Analysis
-
max time kernel
42s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
21/10/2023, 21:26
General
-
Target
NEAS.922377de45ad07af86be4a35f7dc4ea0.exe
-
Size
59KB
-
MD5
922377de45ad07af86be4a35f7dc4ea0
-
SHA1
a5bf59dd266d5a2103ac28157401a2a9353248e0
-
SHA256
fc40c2a73b575e982eef56671bc4f81c0ee04343364917c6d13f52eef65cbab1
-
SHA512
d9865f4c48d58ab5ec7ec0b1e4e0783728ba2e911bb06d8f6eb1c18fdcc678eb6a2e3167660faa3f5f1f41f543a3e4d6ae3b0ae88b1636ed05b07d023c25cff4
-
SSDEEP
768:PbY06ifgiWkSpURJon8Si+1wiRYS+GBQQpH5zxcZTlRZ02p/1H5dyXdnhfXaXdnh:zelaSWSigwiPAQDzeTlg2L/YO
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.922377de45ad07af86be4a35f7dc4ea0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.922377de45ad07af86be4a35f7dc4ea0.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dojlhg32.exeC:\Windows\system32\Dojlhg32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpkehi32.exeC:\Windows\system32\Dpkehi32.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dlbfmjqi.exeC:\Windows\system32\Dlbfmjqi.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eekjep32.exeC:\Windows\system32\Eekjep32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eppobi32.exeC:\Windows\system32\Eppobi32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Elgohj32.exeC:\Windows\system32\Elgohj32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ehnpmkbg.exeC:\Windows\system32\Ehnpmkbg.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebcdjc32.exeC:\Windows\system32\Ebcdjc32.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Efampahd.exeC:\Windows\system32\Efampahd.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Epiaig32.exeC:\Windows\system32\Epiaig32.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fhefmjlp.exeC:\Windows\system32\Fhefmjlp.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fpnkdfko.exeC:\Windows\system32\Fpnkdfko.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fiilblom.exeC:\Windows\system32\Fiilblom.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fepmgm32.exeC:\Windows\system32\Fepmgm32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gccmaack.exeC:\Windows\system32\Gccmaack.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ghqeihbb.exeC:\Windows\system32\Ghqeihbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gipbck32.exeC:\Windows\system32\Gipbck32.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gegchl32.exeC:\Windows\system32\Gegchl32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gckcap32.exeC:\Windows\system32\Gckcap32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glchjedc.exeC:\Windows\system32\Glchjedc.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ghjhofjg.exeC:\Windows\system32\Ghjhofjg.exe22⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hpaqqdjj.exeC:\Windows\system32\Hpaqqdjj.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hofmaq32.exeC:\Windows\system32\Hofmaq32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hjlaoioh.exeC:\Windows\system32\Hjlaoioh.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcdfho32.exeC:\Windows\system32\Hcdfho32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hllkqdli.exeC:\Windows\system32\Hllkqdli.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hgbonm32.exeC:\Windows\system32\Hgbonm32.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ijedehgm.exeC:\Windows\system32\Ijedehgm.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iqaiga32.exeC:\Windows\system32\Iqaiga32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Imhjlb32.exeC:\Windows\system32\Imhjlb32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Imjgbb32.exeC:\Windows\system32\Imjgbb32.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Icdoolge.exeC:\Windows\system32\Icdoolge.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Iiaggc32.exeC:\Windows\system32\Iiaggc32.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jgbhdkml.exeC:\Windows\system32\Jgbhdkml.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jgedjjki.exeC:\Windows\system32\Jgedjjki.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kmhccpci.exeC:\Windows\system32\Kmhccpci.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kpilekqj.exeC:\Windows\system32\Kpilekqj.exe38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kcgekjgp.exeC:\Windows\system32\Kcgekjgp.exe39⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kmpido32.exeC:\Windows\system32\Kmpido32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kmbfiokn.exeC:\Windows\system32\Kmbfiokn.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljffccjh.exeC:\Windows\system32\Ljffccjh.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ljhchc32.exeC:\Windows\system32\Ljhchc32.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lpelqj32.exeC:\Windows\system32\Lpelqj32.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Limpiomm.exeC:\Windows\system32\Limpiomm.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lccdghmc.exeC:\Windows\system32\Lccdghmc.exe46⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lmkipncc.exeC:\Windows\system32\Lmkipncc.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lcealh32.exeC:\Windows\system32\Lcealh32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ljoiibbm.exeC:\Windows\system32\Ljoiibbm.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ldgnbg32.exeC:\Windows\system32\Ldgnbg32.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mdjjgggk.exeC:\Windows\system32\Mdjjgggk.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mhhcne32.exeC:\Windows\system32\Mhhcne32.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Miklkm32.exeC:\Windows\system32\Miklkm32.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfaijand.exeC:\Windows\system32\Nfaijand.exe54⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nagngjmj.exeC:\Windows\system32\Nagngjmj.exe55⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nkpbpp32.exeC:\Windows\system32\Nkpbpp32.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ndhgie32.exeC:\Windows\system32\Ndhgie32.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmpkakak.exeC:\Windows\system32\Nmpkakak.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nkdlkope.exeC:\Windows\system32\Nkdlkope.exe59⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Npadcfnl.exeC:\Windows\system32\Npadcfnl.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Naqqmieo.exeC:\Windows\system32\Naqqmieo.exe61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oacmchcl.exeC:\Windows\system32\Oacmchcl.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Odaiodbp.exeC:\Windows\system32\Odaiodbp.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omjnhiiq.exeC:\Windows\system32\Omjnhiiq.exe64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oiqomj32.exeC:\Windows\system32\Oiqomj32.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Odfcjc32.exeC:\Windows\system32\Odfcjc32.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Odhppclh.exeC:\Windows\system32\Odhppclh.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Pgihanii.exeC:\Windows\system32\Pgihanii.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Phiekaql.exeC:\Windows\system32\Phiekaql.exe69⤵
-
C:\Windows\SysWOW64\Pjjaci32.exeC:\Windows\system32\Pjjaci32.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pkinmlnm.exeC:\Windows\system32\Pkinmlnm.exe71⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Phmnfp32.exeC:\Windows\system32\Phmnfp32.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Pnjgog32.exeC:\Windows\system32\Pnjgog32.exe73⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pddokabk.exeC:\Windows\system32\Pddokabk.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qdflaa32.exeC:\Windows\system32\Qdflaa32.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qjcdih32.exeC:\Windows\system32\Qjcdih32.exe76⤵
-
C:\Windows\SysWOW64\Qdihfq32.exeC:\Windows\system32\Qdihfq32.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Adnbapjp.exeC:\Windows\system32\Adnbapjp.exe78⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Akgjnj32.exeC:\Windows\system32\Akgjnj32.exe79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ajmgof32.exeC:\Windows\system32\Ajmgof32.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Abflfc32.exeC:\Windows\system32\Abflfc32.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bbmbgb32.exeC:\Windows\system32\Bbmbgb32.exe82⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bgjjoi32.exeC:\Windows\system32\Bgjjoi32.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bdphnmjk.exeC:\Windows\system32\Bdphnmjk.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bjmpfdhb.exeC:\Windows\system32\Bjmpfdhb.exe85⤵
-
C:\Windows\SysWOW64\Cqghcn32.exeC:\Windows\system32\Cqghcn32.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cnkilbni.exeC:\Windows\system32\Cnkilbni.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cjaiac32.exeC:\Windows\system32\Cjaiac32.exe88⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Calbnnkj.exeC:\Windows\system32\Calbnnkj.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dndlba32.exeC:\Windows\system32\Dndlba32.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dlmegd32.exeC:\Windows\system32\Dlmegd32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Dbgndoho.exeC:\Windows\system32\Dbgndoho.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Dbijinfl.exeC:\Windows\system32\Dbijinfl.exe93⤵
-
C:\Windows\SysWOW64\Elaobdmm.exeC:\Windows\system32\Elaobdmm.exe94⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ejglcq32.exeC:\Windows\system32\Ejglcq32.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ejkenpnp.exeC:\Windows\system32\Ejkenpnp.exe96⤵
-
C:\Windows\SysWOW64\Fhdocc32.exeC:\Windows\system32\Fhdocc32.exe97⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fhflhcfa.exeC:\Windows\system32\Fhflhcfa.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Foenplji.exeC:\Windows\system32\Foenplji.exe99⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gikbneio.exeC:\Windows\system32\Gikbneio.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gbhpajlj.exeC:\Windows\system32\Gbhpajlj.exe101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ghgeoq32.exeC:\Windows\system32\Ghgeoq32.exe102⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gekeie32.exeC:\Windows\system32\Gekeie32.exe103⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hadcce32.exeC:\Windows\system32\Hadcce32.exe104⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hllcfnhm.exeC:\Windows\system32\Hllcfnhm.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iefedcmk.exeC:\Windows\system32\Iefedcmk.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ilcjgm32.exeC:\Windows\system32\Ilcjgm32.exe107⤵
-
C:\Windows\SysWOW64\Iapbodql.exeC:\Windows\system32\Iapbodql.exe108⤵
-
C:\Windows\SysWOW64\Ifnkeb32.exeC:\Windows\system32\Ifnkeb32.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Icakofel.exeC:\Windows\system32\Icakofel.exe110⤵
-
C:\Windows\SysWOW64\Ihndgmdd.exeC:\Windows\system32\Ihndgmdd.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jhqqlmba.exeC:\Windows\system32\Jhqqlmba.exe112⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jkcfch32.exeC:\Windows\system32\Jkcfch32.exe113⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jhhgmlli.exeC:\Windows\system32\Jhhgmlli.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jcmkjeko.exeC:\Windows\system32\Jcmkjeko.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Jmepcj32.exeC:\Windows\system32\Jmepcj32.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kiomnk32.exeC:\Windows\system32\Kiomnk32.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kiajck32.exeC:\Windows\system32\Kiajck32.exe118⤵
-
C:\Windows\SysWOW64\Kcfnqccd.exeC:\Windows\system32\Kcfnqccd.exe119⤵
-
C:\Windows\SysWOW64\Kicfijal.exeC:\Windows\system32\Kicfijal.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kblkap32.exeC:\Windows\system32\Kblkap32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-