9996b1329a7f71432e25b092cbc77a162344c2531f222bba96add176ad3c83c0

Analysis

max time kernel
22s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b5cff0897686a2750f8761c64a5555f.exe
Size

15KB
MD5

2b5cff0897686a2750f8761c64a5555f
SHA1

dc65cf46526c5b04f2c1bab0bceb413c35f1f7f4
SHA256

9996b1329a7f71432e25b092cbc77a162344c2531f222bba96add176ad3c83c0
SHA512

5a6bfd83a40aafc038d8ca969e325b72b3c6f8113ed4b50e07ae84d7cd406ee07cb5d2987f89ae33beb8185871d58d59d1720ae0a0ac3c8764d261c1227e4d5e
SSDEEP

384:NkqD50TkFdPiXWIn0lPybUI7vHLcbSYOHl:NGTkFdPGWIn0cN6l

Score

8^/10

persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	alg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lsass = "c:\\windows\\system\\alg.exe"	alg.exe

Deletes itself 1 IoCs

pid	Process
2784	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2356	alg.exe

Loads dropped DLL 34 IoCs

pid	Process
2148	2b5cff0897686a2750f8761c64a5555f.exe
2148	2b5cff0897686a2750f8761c64a5555f.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe
2356	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\DW\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	alg.exe
File created	\??\c:\Program Files (x86)\Common Files\Adobe\Updater6\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\RCX5553.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE	alg.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\EQUATION\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE	alg.exe
File created	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\RCX3B54.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\DW\RCX3D1B.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RCX4EDA.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE	alg.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\Source Engine\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe\Updater6\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\RCX50DF.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RCX4F09.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe	alg.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\alg.exe	alg.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCX22A0.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCX232E.tmp	alg.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\alg.exe	alg.exe
File created	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\RCX3BA4.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RCX4EB9.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RCX4F68.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe\Updater6\RCX3AB7.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\Source Engine\alg.exe	alg.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCX22EF.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\RCX3855.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\EQUATION\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCX232F.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\RCX3B74.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\EQUATION\RCX3DB8.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe	alg.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2356	2148	2b5cff0897686a2750f8761c64a5555f.exe	28
PID 2148 wrote to memory of 2356	2148	2b5cff0897686a2750f8761c64a5555f.exe	28
PID 2148 wrote to memory of 2356	2148	2b5cff0897686a2750f8761c64a5555f.exe	28
PID 2148 wrote to memory of 2356	2148	2b5cff0897686a2750f8761c64a5555f.exe	28
PID 2356 wrote to memory of 1600	2356	alg.exe	29
PID 2356 wrote to memory of 1600	2356	alg.exe	29
PID 2356 wrote to memory of 1600	2356	alg.exe	29
PID 2356 wrote to memory of 1600	2356	alg.exe	29
PID 2148 wrote to memory of 2784	2148	2b5cff0897686a2750f8761c64a5555f.exe	31
PID 2148 wrote to memory of 2784	2148	2b5cff0897686a2750f8761c64a5555f.exe	31
PID 2148 wrote to memory of 2784	2148	2b5cff0897686a2750f8761c64a5555f.exe	31
PID 2148 wrote to memory of 2784	2148	2b5cff0897686a2750f8761c64a5555f.exe	31

C:\Users\Admin\AppData\Local\Temp\2b5cff0897686a2750f8761c64a5555f.exe
"C:\Users\Admin\AppData\Local\Temp\2b5cff0897686a2750f8761c64a5555f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2148
- \??\c:\windows\system\alg.exe
  c:\windows\system\alg.exe
  2⤵
  - Adds policy Run key to start application
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:2356
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\temp\*.* /q /s
    3⤵
    PID:1600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2B5CFF~1.EXE > nul
  2⤵
  - Deletes itself
  PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\RCX3B74.tmp

