bc9df94aba9aa717a65e8031c5d7cf3f7c3ce67463c82eaaf9d1ef3fe1b559c8

Analysis

max time kernel
137s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 04:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

61e3bfc3127cbda8405e99d1f1de70b0.exe
Size

52KB
MD5

61e3bfc3127cbda8405e99d1f1de70b0
SHA1

c698319ccfbb49fc45e9348d110fa3d5330a9d62
SHA256

bc9df94aba9aa717a65e8031c5d7cf3f7c3ce67463c82eaaf9d1ef3fe1b559c8
SHA512

3d9ad12422fa187c6f5fd8cd066bba1cbb4e35589670c67f9b7df5ff6c5ced4a17bad755c23ade6586743b1ca80b3278fae790f8da4c61f877a5596103f6e6a5
SSDEEP

768:00jToP6F2jo6B8HtbCKbsd42oF0auBK8A5hHeyPCmoz:WP6Fen8HtbClPoX3eyPCmoz

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dmscript.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msclmd.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\odbcji32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\instnm.exe	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcp120.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_1.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\odpdx32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\dpwsockx.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc100esn.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc140rus.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\OneDrive.ico	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc110enu.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcr110.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib120.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_atomic_wait.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcrt20.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\opencl.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\FXSEXT32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc100jpn.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc110jpn.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcrt40.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\FXSXP32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\sqlunirl.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\ir50_qcoriginal.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc110chs.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mscpx32r.dLL	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msrd3x40.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\oddbse32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\ole2disp.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\setup16.exe	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc40u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm100.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mmc.exe.config	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\odbcjt32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\odfox32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\12520437.cpx	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\ir32_32original.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\license.rtf	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcp100.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\odexl32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc120cht.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\sqlwoa.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\d3dim700.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm100u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msvcr100.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\vcamp110.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc100ita.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc120u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc40.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc110deu.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc110u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\msrd2x40.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mswstr10.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\rdvgocl32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\rdvgogl32.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\iprop.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc120kor.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\OneDriveSetup.exe	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\user.exe	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfc100rus.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140u.dll	61e3bfc3127cbda8405e99d1f1de70b0.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\PFRO.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\setupact.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\SysmonDrv.sys	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\system.ini	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\lsasetup.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\Professional.xml	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\setuperr.log	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\sysmon.exe	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\win.ini	61e3bfc3127cbda8405e99d1f1de70b0.exe
File opened for modification	C:\Windows\WindowsUpdate.log	61e3bfc3127cbda8405e99d1f1de70b0.exe

C:\Users\Admin\AppData\Local\Temp\61e3bfc3127cbda8405e99d1f1de70b0.exe
"C:\Users\Admin\AppData\Local\Temp\61e3bfc3127cbda8405e99d1f1de70b0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:5112

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads