vjw0rm | 59bff7052850674f87fa90ad7a7547b563c5be7c2997e99bb53a8c98665568e1

Analysis

max time kernel
147s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/01/2024, 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69fadecc5f413f178f6aa0a64a644184.exe
Size

21.0MB
MD5

69fadecc5f413f178f6aa0a64a644184
SHA1

a80b9e9673377b201a521e2cdb3381f6abf16805
SHA256

59bff7052850674f87fa90ad7a7547b563c5be7c2997e99bb53a8c98665568e1
SHA512

4341b404426d88732068e031576ed011db876d96072f2fbd957112053261564d573215a3b70c838beaa9d9d316a0fa280686292aa5b1d4b777a96b2d90961848
SSDEEP

393216:7T9NoEuU0tK0u9zTqEZmKrqv37mes9cjeDsezDoPPASurdxgaOw/AtZ5WGc:1Ku9zTJZmKr0W9oeDsIoHZurROUE5W

Score

10^/10

vjw0rm trojan worm

Malware Config

Signatures

Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
trojan worm vjw0rm

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.js.lnk	Archive.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setupm.js	WScript.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setupm.js	WScript.exe

Executes dropped EXE 3 IoCs

pid	Process
2348	Setup.exe
2688	TeamViewer_.exe
2320	Archive.exe

Loads dropped DLL 22 IoCs

pid	Process
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
2348	Setup.exe
2348	Setup.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
2688	TeamViewer_.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 14 IoCs

installer

resource	yara_rule
behavioral1/files/0x00090000000141e6-5.dat	nsis_installer_1
behavioral1/files/0x00090000000141e6-5.dat	nsis_installer_2
behavioral1/files/0x00090000000141e6-12.dat	nsis_installer_1
behavioral1/files/0x00090000000141e6-12.dat	nsis_installer_2
behavioral1/files/0x00090000000141e6-23.dat	nsis_installer_1
behavioral1/files/0x00090000000141e6-23.dat	nsis_installer_2
behavioral1/files/0x00090000000141e6-21.dat	nsis_installer_1
behavioral1/files/0x00090000000141e6-21.dat	nsis_installer_2
behavioral1/files/0x00090000000141e6-24.dat	nsis_installer_1
behavioral1/files/0x00090000000141e6-24.dat	nsis_installer_2
behavioral1/files/0x00090000000141e6-19.dat	nsis_installer_1
behavioral1/files/0x00090000000141e6-19.dat	nsis_installer_2
behavioral1/files/0x00090000000141e6-16.dat	nsis_installer_1
behavioral1/files/0x00090000000141e6-16.dat	nsis_installer_2

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
952	schtasks.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2688	TeamViewer_.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe
836	69fadecc5f413f178f6aa0a64a644184.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2348	836	69fadecc5f413f178f6aa0a64a644184.exe	28
PID 836 wrote to memory of 2348	836	69fadecc5f413f178f6aa0a64a644184.exe	28
PID 836 wrote to memory of 2348	836	69fadecc5f413f178f6aa0a64a644184.exe	28
PID 836 wrote to memory of 2348	836	69fadecc5f413f178f6aa0a64a644184.exe	28
PID 836 wrote to memory of 2348	836	69fadecc5f413f178f6aa0a64a644184.exe	28
PID 836 wrote to memory of 2348	836	69fadecc5f413f178f6aa0a64a644184.exe	28
PID 836 wrote to memory of 2348	836	69fadecc5f413f178f6aa0a64a644184.exe	28
PID 2348 wrote to memory of 2688	2348	Setup.exe	29
PID 2348 wrote to memory of 2688	2348	Setup.exe	29
PID 2348 wrote to memory of 2688	2348	Setup.exe	29
PID 2348 wrote to memory of 2688	2348	Setup.exe	29
PID 2348 wrote to memory of 2688	2348	Setup.exe	29
PID 2348 wrote to memory of 2688	2348	Setup.exe	29
PID 2348 wrote to memory of 2688	2348	Setup.exe	29
PID 836 wrote to memory of 2320	836	69fadecc5f413f178f6aa0a64a644184.exe	34
PID 836 wrote to memory of 2320	836	69fadecc5f413f178f6aa0a64a644184.exe	34
PID 836 wrote to memory of 2320	836	69fadecc5f413f178f6aa0a64a644184.exe	34
PID 836 wrote to memory of 2320	836	69fadecc5f413f178f6aa0a64a644184.exe	34
PID 2320 wrote to memory of 2508	2320	Archive.exe	33
PID 2320 wrote to memory of 2508	2320	Archive.exe	33
PID 2320 wrote to memory of 2508	2320	Archive.exe	33
PID 2320 wrote to memory of 2508	2320	Archive.exe	33
PID 2320 wrote to memory of 2792	2320	Archive.exe	32
PID 2320 wrote to memory of 2792	2320	Archive.exe	32
PID 2320 wrote to memory of 2792	2320	Archive.exe	32
PID 2320 wrote to memory of 2792	2320	Archive.exe	32
PID 2508 wrote to memory of 952	2508	WScript.exe	36
PID 2508 wrote to memory of 952	2508	WScript.exe	36
PID 2508 wrote to memory of 952	2508	WScript.exe	36
PID 2508 wrote to memory of 952	2508	WScript.exe	36

C:\Users\Admin\AppData\Local\Temp\69fadecc5f413f178f6aa0a64a644184.exe
"C:\Users\Admin\AppData\Local\Temp\69fadecc5f413f178f6aa0a64a644184.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:836
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
    "C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2688
- C:\Users\Admin\AppData\Local\Temp\Archive.exe
  "C:\Users\Admin\AppData\Local\Temp\Archive.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2320

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Update.js"
1⤵
PID:2792

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\setupm.js"
1⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 30 /tn anydesk /tr "C:\Users\Admin\AppData\Local\Temp\setupm.js
  2⤵
  - Creates scheduled task(s)
  PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Archive.exe

Filesize
297KB

MD5
cad14be1e4a62a48562c9fa4b88f2b85

SHA1
90ca01a27af1bd86d6eb10b927255cd17cba180e

SHA256
c5ebffddcf33b7ba639cd6429ade542504665bbd2ab54ed2e53d63236a2c0f14

SHA512
93d59b0acd1b36a3e7b1cb6177de1952a341050058cf5020ea38dd73981bca5ee4d8938c24eb1247986459ded7478115ba7b4f76ea54368ca70ce70f298b1ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup.exe

Filesize
981KB

MD5
d79acde44ea46287522e261cb56feff9

SHA1
3c39a382aa26d903aa9a8ed7a8aeb0c815850ee1

SHA256
682ad5571227060f5c4b1f49f99ac3f7487e003bf4678bfc07ff3fcc9b519439

SHA512
afc650486eda1b0c8c6a10eac4164d30d7530cfc8489a9ce4ac69c11567497c325cdfaaf244fe613452f70966c3547c3f42b2c6ac85284a2e5ee35548cd95174

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup.exe

Filesize
724KB

MD5
56b49e9294445c6a64cad6a67f10ceb0

SHA1
95a92694533b4f3c9da38a368af31d78fae43d2f

SHA256
4fafdcf0ec60da977382bda523692d94db855662936c626d79fdd776b7c771d4

SHA512
195f85d25ece94bb3a28a453cf036cc6252fb209c6411f9ad9436c5e18abdb47dd836ce052009328b6e4f365dbd5916105d987a35670bbc2be5f7e7fc6e3f2c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup.exe

Filesize
2.4MB

MD5
99a29e25a81cba86da7115e18299043f

SHA1
bba65109e5068737d5cb8fb9f4cbf4db537e1aa6

SHA256
398721b0b493383c32f2d93240b827aa5d7046f52d8b65e11641b9b4e5538756

SHA512
57e70ebb06d8b1e0c1f76b76edffd54aec0c92c74fb958bf9a1362d0dd62960e4f0255d87c0462e3060085a5c275f47d9cfeb5fbee7146bfc34e962f4c003fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

Filesize
635KB

MD5
d71e4c69db0ad9b27a1edcf57fc2ec9d

SHA1
fc7e6136b49ba38f26d2c877ada97d1160c12b66

SHA256
104bea1c0a9850a562e470c20068ff3e8ffa72d641c3b373b93e99f3a7a7981e

SHA512
d39cebab78b75699276535b9db0932a1a8747b4cfcb7fc4c3c4550e4ddabbf9a156e766f23dd87c017b48e896c9714f5377326cb98c185eb5a083cd722d5a9aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