Filesize
19KB

MD5
e84b6fefb4e4ae8447b8e010d4655ab9

SHA1
20e29de7fe52656af380e53c77b6390b7a01144f

SHA256
2bbc1215fc6df9ac4f1c1b315d7be4a6354ba9e79e797b5a23ba4151cf036a20

SHA512
0dead601dedf7f41be6bf10654df9ab6f5ddb33f2ea277042730e8560255335c82627487796c7f060af13b7662ef2a83156c0da35431f8bd342841b1f6c79850

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\RCX5553.tmp

Filesize
16KB

MD5
fe3e09cebc76d8f3fee943cc36e38972

SHA1
898d1e847a03d7cb1342b862719f5434bf6f1b4e

SHA256
3b11332adced61058bd89f543b4532015a637d7ea5dd8304017e959448d33a10

SHA512
6f9260219b2914735643999295d1e906e281f4f243e3feef05982e181cb638cbef35ebc8e9d07026668b7b4bb85247fc14ab907f4b473014c0d9ff2650649a10

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RCX4EDA.tmp

Filesize
16KB

MD5
77596c258ef90ad2c723846e6b739fa6

SHA1
a3384e798f001d694334bb943690bef1281abc8a

SHA256
920567ac07ac0d9b300e4a2ef7fb7baaf51126519d62b708896809229eef65dd

SHA512
c371bbeb8dd9146de063b809d03beaae73f5e682d18cb237bc775bc122686e419e64775d53489bc43ab668ee95b27ba6810d3fda60c140cfc1cb00065bc0f9d0

Download Submit
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\RCX92FA.tmp

Filesize
19KB

MD5
c7b2d78e4f5513115adef0e4ebea5748

SHA1
8902222d788253877f2de0428071b01cf787be90

SHA256
dd7e300246bfc08cb799b5cebc69a8c943885f461b8d2df7f95c68023e4668f7

SHA512
8d7da6d787d0c8f020294004059b65f7b10b7ddffaa92183b3518da62afcc8f309035a5126828f577f88c6a5be31495c3842527d51a3f3144febae0fa2045cbc

Download Submit
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

Filesize
145KB

MD5
9d10f99a6712e28f8acd5641e3a7ea6b

SHA1
835e982347db919a681ba12f3891f62152e50f0d

SHA256
70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc

SHA512
2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5

Download Submit
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe

Filesize
877KB

MD5
bfa1d1142e8b9073f8a4e8813771d092

SHA1
23c9df5d5fcc95a433641350cb4d8ea67632eb49

SHA256
80abc9ece47193976fcd188f0521337407fd16b73efd750b8a1b41f629695cae

SHA512
3df0f08429efb9284f585c28ad3518a6375f38c91a6442bec9c58c93af8d43f7adeb0ea1d0bcac805055a2246a70dd53a8d91e569c6f00776d52349b131fe43c

Download Submit
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE

Filesize
89KB

MD5
f3bd181bd41e615d116206d82f1c0570

SHA1
97a80aa09b533cb87b2294679dbf6bd7b138d672

SHA256
72df4f02b1f4e0f4e009b81268ec2ed373b5a2f53c595242db63323ab38b3519

SHA512
3c5778c246bc8fae3914daa1484ac3d58ddeec361fed0c0d1105f484919ccd6126060b698c45614adcf283c61e71a8fbdcdd91ac9cf3e03c6792e4a01eae5ab7

Download Submit
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe

Filesize
85KB

MD5
b79e3a3f029f22514e1393280a0c9f86

SHA1
2fc7d525ee8d96a807f46d97b2948d87bfe0f165

SHA256
4715e90585a7fd2961b77647d6311039bec6513548d9d2761658f9e355bdf652

SHA512
3eaa5e959e783a8f12e20b089fd62750f12b0b3c1e887e1855839687039e8881f5f1790fce9924d8cfc7f0c94711e7d5c3e8b8ff98ae5d3517794052749bf342

Download Submit
\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe

Filesize
245KB

MD5
e84927bc7e4bef6af8daf8640d95325e

SHA1
796cfbd54995d1340e3bdd9329e6d165af8c3859

SHA256
7744d4c0da090157809e65259fb2682e8149b3fcf64a055607ab04f0cb732ea6

SHA512
dd8c9e848100b8c67f8ac5a01e76bc11843e36824d501eca797c9560b0c99a1349ede26e5da0f57a1c66c817d0caf99284dbf968e9f5df442a7c64c88dffb261

Download Submit
\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe

Filesize
273KB

MD5
55e392d1bd55a1292b6ce766225416e5

SHA1
06d8134a3002e6974407fb5da0a59ab43415a52a

SHA256
db42cb95904cfc6891df2aa736506fb34a26cf9a26e88ab0ef262e0459344a3e

SHA512
0c55062cf8debbdf1a7a4f41527e43cd124fb7777e9b930de9cc900abf9c27a1956a536200e23dddc9a4068ac5bc9a8052299a4f2cf010cffd205a32d99581a2

Download Submit
\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

Filesize
341KB

MD5
e16dd9faeca97b4c185426e5672becba

SHA1
f32087a346bcc58dedcfe1bc32f221d486a385c7

SHA256
c21bfc263890f02763f56b4e9f5cf9113656cf09d7864b53ec2fd2024bdadd60

SHA512
582180e0c7b35660114d5b1d4d5c92d75615321a74d160c2c7bc92b91a2c2b7ed758d63e2bbbdb1658992da6fe7ac546d7f4ea9a6c73a4a503989ea6e1a22d6a

Download Submit
\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

Filesize
14KB

MD5
dc6311fbfd49f41fbf35860a30e68355

SHA1
b08b15be412e843acaf7ad5e6df0ef1e8bdb465c

SHA256
ffdf81680522029c2eb578a9f442fd9692900a5c782c711e35203fb2d25620ba

SHA512
5e2938f5a8396154928a7d093db3843d73497cea4f49c0f1b77e3aac6e29d1db7f0ad4518587c336f0dfccb67ff33aac8e12afa70503504c5d8d46d12a86e453

Download Submit
\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe

Filesize
25KB

MD5
6ff84be315cfafbbdf36aa01af8389e7

SHA1
2c550a4059ac331f5f5c9d3f218e0f6184aa27c9

SHA256
47c67c1c88ceaee3cf1667bf956a3e11a84dea2f7c2afc634777aa5f1bf65c76

SHA512
72498b009573a9cc9b5554e61d56b68f273682bfa2e13808f4abd5b2171aa59dd4a64bd9f68a3a416cfaceacb0041df918d8a84f28a5fa7f204fc562c5b6b174

Download Submit
\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe

Filesize
93KB

MD5
23c0ad1912aec0ccc7d94837d25ebdcc

SHA1
db7f2616564624b4997b2d36621b3fe8651e52dd

SHA256
38d50dba0c7dc50042bde576afb0926d0363c84f04091bcd0807ecd5ae3fd3a5

SHA512
3ecf2e3e18a6c9d890a1b89317bc1fd365f461e828ddbce4cab60ccf7882a54127a385a20461572be574123c025afff86645ea49ec0fd1a5cc66d90f88b432f0

Download Submit
\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

Filesize
33KB

MD5
69b16c7b7746ba5c642fc05b3561fc73

SHA1
83d80d668dca76b899e1bf662ddee0e0c18ac791

SHA256
0deceb6b1b7a2dd1f13133ac7328ff420dad4610cee1fa7466e8e0f6baa39116

SHA512
6b8eebcfe5b04141640047fe468371ad02bb115ee9ef00260c0b33cfd56b142c2e01b3b1c6f07281aa57b1f3b9fdb1f1082fe5620f88a57b92d8f547267ef154

Download Submit
\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe

Filesize
333KB

MD5
e5b38b9828293047f0352f7a38a22fb1

SHA1
681311628ac93f84371b2a069fa220dc89a3f672

SHA256
b85aeeaede189d9f56c843281a492cd8ada329f0b5b8b03d5a813eba3a290b61

SHA512
ed3e369451b938a556fb561afd6fd3ff5cfc93e386b035014fd4824a808f1e92e6d095ab33c340e6cd64ee00122fbd882abbcf0e15f3ffdb29a4fb9febe42920

Download Submit
\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe

Filesize
59KB

MD5
5e9d2fccad3b9edbc0a8ab0fe1e5e510

SHA1
4f74227b71e570f57e0bf611de8fe2b73cd3aba3

SHA256
ba7cd3c2ef37746576ea934fbbfe6ce0f659977f604cb6528e642e6d82e60ff7

SHA512
8e5ae33075564851f1534767558b1be79894858a912e5f53b00c98ad38e46bcdd17e225e32acea78b634221b506a312185ea155faaac976642c6fc8ed352f035

Download Submit
\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe

Filesize
34KB

MD5
d598a0818ec112074e4ecadb7fd83414

SHA1
a7154846b004135ba3e95e1e175d08bc9aab2e60

SHA256
d8fdda58db1a84ff2868d0d24bda9d9b496347a35008225f15c6599aa2f1c4bf

SHA512
5cd13c6b4247854a65f7322eafcb06d82c574384dc996be3bb3ab8f185818334acf6858e90136a321664543f3eb9d1b0419513ca254e4ed32959489653357240

Download Submit
\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe

Filesize
32KB

MD5
9c5b124efd76128d26d3bcf85a3f2092

SHA1
6f4a3a1b7d4fb47aba5b1c1bfc151f6eb8d2b3b0

SHA256
5fa546e912a3fedea19477ba68bb127cd2867170a2bdb831b78549c6190d55b9

SHA512
ca13ada6916ac4b5277cb7684a05ae2d36e61e3a5dd425cdcce34b8461b2337aa9c81fde1e08d9f6d24066f103bebbf135c6f66ac76bb2767eabc93f2e47f7f3

Download Submit
\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe

Filesize
90KB

MD5
27f8ebbdef6e8fa26f02d74263610729

SHA1
2ecce90a5b5661dbae6cfb890443cf8d47f052bb

SHA256
9feda23e175fa401fccd34614e2c3afde740c2ebab9a8fbc710fb9d08b712829

SHA512
71884b8e1d7042813f9ea6813565807cfe7b57b7c2d838ebf90ec2f34ab2a6acb36458d0e5b7f8a2bb07f03cbfd9cb145dfc72dae1658d1c514ef18a025c9a28

Download Submit
\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe

Filesize
1.2MB

MD5
a29d77956c0439796326187bd8d3c1c0

SHA1
bfe41f5bffdfbd7121f340a164646229c7f59d50

SHA256
bf26bd2c9d42393e227e53755aec1ed36b03b555687976541eb7f2ec6226d558

SHA512
b13699554da12dfb8edea8ebb34bca5defabd77aae97affe8ddbc1a13d1f3fd031599504a54db6bb3acb41b70e5d869f5519c1ccc7cd5f99641a55138ded4a0c

Download Submit
\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE

Filesize
385KB

MD5
92f8ac3fb8d60ee6fdb1d9c9fe2d9836

SHA1
3353d195e765dadeaf4551f800fd4ac2486c1c6c

SHA256
b968b0689931f9e373186fff8d16de0842ca87f0a1fd04370ac32ebc92c29fc5

SHA512
3d59aacbc5df7f6bdbb14ed4249dc7ccc6034fa68f7177cca057d667b8d85eca738ddc0ff8fe629350c3938a304518821ca122735c0edf188199b74527aea67a

Download Submit
\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE

Filesize
507KB

MD5
c87e561258f2f8650cef999bf643a731

SHA1
2c64b901284908e8ed59cf9c912f17d45b05e0af

SHA256
a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b

SHA512
dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c

Download Submit
\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE

Filesize
381KB

MD5
09fc2a95797f38464762b3bae3bfa1f3

SHA1
6f310f1f90d1c028d27f8a0455083f72fcdd6a9b

SHA256
a481050896beb2b05edc98999f2c8daa9d2d50a1a2d1c91e7f58d220e7ba07c7

SHA512
148ddbd7bc45f9236e05b33d6f23b1eefb11e7d5f5d307715868bc3fd3c5f1e7327dac332c9fc64b4b5c854ee0b6b34ebe4e399de0dda7a5190b04c3723a9806

Download Submit
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE

Filesize
117KB

MD5
55d4acd4b1f8c060e4e880c213e5eb79

SHA1
c902866e5a10554e44b4e743ceabd5d687a51484

SHA256
7a7f3d1d777a49848bb8e4e344b7e6d75819345b4fe27b8ebf836618a8ad8d73

SHA512
b60cc303c2324ab7d93b8afa479a868d98ea117968f4d7233c27f5c9856f266e245324634548daadb32b9b9affab1e2530fdf9bb8248281f2fb671153f334bda

Download Submit
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE

Filesize
189KB

MD5
37cd4ed547914384c817aed45b50b8a4

SHA1
20c7daf067634dda7e1255e7ae3ef934d1fb1522

SHA256
7021a2b725aecbe925986bdb969f016b0c5f9c7a42301182acb351a1db66c19f

SHA512
64e535f3f91656d726896abc3d5a50782f38cbad30d17da810b113da24e7ed7b2a5ffbf85247859854264ca6da66458d9d4622f088b98e6a881afc3726199e19

Download Submit
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE

Filesize
462KB

MD5
66c88b6782b844bc169c7f792936c0e1

SHA1
50cf028b05ede61c89d4fb3fde4caaae8b1a94ff

SHA256
b13d6112575cfcebd36ed20222b95c3869e7d292d36fef126324be8f29002a7f

SHA512
7e7825848ed26c5c04a61951139fc8c1ccc3f916f6c3616287a5fe707b59fd8f272bf0b30dd776632d7d8620217964e1a1b5381cfc7fdb6c2e8c45b829cbfcab

Download Submit
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE

Filesize
113KB

MD5
6ed32d3206c69fd9a591976e64003b18

SHA1
8e8aa84fa47579326aff29113db6b0e825d3f947

SHA256
542a9b77fe0f2adc61d3d2323d046256cb8227e09f337ff7355c489165e95e9f

SHA512
b612a732ad3175c1060a8e9e92ac3f5fe80fbfaf3e32a73b956b1f3b10ad0470df875fce8615b8affdffa3df17eed6d1bda9b27bae5d0ffbf9d4e4b37770494e

Download Submit
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe

Filesize
165KB

MD5
015751930f57a169f41b4142869cd139

SHA1
6690556f3cb5677a4d35fba7bd6c3f6c9d0f6761

SHA256
23e40ab5500599c794559e6b02ca1a63c436544ba576089e6c13c8759fbaece5

SHA512
740882f2527047ae8c473a038e2ab3179672e0eda7ba06d35034dfb3d7e686f10580f80d86e3553ea9870ee89fe34177d2b4f2f6f2557a6e583e9163c03c5ebe

Download Submit
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe

Filesize
498KB

MD5
d63cb47f665ff3caa0cd0db21b50345f

SHA1
7a8b5c9a9b2dcf08a0622f3475f0fc486dc8ecd0

SHA256
b237f60afbf0ff3680d68b673b4f06072249fce099f943dc731e0cccb4437576

SHA512
830c4820393557adcae93e625aec760130bb569b3eb3255338dd8c5935e236a32aeddbce2a44cd7347c9dfd8340e5888748e74e4a8bf3f9cbc7b7adf8669ea8d

Download Submit
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe

Filesize
355KB

MD5
84ecf6437e37272d7d1d0e164e37052f

SHA1
9f516f3c19198aedea78dc7e6719abc705fefe5c

SHA256
0e4312441701fbb72fe9f14aa879cff748b34caf0a7d0d7d9960fdb32f7eeda5

SHA512
c0b4fd6f73c1eec39273c4b05c68dce040df67e4ee131011b4e70f3da674966e851aa11dcaf198a800395a9986ff999ec542c26cf073bb7b8eb8270b13f24fdb

Download Submit
\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe

Filesize
14KB

MD5
20d3e26304e9366c2e9ebc18df8d6e53

SHA1
b509c0db36f01849a9267544545bb6d5e6d7dbe4

SHA256
36d845e96a732363f43534376dbb776041ab6df86a9ec1cf0419e74e89855277

SHA512
ea5f1a35d3aada483e3fc60b83b2de5339e8095294a8eff4c66131dfaee5b74ba2e9dcf5754d95bedb72ef2aeb43ef47c16d8b3f062a00408242300082263964

Download Submit
\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe

Filesize
1024KB

MD5
aa36652a445a49f7dbcfbabdede440ac

SHA1
8f1e57008a10639282c4bfb765a0f6236d9ecd89

SHA256
939b96df4837e77176aa40846bc6623903484d96b1e4b5f39ca0403ff4e3d88d

SHA512
1393af930e654d560d91ab45264c4e25c46345dfea00aacfbe8e8117cc4f9a92385b4f90f9ba3e0ab0a1b1c1757a2d395365814ad85d7b91c7e23b2946093585

Download Submit
\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe

Filesize
18KB

MD5
7a2323a4ef4c2a7651443239552581f6

SHA1
b3e6138072d303fbfca579a15ac86bd7572a7c2c

SHA256
18e279d77b8271a37bd9077900e57880f3cb3d2d9e5235ffc00f30752592f491

SHA512
39e6a802b7d64bf9547d4f93ff52004dc97bfe22f1363aba20b47e652dc5c27fae3a7b32fc10c585ca5e9621d7abd08888e25162991988f1b5d28e054f0fdd63

Download Submit
\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
85KB

MD5
ee0c93a37a7549bb3398c6093f25c9bd

SHA1
02ea12b829f147a5c6345f99ee4d2fcdd2cb7d4d

SHA256
604e2abeba3f46842e49c0d5dcfdaaf2746165f595f9dfa8ebfe03ffdd372c09

SHA512
1a5833d091139859847745f77032f6a0ff447d07f3c609d34d205ef63e68705b7232a72eba5315829ab52980d8ff5a9d2c9db59af056cd2517f4122db93010ff

Download Submit
\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe

Filesize
302KB

MD5
381c22092074255a291f4c9946a5c28f

SHA1
cfd3817b09553851738818c55a01d18c7591f95f

SHA256
c94dcb40543cb405474597c7e7c9d8ef558b1422797752625db9ca4faf53689c

SHA512
e1f176f4d3f9b7ac057fa427d006e1d6c918e3bb623a713435011e6e27ba7728b22d501789f449cd54e5a58d19d62c25c7f55f8185b022b22cddcab070a385cc

Download Submit
\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

Filesize
398KB

MD5
f1de10a8b9909a4af635112c8866d534

SHA1
c340effbaed989e7f8ffc6f7574856cd8ed0d18b

SHA256
5df635fd14558c0a25ceecd2ad51fbc0d129a8fe681d36ecc9e7254ae0e0a40e

SHA512
a227edac6a6d440da6e13a7d0ecbf42f6ac6acecd7591e0a105bf5e8e417d54e0610d9d28c649c510dc91c454894bdeef7f4c4d3463c57225e1e7cbc142b0924

Download Submit
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe

Filesize
167KB

MD5
54a010c60be10b65eee5506720fccabb

SHA1
18cfa274db7d6567441db036eb2b25b720d58884

SHA256
9a4b728a0b652056cbd312dd917adc08c72c89b6f666472f4e3d59a1b8039d89

SHA512
afb51acc8b684db72d5ee9ad7c340d852322af0862a80976c6830330c9e094bc77e760a5806ba883b437c0d10139aa783c21cd87acd405c453df98422d6b99ae

Download Submit
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe

Filesize
114KB

MD5
9482267d8e065d5c3cfe30c69b41b30c

SHA1
b0d7b3b52fc3faac508a01a61ff9e9e7ed8a16fd

SHA256
23085b1bbb7d7b175ee9c4fc9db4e7dd8981a3f5246cd864ab178c53c0612758

SHA512
33c19803c00834755d2a6e75481b0bc0d50dfaeb4cf95d34bc4bd22b82cb58ab72f7e7af9d1e56c19e68374365d4fd095b8a4121c0c0099254a0bdba2dd86c63

Download Submit
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe

Filesize
190KB

MD5
067c069e3a48184c32333ebbd152eb01

SHA1
e13808892bb9679a81d0ebdf5f51a6df42400149

SHA256
55f4339688f1e72f5da0819abaa1d1f0630f39c496ec1ea0ad8e3458c8df6b02

SHA512
74b3aecbf11f94948264b29481839bdf48d7b37f966cb5e2aa3062e66cf3587ecf247563e3bcc1837e1fb89602d327fdb4f22fa98c695b4d5768bc3f1903a2b4

Download Submit
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
224KB

MD5
d4b257c01bbaa68d15d8368475a4e227

SHA1
fafae083a882e163cfa8c77258baaab891c17df2

SHA256
dd6dd981c7f1a6673dc8cc3a0fe1fc8a54e059a9fdb0545b0dc9258299c0c546

SHA512
167494ecb32196e8e199d7d14a1c0498eee45ab8e8862e5441539fa569313bb602b9e979935c7cc5ba39300e54e8bdbdf2f502e4ea24b5e8339fd2c3685ca502

Download Submit
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe

Filesize
114KB

MD5
27a531be4e959f1d7772133949832a10

SHA1
da4d3202e33c4a4c9480e8bff7726bbe0bc88e84

SHA256
09b9f613621fa39c97de92265fb886be93be5b37fe0985c54eb358efbf8befe3

SHA512
7e4e78a2f6ad80ed822c40dfc4466da49a4941f42ce92b78f40f0b0d3e22c087985efb134515d5592f7b86a4bc583733ea9eb7d33fe6e29d6e771572d75421d6

Download Submit
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe

Filesize
18.1MB

MD5
87719f5295c74e002e72ce7c1ffd90a3

SHA1
f94493b6675343b4ba886be7ca6e9e23b2e04834

SHA256
e3fc2459f10bddbb448e5df2806b61cb3c1cd5405a0cfcea5fcc83aa7739b561

SHA512
1ca59a112e558c0440c3d1557c89e3b6e6c335dd0e9bd84f4991ba1b184ab99d843d08255d08daea562786c4c8d3600978bd5d8d517cfb6861c56864df89e16a

Download Submit
\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe

Filesize
18.2MB

MD5
7f57403eddd0395a6d81d28d83abb74a

SHA1
2cd158947c0cbf7965b9cf9cadc163f1bbee9bb6

SHA256
0fd825c85d6291cc66c6a62ead987caf9288e49fa256bfe8f2358d71e40f0318

SHA512
e55ec1e51c008b605dd5a548d50c8bf3a0a15b553efab6da3ee5088552c281473f067c1b28121b2111fc4030595dceb8ac0d8c9c6dc1799ac103b086056207dd

Download Submit
\Program Files (x86)\Google\Update\Install\{816A3475-9C83-4071-ADF3-DF13B538F008}\chrome_installer.exe

Filesize
18.9MB

MD5
ac11c817ecaf3257b22289c507a9a23c

SHA1
a03534a42a42b97a1213c4a4de6860830f0721f0

SHA256
2460372f8e7a34664b7f67c8e122f889f6c92ac87443fdf60ebeda3027d910e4

SHA512
6316af7715cedc6bb97e9e0a40d3d8252111b14900ee87597a376c5877c5cd6ba56c76a79aceee2174080726e51e2c867a23e0ce885fda0d310b71e187d1cb8d

Download Submit
\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE

Filesize
44KB

MD5
987f657313a388148599a9baebb9e7dc

SHA1
d4071ab6e1895ec19eee2254a39b9cb6096b4ab4

SHA256
83dbcdb3aa38fe0f77fa8734eed8917001163ef321b1ec418b6f87c7dae1259d

SHA512
ecb700e94740944cb4027137774448aee938e88645ebe34b250d1f1256efd099bfe48b50aca3935a48bfd9da0bff5473a3384f36cb3724b0fca90658b17a0aa7

Download Submit
\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE

Filesize
92KB

MD5
b6a79e41b753eeea1809ef19660091b9

SHA1
55afedd44e0059164c17d449de4cead2b1da68ce

SHA256
57dfd4be72dbb0db651d454369f4b0c01626af08ad02833b54fb2f9bb3158d14

SHA512
e443ff4c0a37c2839b2be3715dd96db387cae21f354a02efd149a38899bbe1480213e4a05e9505ad658799daa892394de79d61cb562de9e9d546fb0f8c0596a8

Download Submit
\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

Filesize
89KB

MD5
901aa7a38ce13f14b6bbec38c0595698

SHA1
6abd81a46557f72680eb9e5fc74223b8c9c32088

SHA256
1e95f2048e2a1782807d52e9816ed267355718e24d01ff07ace73d965ede388a

SHA512
34bb4f656423021873363ec8dd1908fd1d01017e607ff8bc79fea3176ffb18f3281dcf21f7bedcd96c4ddbcff70bb2943435a18e31ddfb6f6c5bd226bf901672

Download Submit
\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

Filesize
92KB

MD5
95efbe81cba2d25762ed81101f235d61

SHA1
17cf9113f1cd3d6554028939c1852cb344aa2e91

SHA256
135b410d49d99b5382fe179b8d591979d455465e1b8187124d0692351f99d69c

SHA512
aa3e29230448e5fa34df540c3abf0ea8688b8718157ef34de79ab1521a127edb66e8b09f42ecaa97c4fc5a6b25c8ee600efe828ccf97aaabc1054c753d5b38a5

Download Submit
\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE

Filesize
92KB

MD5
f9e9d993a73c4b6d759816fd8b281bd0

SHA1
cf4d335168f68842dcf2c84acbdb6176e73162fd

SHA256
45e21cde62dc29a58b12af42297b3b711e0fcf4def2826865f623bb6d921c8af

SHA512
d39531e1e1f49e5de42b198509cbdf77da05ede4c28316c5d532590ec6c032bab50a2fd8bc38da5223ab2aa8c75429aa1ad72bb522c465ee488e8cbed338239c

Download Submit
\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE

Filesize
92KB

MD5
d33e42dfa5f70b526a90e836f34bc476

SHA1
a4a9364482ac55d69ef5a75dec8540416f997d9d

SHA256
d0b65ececb52d5c5086f3dea3b374c339b3f45385fa55a0fdf4949a37a76e7ac

SHA512
716b55a587dd16a8404c52b49f8d93960db147ee2abb6e68048e5bba21bbcf71daec43ca660cda576e63f8a832b8a1942ba3929760741e824c698664ce494c95

Download Submit
\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE

Filesize
92KB

MD5
73231f0bdcdb47fa88a64b2df217af1e

SHA1
a75fa1da04312bb7fdeccc7fb3258594c2c5de2a

SHA256
9faf9b37c16045d84956d14ea55581aabfa09a8ce9a846933107838a4e1b729a

SHA512
b44a0a0f823b51adb32f94b6f5e36149dc4c485a2faf1b94e5ec47ce8599a11c01adbafcb50c5a0aba0a124193214d70cead7383beaacfcc4d1b652e3005dad1

Download Submit
\Windows\system\alg.exe

Filesize
15KB

MD5
2b5cff0897686a2750f8761c64a5555f

SHA1
dc65cf46526c5b04f2c1bab0bceb413c35f1f7f4

SHA256
9996b1329a7f71432e25b092cbc77a162344c2531f222bba96add176ad3c83c0

SHA512
5a6bfd83a40aafc038d8ca969e325b72b3c6f8113ed4b50e07ae84d7cd406ee07cb5d2987f89ae33beb8185871d58d59d1720ae0a0ac3c8764d261c1227e4d5e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads