bc9df94aba9aa717a65e8031c5d7cf3f7c3ce67463c82eaaf9d1ef3fe1b559c8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61e3bfc3127cbda8405e99d1f1de70b0.exe
Size

52KB
MD5

61e3bfc3127cbda8405e99d1f1de70b0
SHA1

c698319ccfbb49fc45e9348d110fa3d5330a9d62
SHA256

bc9df94aba9aa717a65e8031c5d7cf3f7c3ce67463c82eaaf9d1ef3fe1b559c8
SHA512

3d9ad12422fa187c6f5fd8cd066bba1cbb4e35589670c67f9b7df5ff6c5ced4a17bad755c23ade6586743b1ca80b3278fae790f8da4c61f877a5596103f6e6a5
SSDEEP

768:00jToP6F2jo6B8HtbCKbsd42oF0auBK8A5hHeyPCmoz:WP6Fen8HtbClPoX3eyPCmoz

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dplayx.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\ir32_32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc100deu.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\FXSEXT32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mapisvc.inf	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msorc32r.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\vcamp140.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\compobj.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc140kor.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\odtext32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\user.exe	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc100ita.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcr110_clr0400.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\FM20ENU.DLL	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mswdat10.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\ole2nls.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\atl100.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc100u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm120u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\d3dim700.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\FM20.DLL	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc40.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msexcl40.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\ntkrnlpa.exe	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\odbcjt32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\setup16.exe	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc100cht.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc120.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm120.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\vbajet32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\dmscript.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcr100_clr0400.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\dpmodemx.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc120cht.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc140fra.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc40u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\vcomp140.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\crtdll.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\dplaysvr.exe	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcp120_clr0400.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\MSCOMCTL.OCX	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mstext40.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\concrt140.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\license.rtf	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc120fra.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\sqlwid.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc110kor.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msxbde40.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\NOISE.THA	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc120kor.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc140cht.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm100.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\ir50_qcx.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msorcl32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\NOISE.CHS	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc110deu.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msjtes40.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcr120_clr0400.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcrt20.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\sqlunirl.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\setuperr.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\TSSysprep.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\Ultimate.xml	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\win.ini	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\WindowsUpdate.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\DtcInstall.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\msdfmap.ini	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\setupact.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\PFRO.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\Starter.xml	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\system.ini	61e3bfc3127cbda8405e99d1f1de70b0.exe

C:\Users\Admin\AppData\Local\Temp\61e3bfc3127cbda8405e99d1f1de70b0.exe
"C:\Users\Admin\AppData\Local\Temp\61e3bfc3127cbda8405e99d1f1de70b0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1732

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads