x00000000045F0000-0x000000000463D000-memory.dmp

Filesize
308KB

Download
memory/3040-524-0x0000000006A30000-0x0000000006A65000-memory.dmp

Filesize
212KB

Download
memory/3040-480-0x0000000005F00000-0x0000000005F30000-memory.dmp

Filesize
192KB

Download
memory/3040-472-0x00000000055A0000-0x0000000005604000-memory.dmp

Filesize
400KB

Download
memory/3040-463-0x0000000004FB0000-0x0000000004FF2000-memory.dmp

Filesize
264KB

Download
memory/3040-227-0x0000000004A50000-0x0000000004A9D000-memory.dmp

Filesize
308KB

Download
memory/3040-532-0x0000000006A70000-0x0000000006A87000-memory.dmp

Filesize
92KB

Download
memory/3040-291-0x0000000004A50000-0x0000000004A7F000-memory.dmp

Filesize
188KB

Download
memory/3040-367-0x0000000004DE0000-0x0000000004EA8000-memory.dmp

Filesize
800KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.