Analysis

  • max time kernel
    0s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 19:37

General

  • Target

    a3f8bb01466184393106d692b3db7d15.exe

  • Size

    272KB

  • MD5

    a3f8bb01466184393106d692b3db7d15

  • SHA1

    4aa778ae78fbd7ef093d37d8f406c83005b9bb70

  • SHA256

    56c94ba077d500b34815440ce21bb43cd22c32099d1bd95fd2ad5dbcb046d5a6

  • SHA512

    6b6740f131626d1a959f9bad488d8b8bfd3ef97f7294a5974c4cda740196aa1ee3e9caeab06ca5c27ac9192fa2006e5eaefe1a9a24c48eddc11f42407858b920

  • SSDEEP

    6144:516loA6ByvZ6Mxv5Rar3O6B9fZSLhZmzbByvZ6Mxv5R:516eByvNv54B9f01ZmHByvNv5

Score
10/10

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 20 IoCs
  • Executes dropped EXE 10 IoCs
  • Drops file in System32 directory 30 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 33 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3f8bb01466184393106d692b3db7d15.exe
    "C:\Users\Admin\AppData\Local\Temp\a3f8bb01466184393106d692b3db7d15.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Windows\SysWOW64\Jmnaakne.exe
      C:\Windows\system32\Jmnaakne.exe
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2736
  • C:\Windows\SysWOW64\Jfhbppbc.exe
    C:\Windows\system32\Jfhbppbc.exe
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:5016
    • C:\Windows\SysWOW64\Jigollag.exe
      C:\Windows\system32\Jigollag.exe
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1020
  • C:\Windows\SysWOW64\Kgmlkp32.exe
    C:\Windows\system32\Kgmlkp32.exe
    1⤵
      PID:892
      • C:\Windows\SysWOW64\Kilhgk32.exe
        C:\Windows\system32\Kilhgk32.exe
        2⤵
          PID:968
      • C:\Windows\SysWOW64\Kmnjhioc.exe
        C:\Windows\system32\Kmnjhioc.exe
        1⤵
          PID:2732
          • C:\Windows\SysWOW64\Kajfig32.exe
            C:\Windows\system32\Kajfig32.exe
            2⤵
              PID:2716
          • C:\Windows\SysWOW64\Lmqgnhmp.exe
            C:\Windows\system32\Lmqgnhmp.exe
            1⤵
              PID:2264
              • C:\Windows\SysWOW64\Lpocjdld.exe
                C:\Windows\system32\Lpocjdld.exe
                2⤵
                  PID:3996
              • C:\Windows\SysWOW64\Liggbi32.exe
                C:\Windows\system32\Liggbi32.exe
                1⤵
                  PID:4568
                  • C:\Windows\SysWOW64\Laopdgcg.exe
                    C:\Windows\system32\Laopdgcg.exe
                    2⤵
                      PID:4280
                      • C:\Windows\SysWOW64\Lpappc32.exe
                        C:\Windows\system32\Lpappc32.exe
                        3⤵
                          PID:3908
                    • C:\Windows\SysWOW64\Lijdhiaa.exe
                      C:\Windows\system32\Lijdhiaa.exe
                      1⤵
                        PID:4332
                        • C:\Windows\SysWOW64\Laalifad.exe
                          C:\Windows\system32\Laalifad.exe
                          2⤵
                            PID:2040
                        • C:\Windows\SysWOW64\Lgneampk.exe
                          C:\Windows\system32\Lgneampk.exe
                          1⤵
                            PID:2452
                            • C:\Windows\SysWOW64\Lilanioo.exe
                              C:\Windows\system32\Lilanioo.exe
                              2⤵
                                PID:4160
                            • C:\Windows\SysWOW64\Lpfijcfl.exe
                              C:\Windows\system32\Lpfijcfl.exe
                              1⤵
                                PID:1944
                                • C:\Windows\SysWOW64\Lcdegnep.exe
                                  C:\Windows\system32\Lcdegnep.exe
                                  2⤵
                                    PID:4224
                                • C:\Windows\SysWOW64\Lnjjdgee.exe
                                  C:\Windows\system32\Lnjjdgee.exe
                                  1⤵
                                    PID:3952
                                    • C:\Windows\SysWOW64\Laefdf32.exe
                                      C:\Windows\system32\Laefdf32.exe
                                      2⤵
                                        PID:1796
                                    • C:\Windows\SysWOW64\Lknjmkdo.exe
                                      C:\Windows\system32\Lknjmkdo.exe
                                      1⤵
                                        PID:4668
                                        • C:\Windows\SysWOW64\Mnlfigcc.exe
                                          C:\Windows\system32\Mnlfigcc.exe
                                          2⤵
                                            PID:5164
                                        • C:\Windows\SysWOW64\Mpkbebbf.exe
                                          C:\Windows\system32\Mpkbebbf.exe
                                          1⤵
                                            PID:5208
                                            • C:\Windows\SysWOW64\Mciobn32.exe
                                              C:\Windows\system32\Mciobn32.exe
                                              2⤵
                                                PID:5248
                                            • C:\Windows\SysWOW64\Mkpgck32.exe
                                              C:\Windows\system32\Mkpgck32.exe
                                              1⤵
                                                PID:5288
                                                • C:\Windows\SysWOW64\Mnocof32.exe
                                                  C:\Windows\system32\Mnocof32.exe
                                                  2⤵
                                                    PID:5328
                                                • C:\Windows\SysWOW64\Mdiklqhm.exe
                                                  C:\Windows\system32\Mdiklqhm.exe
                                                  1⤵
                                                    PID:5408
                                                    • C:\Windows\SysWOW64\Mcklgm32.exe
                                                      C:\Windows\system32\Mcklgm32.exe
                                                      2⤵
                                                        PID:5448
                                                    • C:\Windows\SysWOW64\Mamleegg.exe
                                                      C:\Windows\system32\Mamleegg.exe
                                                      1⤵
                                                        PID:5572
                                                        • C:\Windows\SysWOW64\Mdkhapfj.exe
                                                          C:\Windows\system32\Mdkhapfj.exe
                                                          2⤵
                                                            PID:5624
                                                        • C:\Windows\SysWOW64\Mdmegp32.exe
                                                          C:\Windows\system32\Mdmegp32.exe
                                                          1⤵
                                                            PID:5788
                                                            • C:\Windows\SysWOW64\Mcpebmkb.exe
                                                              C:\Windows\system32\Mcpebmkb.exe
                                                              2⤵
                                                                PID:5836
                                                            • C:\Windows\SysWOW64\Mkgmcjld.exe
                                                              C:\Windows\system32\Mkgmcjld.exe
                                                              1⤵
                                                                PID:5920
                                                                • C:\Windows\SysWOW64\Mjjmog32.exe
                                                                  C:\Windows\system32\Mjjmog32.exe
                                                                  2⤵
                                                                    PID:5964
                                                                • C:\Windows\SysWOW64\Mnfipekh.exe
                                                                  C:\Windows\system32\Mnfipekh.exe
                                                                  1⤵
                                                                    PID:6000
                                                                    • C:\Windows\SysWOW64\Mpdelajl.exe
                                                                      C:\Windows\system32\Mpdelajl.exe
                                                                      2⤵
                                                                        PID:6040
                                                                    • C:\Windows\SysWOW64\Mdpalp32.exe
                                                                      C:\Windows\system32\Mdpalp32.exe
                                                                      1⤵
                                                                        PID:6088
                                                                        • C:\Windows\SysWOW64\Mcbahlip.exe
                                                                          C:\Windows\system32\Mcbahlip.exe
                                                                          2⤵
                                                                            PID:6128
                                                                        • C:\Windows\SysWOW64\Nkjjij32.exe
                                                                          C:\Windows\system32\Nkjjij32.exe
                                                                          1⤵
                                                                            PID:5256
                                                                            • C:\Windows\SysWOW64\Nnhfee32.exe
                                                                              C:\Windows\system32\Nnhfee32.exe
                                                                              2⤵
                                                                                PID:5316
                                                                            • C:\Windows\SysWOW64\Nacbfdao.exe
                                                                              C:\Windows\system32\Nacbfdao.exe
                                                                              1⤵
                                                                                PID:5416
                                                                                • C:\Windows\SysWOW64\Nqfbaq32.exe
                                                                                  C:\Windows\system32\Nqfbaq32.exe
                                                                                  2⤵
                                                                                    PID:5496
                                                                                • C:\Windows\SysWOW64\Nceonl32.exe
                                                                                  C:\Windows\system32\Nceonl32.exe
                                                                                  1⤵
                                                                                    PID:5612
                                                                                    • C:\Windows\SysWOW64\Nklfoi32.exe
                                                                                      C:\Windows\system32\Nklfoi32.exe
                                                                                      2⤵
                                                                                        PID:5696
                                                                                    • C:\Windows\SysWOW64\Njogjfoj.exe
                                                                                      C:\Windows\system32\Njogjfoj.exe
                                                                                      1⤵
                                                                                        PID:5780
                                                                                        • C:\Windows\SysWOW64\Nafokcol.exe
                                                                                          C:\Windows\system32\Nafokcol.exe
                                                                                          2⤵
                                                                                            PID:5864
                                                                                        • C:\Windows\SysWOW64\Nqiogp32.exe
                                                                                          C:\Windows\system32\Nqiogp32.exe
                                                                                          1⤵
                                                                                            PID:5952
                                                                                            • C:\Windows\SysWOW64\Nddkgonp.exe
                                                                                              C:\Windows\system32\Nddkgonp.exe
                                                                                              2⤵
                                                                                                PID:6036
                                                                                            • C:\Windows\SysWOW64\Ngcgcjnc.exe
                                                                                              C:\Windows\system32\Ngcgcjnc.exe
                                                                                              1⤵
                                                                                                PID:6112
                                                                                                • C:\Windows\SysWOW64\Nkncdifl.exe
                                                                                                  C:\Windows\system32\Nkncdifl.exe
                                                                                                  2⤵
                                                                                                    PID:5216
                                                                                                • C:\Windows\SysWOW64\Njacpf32.exe
                                                                                                  C:\Windows\system32\Njacpf32.exe
                                                                                                  1⤵
                                                                                                    PID:5356
                                                                                                    • C:\Windows\SysWOW64\Nbhkac32.exe
                                                                                                      C:\Windows\system32\Nbhkac32.exe
                                                                                                      2⤵
                                                                                                        PID:5516
                                                                                                    • C:\Windows\SysWOW64\Ndghmo32.exe
                                                                                                      C:\Windows\system32\Ndghmo32.exe
                                                                                                      1⤵
                                                                                                        PID:5872
                                                                                                        • C:\Windows\SysWOW64\Ncihikcg.exe
                                                                                                          C:\Windows\system32\Ncihikcg.exe
                                                                                                          2⤵
                                                                                                            PID:6008
                                                                                                        • C:\Windows\SysWOW64\Ngedij32.exe
                                                                                                          C:\Windows\system32\Ngedij32.exe
                                                                                                          1⤵
                                                                                                            PID:6080
                                                                                                            • C:\Windows\SysWOW64\Njcpee32.exe
                                                                                                              C:\Windows\system32\Njcpee32.exe
                                                                                                              2⤵
                                                                                                                PID:5308
                                                                                                            • C:\Windows\SysWOW64\Nbkhfc32.exe
                                                                                                              C:\Windows\system32\Nbkhfc32.exe
                                                                                                              1⤵
                                                                                                                PID:5560
                                                                                                                • C:\Windows\SysWOW64\Nqmhbpba.exe
                                                                                                                  C:\Windows\system32\Nqmhbpba.exe
                                                                                                                  2⤵
                                                                                                                    PID:5820
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5484 -ip 5484
                                                                                                                  1⤵
                                                                                                                    PID:6124
                                                                                                                  • C:\Windows\SysWOW64\Nkcmohbg.exe
                                                                                                                    C:\Windows\system32\Nkcmohbg.exe
                                                                                                                    1⤵
                                                                                                                      PID:5484
                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 424
                                                                                                                        2⤵
                                                                                                                        • Program crash
                                                                                                                        PID:5476
                                                                                                                    • C:\Windows\SysWOW64\Ncldnkae.exe
                                                                                                                      C:\Windows\system32\Ncldnkae.exe
                                                                                                                      1⤵
                                                                                                                        PID:5196
                                                                                                                      • C:\Windows\SysWOW64\Ndidbn32.exe
                                                                                                                        C:\Windows\system32\Ndidbn32.exe
                                                                                                                        1⤵
                                                                                                                          PID:5928
                                                                                                                        • C:\Windows\SysWOW64\Nqklmpdd.exe
                                                                                                                          C:\Windows\system32\Nqklmpdd.exe
                                                                                                                          1⤵
                                                                                                                            PID:5700
                                                                                                                          • C:\Windows\SysWOW64\Mgnnhk32.exe
                                                                                                                            C:\Windows\system32\Mgnnhk32.exe
                                                                                                                            1⤵
                                                                                                                              PID:5172
                                                                                                                            • C:\Windows\SysWOW64\Mglack32.exe
                                                                                                                              C:\Windows\system32\Mglack32.exe
                                                                                                                              1⤵
                                                                                                                                PID:5884
                                                                                                                              • C:\Windows\SysWOW64\Maohkd32.exe
                                                                                                                                C:\Windows\system32\Maohkd32.exe
                                                                                                                                1⤵
                                                                                                                                  PID:5748
                                                                                                                                • C:\Windows\SysWOW64\Mncmjfmk.exe
                                                                                                                                  C:\Windows\system32\Mncmjfmk.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:5704
                                                                                                                                  • C:\Windows\SysWOW64\Mgidml32.exe
                                                                                                                                    C:\Windows\system32\Mgidml32.exe
                                                                                                                                    1⤵
                                                                                                                                      PID:5668
                                                                                                                                    • C:\Windows\SysWOW64\Mjeddggd.exe
                                                                                                                                      C:\Windows\system32\Mjeddggd.exe
                                                                                                                                      1⤵
                                                                                                                                        PID:5528
                                                                                                                                      • C:\Windows\SysWOW64\Mkbchk32.exe
                                                                                                                                        C:\Windows\system32\Mkbchk32.exe
                                                                                                                                        1⤵
                                                                                                                                          PID:5488
                                                                                                                                        • C:\Windows\SysWOW64\Majopeii.exe
                                                                                                                                          C:\Windows\system32\Majopeii.exe