Filesize
729KB

MD5
046764c6e09ea6ea96e893a63310521d

SHA1
518f6332914cb4e1d22b699cb4e81cc6592dbe4b

SHA256
0d7ddf0aea5107800bd692d16b11dca4a01a3acc8b7368cbc2ef7c0f0298fbdf

SHA512
f7a6bf6e2b24da6605c074565d5427557b59aae69a451313152800a816e255bd052fa8092b2d0d612477966d0848d53d1980f5435a9e9e6f38c6071ea3deaf23

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\tvinfo.ini

Filesize
35B

MD5
5183ad04fa855146dedfc2da3e2e0c1d

SHA1
6aafeeba574403f5a0473304e9a1b2e08827d771

SHA256
e4a7c461065ba593420c328a8b9e3ee02800c7d5c89de4c01ed88e3c90792579

SHA512
aa95a8a7f39d582ea91a5e1f1278b63da35ae4f2c698f94532ff59c5de6f565694498a87a701b52e3bd12c2c82aaa6431db6954d53ab5e6f188ae0617a8893c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Update.js

Filesize
22KB

MD5
ed831cd9ad274c33fdc51f90e526a672

SHA1
c6506b063070e16c2ab8c577417b9b42940af4fa

SHA256
0d22b6c2dd78a3eb76198b65aa75f7ea8e2a248a6600146397fcc49a055af2de

SHA512
b147b34b34215c549e6a47bfb6d9549f4f3e6bfa70fe9191fa58118c7e884625f56dd25cbc249177034a726f7d084f933832c4c18d682975a9c1d76e1b05d7b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1289.tmp\start_unicode.ini

Filesize
2KB

MD5
2a8a139cdab38b5f4264ae82850cbd22

SHA1
816e8acb2adc36c7f138f963a9802622dfc9536a

SHA256
94bde605292510f8ae6df19083130770ae8c754906007ea93150cab63962190b

SHA512
d6f99e88e72cfb28afc4af0780d2ac380f00f9fe9265cbbb4b8e6390e9b6ee5870a723e1971288783fd919158659ff214bab383242fa22470d9f6f1a170e2cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1289.tmp\start_unicode.ini

Filesize
2KB

MD5
534b8d3631a09bf2caaed16a1243148a

SHA1
88cb9bb2109bb87e84f35d4efe05ca547233c466

SHA256
010f46cb9e6f900a1d7b626a7055af3bb4dc4ef5c1984b42b96af453c1fca120

SHA512
5f97fd713000f25e6dda2263afc0c9072700f8cb07c8cc687e33e1137782e807144afa0cc4e37ff78cc05a9b6ec831c84b056cce21bcc0939e5f8e3e3cab8e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdCBE.tmp\TvGetVersion.dll

Filesize
193KB

MD5
d2ac4ca57f4b624c444c17e8a353deaa

SHA1
d713b2b4ff0cec01b5c89bd26127012eed460a32

SHA256
a4db659c6265ba7efbbd4906257ef6cdb8f9b1fefba78f01425390729ab3d1f2

SHA512
db991671548d9f239acf7b77b47ccbf438c626e803026a68d7c67ec5b3923195c8745f6adbe730fe4c049237217849f8f9f47fc335cf94b1413a7debc9b8d9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\setupm.js

Filesize
42KB

MD5
b3fc5e308e2b71e264c09f882f5a7093

SHA1
d8e5433ff1141b9d1757e4fe774dc58b7906339c

SHA256
1d960010a1f154542456123073df663f81c7f6e7a872233a5fe6ad55d4822385

SHA512
e5b64f4b3ecc27a58dad51e3de446d03817323f8dc337c452fd4e53429d329a1668a67d2268dcfb6ec9afa46db6c56d9693da1efc9dbf02a17162d545ac4c593

Download Submit
\Users\Admin\AppData\Local\Temp\Setup.exe

Filesize
784KB

MD5
7b1c0fdf920bc5e8f981585fbb458c79

SHA1
ff04153f01f609815f5ced92458405989fd110ce

SHA256
461f38eff70c456ae702c9d596adaeb2af97d34d03ca289f5fedef16b5da970b

SHA512
40bd15b1760b1c6982eef347f18b9a98952e9f67e3842d6319d8236e565f14e633ff8005bb479fb8b1d61ff3dc83e4202a12cd2debd0cdbbb8c74563c1800256

Download Submit
\Users\Admin\AppData\Local\Temp\Setup.exe

Filesize
1.1MB

MD5
3d9344c947ad119b3de49ab8834e6df5

SHA1
c85f9cb3cd8b65636c94b4e3ccdc54ac3155f94d

SHA256
47d3e3b3967efff14ef23ba8d3a826db2dd2654db89a80521db55a405fcd4c0d

SHA512
88f50266e08e48561bc6c7ee2230cfb781caf5dcbedcd5c7f411050d1a440ab1c5674b415e2fe00f5616b07147d6df028499468d3a9a866595e027932a0c892a

Download Submit
\Users\Admin\AppData\Local\Temp\Setup.exe

Filesize
858KB

MD5
3eeac11c83356cbbbe368b6031622071

SHA1
d807e8891b6b2eed9f6176d2e715be659cc8d6a3

SHA256
993c175ff5279478ca9ff466050d77efc8fa0f6e2d42df7285472521320003e0

SHA512
05d0a057f4bd0151bef500fbc7c56cff0207483c948b8a6124d7744ef94787fc8ad2f555254e7e422b16434d630b0a2d103ff035eb0c3c6b46eae603dfb0ef33

Download Submit
\Users\Admin\AppData\Local\Temp\Setup.exe

Filesize
931KB

MD5
ced6bd320484fa3287abd5723d5a2a92

SHA1
2c3311aec4463053cfa8ea2726cd613228b203ce

SHA256
f4c5d39b3071869c8233f4227b77bb3fee93669049dbb47b1bad9313a824bb88

SHA512
cd7dbb18b1279223d2b7bbfa445ccee806a6b4de589da8e275e4b74af2883ea184595c138ba426975706cf534f374eca2b5cd44999d6c14fa5890d2b34f88085

Download Submit
\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

Filesize
655KB

MD5
eab6a3c2a9eee2815c9b9d69d71c15ef

SHA1
018e293e2280359372ea4bca957bc00db8218ff3

SHA256
9ad258b98c37a0a825442f8632876ec6ba753fb8c5f5042fdc5fd934c37b2be2

SHA512
784b375ac0925ef6944e88a52939f7324ca12059bec6f5a101247b19203673e7dba7a86c7f7e892c167df6e8d9d56b354302d04f01c7308ccab70d4a08de3740

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1289.tmp\InstallOptions.dll

Filesize
15KB

MD5
033ee34c40e8fa85bf2739bcb2f3e186

SHA1
2ca942f35f77f37df3fc6097acac34f2e77341b7

SHA256
c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

SHA512
2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1289.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1289.tmp\TvGetVersion.dll

Filesize
210KB

MD5
05f51bc8ffb2c8f5a2825bf5680301cf

SHA1
30f7f77dce1fb3526142780e9f5bd5c11622d6b6

SHA256
c67cbd5e35e1ce0c7ba17c55d8e2bc33afd5e0a68774554a1fe7216d330c709e

SHA512
1e041aaa37dd00414ad955ebc8c0f708589014d2085a5a0b95a31f4d694bb1cc4994bb1324d4b983cbad0449fb0a05560d82c60fdbfc78be67ff61275e451233

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1289.tmp\UserInfo.dll

Filesize
4KB

MD5
9b0db6a6056e8e51ac35e602aeab769f

SHA1
b541c6d2635141cdc3a74f59d55db8df4a92e7ac

SHA256
925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c

SHA512
83fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1289.tmp\linker.dll

Filesize
45KB

MD5
4ac3f0ab2e423515ed9c575333342054

SHA1
a3e4f2b2135157f964d471564044b023a64f2532

SHA256
f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9

SHA512
8fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5

Download Submit
memory/2688-285-0x00000000003F0000-0x00000000003FE000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads