2c719082cd97cddd70853c6329b8563754d8a15641015cb46fa44e53d3bc459d

Analysis

max time kernel
154s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 21:30

Target

3d842cfa7b26b6ae90e46b22a47e57e4.exe
Size

40KB
MD5

3d842cfa7b26b6ae90e46b22a47e57e4
SHA1

fde3477578c870b07ce36760d339df3cbfdf5124
SHA256

2c719082cd97cddd70853c6329b8563754d8a15641015cb46fa44e53d3bc459d
SHA512

667aa77679e5f109289fa40cc07204c7ab2cd67ecd5fa93667dff52e392adf8c86888aeadf3f828ec146338008c4b3047fda40eed2514a67076c446cf01cdc55
SSDEEP

768:fIN6T/1rkELDMEn2W1bO+OhfTq2AzYQr/RSzmW1ZjGNcd:a6Vn2mS+mq2AE+imW1lMcd

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
832	mswyqzei.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mswyqzei.exe	3d842cfa7b26b6ae90e46b22a47e57e4.exe
File opened for modification	C:\Windows\SysWOW64\mswyqzei.exe	3d842cfa7b26b6ae90e46b22a47e57e4.exe

C:\Users\Admin\AppData\Local\Temp\3d842cfa7b26b6ae90e46b22a47e57e4.exe
"C:\Users\Admin\AppData\Local\Temp\3d842cfa7b26b6ae90e46b22a47e57e4.exe"
1⤵
- Drops file in System32 directory
PID:4188

C:\Windows\SysWOW64\mswyqzei.exe
C:\Windows\SysWOW64\mswyqzei.exe /service
1⤵
- Executes dropped EXE
PID:832
- C:\Windows\system32\reg.exe
  C:\Windows\Sysnative\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v TermUser /t REG_DWORD /d 0
  2⤵
  PID:4632

memory/832-5-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/832-16-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4188-3-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download