                                                                                                                                          1⤵
                                                                                                                                            PID:5368
                                                                                                                                          • C:\Windows\SysWOW64\Lgbnmm32.exe
                                                                                                                                            C:\Windows\system32\Lgbnmm32.exe
                                                                                                                                            1⤵
                                                                                                                                              PID:4576
                                                                                                                                            • C:\Windows\SysWOW64\Lddbqa32.exe
                                                                                                                                              C:\Windows\system32\Lddbqa32.exe
                                                                                                                                              1⤵
                                                                                                                                                PID:3632
                                                                                                                                              • C:\Windows\SysWOW64\Lklnhlfb.exe
                                                                                                                                                C:\Windows\system32\Lklnhlfb.exe
                                                                                                                                                1⤵
                                                                                                                                                  PID:3484
                                                                                                                                                • C:\Windows\SysWOW64\Laciofpa.exe
                                                                                                                                                  C:\Windows\system32\Laciofpa.exe
                                                                                                                                                  1⤵
                                                                                                                                                    PID:5012
                                                                                                                                                  • C:\Windows\SysWOW64\Ldohebqh.exe
                                                                                                                                                    C:\Windows\system32\Ldohebqh.exe
                                                                                                                                                    1⤵
                                                                                                                                                      PID:1256
                                                                                                                                                    • C:\Windows\SysWOW64\Lcpllo32.exe
                                                                                                                                                      C:\Windows\system32\Lcpllo32.exe
                                                                                                                                                      1⤵
                                                                                                                                                        PID:5064
                                                                                                                                                      • C:\Windows\SysWOW64\Lcmofolg.exe
                                                                                                                                                        C:\Windows\system32\Lcmofolg.exe
                                                                                                                                                        1⤵
                                                                                                                                                          PID:2572
                                                                                                                                                        • C:\Windows\SysWOW64\Kkbkamnl.exe
                                                                                                                                                          C:\Windows\system32\Kkbkamnl.exe
                                                                                                                                                          1⤵
                                                                                                                                                            PID:4672
                                                                                                                                                          • C:\Windows\SysWOW64\Kckbqpnj.exe
                                                                                                                                                            C:\Windows\system32\Kckbqpnj.exe
                                                                                                                                                            1⤵
                                                                                                                                                              PID:2124
                                                                                                                                                            • C:\Windows\SysWOW64\Kgdbkohf.exe
                                                                                                                                                              C:\Windows\system32\Kgdbkohf.exe
                                                                                                                                                              1⤵
                                                                                                                                                                PID:2428
                                                                                                                                                              • C:\Windows\SysWOW64\Kcifkp32.exe
                                                                                                                                                                C:\Windows\system32\Kcifkp32.exe
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:3608
                                                                                                                                                                • C:\Windows\SysWOW64\Kpjjod32.exe
                                                                                                                                                                  C:\Windows\system32\Kpjjod32.exe
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:3332
                                                                                                                                                                  • C:\Windows\SysWOW64\Kipabjil.exe
                                                                                                                                                                    C:\Windows\system32\Kipabjil.exe
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:3400
                                                                                                                                                                    • C:\Windows\SysWOW64\Kgbefoji.exe
                                                                                                                                                                      C:\Windows\system32\Kgbefoji.exe
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:3504
                                                                                                                                                                      • C:\Windows\SysWOW64\Kbfiep32.exe
                                                                                                                                                                        C:\Windows\system32\Kbfiep32.exe
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:4596
                                                                                                                                                                        • C:\Windows\SysWOW64\Kphmie32.exe
                                                                                                                                                                          C:\Windows\system32\Kphmie32.exe
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:2788
                                                                                                                                                                          • C:\Windows\SysWOW64\Kgphpo32.exe
                                                                                                                                                                            C:\Windows\system32\Kgphpo32.exe
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:1604
                                                                                                                                                                            • C:\Windows\SysWOW64\Kdaldd32.exe
                                                                                                                                                                              C:\Windows\system32\Kdaldd32.exe
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:2908
                                                                                                                                                                              • C:\Windows\SysWOW64\Kacphh32.exe
                                                                                                                                                                                C:\Windows\system32\Kacphh32.exe
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:2300
                                                                                                                                                                                • C:\Windows\SysWOW64\Kpccnefa.exe
                                                                                                                                                                                  C:\Windows\system32\Kpccnefa.exe
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:4152
                                                                                                                                                                                  • C:\Windows\SysWOW64\Kmegbjgn.exe
                                                                                                                                                                                    C:\Windows\system32\Kmegbjgn.exe
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:1552
                                                                                                                                                                                    • C:\Windows\SysWOW64\Jkfkfohj.exe
                                                                                                                                                                                      C:\Windows\system32\Jkfkfohj.exe
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:5048
                                                                                                                                                                                      • C:\Windows\SysWOW64\Jdmcidam.exe
                                                                                                                                                                                        C:\Windows\system32\Jdmcidam.exe
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        PID:684
                                                                                                                                                                                      • C:\Windows\SysWOW64\Jangmibi.exe
                                                                                                                                                                                        C:\Windows\system32\Jangmibi.exe
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Adds autorun key to be loaded by Explorer.exe on startup
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                                                                                                        PID:4372
                                                                                                                                                                                      • C:\Windows\SysWOW64\Jdjfcecp.exe
                                                                                                                                                                                        C:\Windows\system32\Jdjfcecp.exe
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Adds autorun key to be loaded by Explorer.exe on startup
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                                                                                                        PID:5092
                                                                                                                                                                                      • C:\Windows\SysWOW64\Jaljgidl.exe
                                                                                                                                                                                        C:\Windows\system32\Jaljgidl.exe
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Adds autorun key to be loaded by Explorer.exe on startup
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                                                                                                        PID:1472
                                                                                                                                                                                      • C:\Windows\SysWOW64\Jidbflcj.exe
                                                                                                                                                                                        C:\Windows\system32\Jidbflcj.exe
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Adds autorun key to be loaded by Explorer.exe on startup
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                                                                                                        PID:2312
                                                                                                                                                                                      • C:\Windows\SysWOW64\Jfffjqdf.exe
                                                                                                                                                                                        C:\Windows\system32\Jfffjqdf.exe
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Adds autorun key to be loaded by Explorer.exe on startup
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                                                                                                        PID:444
                                                                                                                                                                                      • C:\Windows\SysWOW64\Jdhine32.exe
                                                                                                                                                                                        C:\Windows\system32\Jdhine32.exe
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Adds autorun key to be loaded by Explorer.exe on startup
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                                                                                                        PID:1488

