Overview
overview
10Static
static
10013e80dc8e...a8.exe
windows10-2004-x64
7040677c072...cc.exe
windows10-2004-x64
10ba3a15c5f...6a.exe
windows10-2004-x64
1019d029dd80...b2.dll
windows10-2004-x64
101ac4f94c2d...83.exe
windows10-2004-x64
71efeb07862...bb.dll
windows10-2004-x64
327861dacdd...03.exe
windows10-2004-x64
131860041f6...ff.exe
windows10-2004-x64
33c49ffd8bf...86.dll
windows10-2004-x64
141edb742c1...45.exe
windows10-2004-x64
74ad4c837ce...e1.exe
windows10-2004-x64
150682871a2...53.exe
windows10-2004-x64
65f3bfe76bb...b6.exe
windows10-2004-x64
10784f3902fd...12.exe
windows10-2004-x64
10816c0e4deb...6c.exe
windows10-2004-x64
781b49d3c61...a9.exe
windows10-2004-x64
1082d1e979d2...67.exe
windows10-2004-x64
78ba3f20419...4f.exe
windows10-2004-x64
108d8576432c...fe.exe
windows10-2004-x64
7962bbb1929...e2.exe
windows10-2004-x64
1096f295d08c...d1.exe
windows10-2004-x64
796f2bcea04...28.exe
windows10-2004-x64
109972304b5c...64.exe
windows10-2004-x64
109ff988d7ea...09.exe
windows10-2004-x64
7bfddb59433...b0.exe
windows10-2004-x64
3c0ca77690a...a5.dll
windows10-2004-x64
1cb0f8c9180...69.exe
windows10-2004-x64
10cfbcc54f36...29.exe
windows10-2004-x64
7dd0f55e997...a3.exe
windows10-2004-x64
8ded033da36...58.exe
windows10-2004-x64
7ea55e146fe...59.exe
windows10-2004-x64
10fffd0cdd49...d6.exe
windows10-2004-x64
10Resubmissions
14-11-2023 17:31
231114-v3qg7acf42 1014-11-2023 17:21
231114-vxdw7sdg61 1028-10-2023 19:29
231028-x7cs1age56 1024-10-2023 13:29
231024-qrn3rsdb6z 1018-10-2023 12:04
231018-n8ybnaeb31 1007-09-2023 12:10
230907-pce1wahe2x 10Analysis
-
max time kernel
137s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
28-10-2023 19:29
Behavioral task
behavioral1
Sample
013e80dc8e53bd7d98dd94915f05563499b6a323df343bb765a1d3f188753aa8.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
040677c072d3f39edc3d3ec5f95573c1532875c1d57ddc1b62ce396afae016cc.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
0ba3a15c5f29bca02e4b54f3146092558841962e5ee66a87218f130a4dfec36a.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
19d029dd80a0823d4abe2dfea87b17935844142cb0921eb35a390f70d5f522b2.dll
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
1ac4f94c2d34dbf38aaf1b7b7103349479fbe5b427e45fd213d4f31845958b83.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
1efeb078625478129da10c0e62b0c842e54286312fbb55c38187bda4d78974bb.dll
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
27861dacdddfebc6862f96085da5ede9249b76bdb4b7af16371c51caee417503.exe
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
31860041f633899f97e48bcd189a406bdc37d6be297b3dd6431f446aff2852ff.exe
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
3c49ffd8bfdcc42aee16d8679893aa28f3ed5e433dcf0900ed32f7a88da3f386.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
41edb742c1b69881657a48b74568410eb0dc7bfc9f540ab15c4ed0a665d97d45.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
4ad4c837ce02e146680abb4f673fbca2d5f8588f4ae2c766b393c2b4141a9ee1.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
50682871a2a335d7c5f89cfc1ed16bec99abfa7856a05f54477ee639bbbfd453.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
5f3bfe76bbd22dd8fd936b3833220ba03964b08e28ecf13dafdbbae24a620cb6.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
784f3902fdf296683a82c32aba987fd4c12bbed74a6300582da2d53e23954112.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
816c0e4debc58580e62e0698d31111436c8f99bd895ad2b4d0c9b7c2798dd96c.exe
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
81b49d3c6151419a242ba8491dff24bc345ba1dc696ff9c6aaf3c698bacefea9.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
82d1e979d2e673d0b1a47d34c1c968582185e284e0532ed66fd69d0e21063c67.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
8ba3f20419e36946e978e69ae892805569a3b8e5ae702038065296aae8dc414f.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
8d8576432cd79c4c6a8902e9fcbdad16c871afae3731a4d9ec9cb6a0be727ffe.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
962bbb1929620dc69e35d52ce7e9684412e16e8ad2727222dbe3e47e9220f8e2.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
96f295d08c64e21aa847dcff5d942dd2beec65fa4957a6690ee2b7b79382cdd1.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
9972304b5cf97f0369e5b287583931d87dfe984aa698c9123b7061379db68e64.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
9ff988d7ea76e8379b5da6af3455b859957e7dfe572181041c35b10390780909.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
bfddb59433bec29faf6210449f73503f38e61234c09be3f405be8196d9d6f8b0.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
c0ca77690ad65d797c3c9a662229046b0cc28e89ca54e0e39c70f656201280a5.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
cb0f8c9180b92b75f130ecdd9fd42fa9c687796313cc968179d1c9b217c65e69.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
cfbcc54f36dbdfc8d78d2be3a6b565f4e25b4d52f51de10ad7e4ca14c7f55d29.exe
