Analysis
-
max time kernel
153s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30-12-2023 04:14
General
-
Target
0e126fe12f819972684ab3486bcd1018.exe
-
Size
24KB
-
MD5
0e126fe12f819972684ab3486bcd1018
-
SHA1
9fc90e757b3d811be4e47e7e24db9396ced2a72e
-
SHA256
cab61ef5a0eab517b148b76d18ca22da59de49b7e48e85d4f4022f2645457fc6
-
SHA512
56b27091e0495644c8facd5001b90cf262f47b431cbd6a05adcdc1dfa3294904cdfe8b336a7655ae53eeda3d832be423c6a0a7cb524141595af22fc331bf9116
-
SSDEEP
384:ebhOmmnnw7/ru/rUQZebPufrWfyy1q9HuJ9TG5n3bIxgq/NWkiNIre2G:mOmmwyxyP4ygdQ45nBq/NWkUIrg
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0e126fe12f819972684ab3486bcd1018.exe"C:\Users\Admin\AppData\Local\Temp\0e126fe12f819972684ab3486bcd1018.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe4⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe9⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe11⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe13⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe14⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe16⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe19⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe20⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe23⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe27⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe30⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe31⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe32⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe36⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe39⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe40⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe41⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe42⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe43⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe45⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe46⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe47⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe48⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe49⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe50⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe51⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe52⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe53⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe54⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe55⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe56⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe59⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe63⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe64⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe65⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe66⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe68⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe70⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe71⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe72⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe74⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe76⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe77⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe80⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe81⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe82⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe83⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe84⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe85⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe86⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe88⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe89⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe90⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe91⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe92⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe93⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe94⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe95⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe96⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe98⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe99⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe100⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe101⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe103⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe104⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe105⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe106⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe107⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe108⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe109⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe110⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe112⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe113⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe114⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe115⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe116⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe117⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe118⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe119⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe120⤵
-
C:\Windows\SysWOW64\svshost.exeC:\Windows\system32\svshost.exe121⤵
- Adds Run key to start application
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-