                                                                                                                                                                                      Network

                                                                                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                                                                                            Replay Monitor

                                                                                                                                                                                            Loading Replay Monitor...

                                                                                                                                                                                            Downloads

                                                                                                                                                                                            • C:\Windows\SysWOW64\Ngedij32.exe

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              272KB

                                                                                                                                                                                              MD5

                                                                                                                                                                                              dcfefb26c87cc41ae92ceb25d682b920

                                                                                                                                                                                              SHA1

                                                                                                                                                                                              a9c802687fcf4190ee712c4434ab69c89a70db6c

                                                                                                                                                                                              SHA256

                                                                                                                                                                                              9a6e43739d85fdf2e4aba884c37cac7e644b85a71fb2afc7c04b5f7bb258c578

                                                                                                                                                                                              SHA512

                                                                                                                                                                                              e4ed08ee64a9eb05aa3ec1f6e1f6e8b1ba0dce170bcb1ddf491dc12af9243392e3dba6f3034188b73c433db023200387a11d1956b5d0b5e808a01c7b27060721

                                                                                                                                                                                            • C:\Windows\SysWOW64\Njacpf32.exe

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              272KB

                                                                                                                                                                                              MD5

                                                                                                                                                                                              59e6755e0fa91ada084c27b8008ab9d1

                                                                                                                                                                                              SHA1

                                                                                                                                                                                              ef1168163e42d2578ea89632cc85e114bafe8805

                                                                                                                                                                                              SHA256

                                                                                                                                                                                              b891b821f3b33bcf164ecad0be96591eb4c129c33f60467a7e9b7948a6b26f72

                                                                                                                                                                                              SHA512

                                                                                                                                                                                              9cda00e16be283f02161dd19e1d3ca1774bdcae26b3de8a2455a1002319c65d735e09689e1ea4129d797e04528bdec29a5efb20df675e780cf5f6a2a2411cad8

                                                                                                                                                                                            • C:\Windows\SysWOW64\Njogjfoj.exe

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              272KB

                                                                                                                                                                                              MD5

                                                                                                                                                                                              5632f5059ad8318f306ba29c25735049

                                                                                                                                                                                              SHA1

                                                                                                                                                                                              9295be0326604adf632f636d54f3e9a095300df2

                                                                                                                                                                                              SHA256

                                                                                                                                                                                              bb4d53efe3668234f92909db4d95187cb4e37712ee1621033bb71a7dec6c29fe

                                                                                                                                                                                              SHA512

                                                                                                                                                                                              b36b6b05e0db9ccb79398c9f0e9e5f53e07d3336cac52f2472aae3ab8b028d8c8cf2f6daf8a931c9c99d739f763d1178f7bd965171b5767d772205efbea85d03

                                                                                                                                                                                            • C:\Windows\SysWOW64\Nqfbaq32.exe

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              272KB

                                                                                                                                                                                              MD5

                                                                                                                                                                                              b68a6af5a5a7db51a13b85f2153bce5a

                                                                                                                                                                                              SHA1

                                                                                                                                                                                              6b77e11069d9746b783e4919f94abdda4b36aa41

                                                                                                                                                                                              SHA256

                                                                                                                                                                                              837923ba755381cda060bcdfe7cd3f8cc18fec64b99be1fdd4efb1600782c1c2

                                                                                                                                                                                              SHA512

                                                                                                                                                                                              bbcd25ce3c2656cf940db6031a52da963676bd9f230b28a2b24e990e04e541eca69e3c8e4c31cc43e6e22387f1b53869928098a39e30b7ad96f6686e66be5366

                                                                                                                                                                                            • memory/444-24-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/684-80-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/892-112-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/968-120-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1020-64-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1256-737-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1256-298-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1472-40-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1488-16-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1552-96-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1604-143-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1796-350-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1944-733-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1944-322-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/1956-0-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2040-292-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2040-738-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2124-224-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2264-240-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2300-129-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2312-31-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2428-203-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2452-736-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2452-304-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2572-256-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2716-215-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2732-207-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2736-7-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2788-152-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/2908-136-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3332-184-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3400-176-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3484-338-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3484-731-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3504-168-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3608-196-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3632-728-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3632-352-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3908-741-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3908-274-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3952-730-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3952-343-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/3996-252-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4152-103-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4160-310-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4160-735-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4224-328-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4224-732-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4280-268-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4280-742-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4332-286-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4332-739-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4372-72-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4568-262-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4576-363-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4596-164-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4668-368-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4668-726-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/4672-232-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5012-734-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5012-316-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5016-56-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5048-88-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5064-740-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5064-280-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5092-48-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5164-370-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5164-725-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5172-703-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5208-724-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5208-376-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5248-723-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5248-382-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5288-722-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5288-388-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5308-684-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5316-701-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5328-721-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5328-394-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5368-720-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5368-400-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5408-410-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5448-412-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5448-718-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5484-679-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5488-422-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5516-689-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5528-424-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5572-430-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5572-716-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5612-698-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5624-436-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5668-447-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5704-714-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5820-682-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5836-711-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5864-695-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5872-687-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/5920-709-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/6040-706-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/6080-685-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/6088-705-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB

                                                                                                                                                                                            • memory/6112-692-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                                                                                                                                              Filesize

                                                                                                                                                                                              204KB