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
dd0f55e997999bfddd040f676fd616b99afe386daf1a69c3a02a8324274baba3.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
ded033da36fbf8287d0df6f21a0339b6e1046ce678b46e7cd558f63e22df1158.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
ea55e146fed653416bd40c92ce89cd61b46035c7bc6f55a33c71a9872e2c9659.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
fffd0cdd4935b9fa1ff5530a94ec648346d5f6c6521fc07641fd9254f5ef75d6.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
General
-
Target
96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe
-
Size
448KB
-
MD5
ad53609d80259f7f329bf724c55a3ee7
-
SHA1
71dac241fb99cde30fc2feae60483c479f96b174
-
SHA256
96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528
-
SHA512
83f972453bcc65afd8944a5a28190c8289aa02329e22bdc9170b2a1d0c3947086f6dd10e4cb1d28bf20d8d279a9013ec9861abafa265923821454c5a9221996e
-
SSDEEP
12288:ON9ugSNkvm9f+MgvLwabghCE2SN7YDaLsz6J7yCXjmZfMc3ed/37z0M/n/sCbMe2:1OSN7YDaLsWJ7yimGn/sCE
Malware Config
Signatures
-
Detect Neshta payload 9 IoCs
resource yara_rule behavioral22/files/0x000700000001f010-16.dat family_neshta behavioral22/memory/2476-28-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral22/memory/2476-96-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral22/memory/2476-97-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral22/memory/2476-98-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral22/memory/2476-99-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral22/memory/2476-100-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral22/memory/2476-101-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta behavioral22/memory/2476-103-0x0000000000400000-0x000000000041B000-memory.dmp family_neshta -
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe -
Executes dropped EXE 1 IoCs
pid Process 1392 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe -
Modifies system executable filetype association 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13177~1.11\MIA062~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13177~1.11\MICROS~4.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\WINDOW~2\wab.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13177~1.11\MICROS~3.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\WI8A19~1\ImagingDevices.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmlaunch.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13177~1.11\MI391D~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\WINDOW~2\wabmig.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13177~1.11\MICROS~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13177~1.11\MICROS~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13177~1.11\MICROS~2.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\svchost.com 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2476 wrote to memory of 1392 2476 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe 84 PID 2476 wrote to memory of 1392 2476 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe 84 PID 2476 wrote to memory of 1392 2476 96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe"C:\Users\Admin\AppData\Local\Temp\96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe"1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Users\Admin\AppData\Local\Temp\3582-490\96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe"2⤵
- Executes dropped EXE
PID:1392
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD58ffc3bdf4a1903d9e28b99d1643fc9c7
SHA1919ba8594db0ae245a8abd80f9f3698826fc6fe5
SHA2568268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6
SHA5120b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427
-
C:\Users\Admin\AppData\Local\Temp\3582-490\96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe
Filesize408KB
MD5f866509bb775b77b593bc831d3f5a238
SHA146e0be4667e3eed77227e58192817a960f2ef58b
SHA25688777558b5b6d03679c012a1d29a72c257e43081d6d45f5e75b542db4cd578f2
SHA512a97385bf76d1639cb49022584f62aa5ecc5a425e2ea87920eb5ed4902cc4583cfd3cf404cc2927d94ce158599b1ffe720fae204c89fcd60b7b9efe5d8e7d9a70
-
C:\Users\Admin\AppData\Local\Temp\3582-490\96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe
Filesize408KB
MD5f866509bb775b77b593bc831d3f5a238
SHA146e0be4667e3eed77227e58192817a960f2ef58b
SHA25688777558b5b6d03679c012a1d29a72c257e43081d6d45f5e75b542db4cd578f2
SHA512a97385bf76d1639cb49022584f62aa5ecc5a425e2ea87920eb5ed4902cc4583cfd3cf404cc2927d94ce158599b1ffe720fae204c89fcd60b7b9efe5d8e7d9a70
-
C:\Users\Admin\AppData\Local\Temp\3582-490\96f2bcea04abecb6ba4e87bb6cd62beb439882a9bb013fa12def110ea3335528.exe
Filesize408KB
MD5f866509bb775b77b593bc831d3f5a238
SHA146e0be4667e3eed77227e58192817a960f2ef58b
SHA25688777558b5b6d03679c012a1d29a72c257e43081d6d45f5e75b542db4cd578f2
SHA512a97385bf76d1639cb49022584f62aa5ecc5a425e2ea87920eb5ed4902cc4583cfd3cf404cc2927d94ce158599b1ffe720fae204c89fcd60b7b9efe5d8e7d9a70