Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13-03-2024 15:24
Behavioral task
behavioral1
Sample
c63750835e6d75589d1f74b35e43388a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c63750835e6d75589d1f74b35e43388a.exe
Resource
win10v2004-20240226-en
General
-
Target
c63750835e6d75589d1f74b35e43388a.exe
-
Size
38KB
-
MD5
c63750835e6d75589d1f74b35e43388a
-
SHA1
eb6dbad5b2306218b74c35e6f714cb791459b31a
-
SHA256
436cc29889e1d6d6a8ef9bb91fd4ed69ea9f2ae73e12063a2993831e5ad6b3e7
-
SHA512
7e7ba499f3fcbf923bec05b94965503cdcb56dff78460b2604a5df9c30a35ffc5278ba94a86a0690172218c774f8f304c9b152a4b4ae2ee83d9c856f9e49cd07
-
SSDEEP
768:ImZRodIEHYOf+Nj9xgJZOhMmXFVLSEOOTpwS09mdNuSRB4qWcVz6rI9qqUVHDjY7:ImomExf+99xQ4qcNE9md1BhN6rLqUVHe
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4028-0-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral2/memory/4028-1066-0x0000000000400000-0x000000000045B000-memory.dmp upx -
Drops file in Program Files directory 47 IoCs
Processes:
c63750835e6d75589d1f74b35e43388a.exedescription ioc process File created C:\Program Files\Total Commander\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\WebDrive\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Ipswitch\WS_FTP 12\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Deskshare\Auto FTP Manager 4\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\WinSCP\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Safari\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\EmFTP\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Far\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Outlook Express\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Deskshare\Auto FTP Manager 5.0\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\FlashFXP\ntshrui.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\GlobalSCAPE\CuteFTP\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\FTP Explorer\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Mozilla Firefox\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\K-Meleon\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\RhinoSoft.com\FTP Voyager\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\PHP Expert Editor\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\The Bat!\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\SphereXPlorer\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Visicom Media\AceFTP 3 Freeware\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\GoFTP\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\TurboFTP\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File opened for modification C:\Program Files\Mozilla Firefox\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Netscape\Navigator 9\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Visicom Media\AceFTP 3\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\FTP Commander\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\FileZilla FTP Client\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\FineBrowser\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Fast Browser\Pro 7\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\MiniIE\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Deskshare\Auto FTP Manager\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\FTP Now\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Deskshare\Auto FTP Manager 5.1\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Internet Explorer\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\FTP Desktop\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\LeechFTP\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\CoreFTP\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\SmartFTP Client\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Opera\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\NetSurf\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\FirefoxPortable\App\Firefox\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Whisper Technology\FTP Surfer\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\SEAGULL\FTP\hnetcfg.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\AcooBrowser\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\SlimBrowser\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe File created C:\Program Files\Avant Browser\rasadhlp.dll c63750835e6d75589d1f74b35e43388a.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\-.htmlFilesize
51KB
MD56bf64ebf643ad7c26f3e06e5b097c439
SHA153c79935185e2d196e58d773419f23687e578486
SHA25682c85e95f087ea2748844df08378c8105a3843518f10e49448a7d3168893a394
SHA5127404a8710b717ef2841b69be55f8e83405f7687bb410e0cc5da813439d31fe0674df4e4ae5124046d52ef7365f830f663149a51ca3244fa87ff96f15cbde7d77
-
memory/4028-0-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/4028-1066-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB