b27ce3464066c275c32da163296c6ff88485282e2ce417c5f3cac3cdab0056ba

Analysis

max time kernel
148s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 17:08

Target

c66cf1d95faec91e87a41812cb961920.exe
Size

323KB
MD5

c66cf1d95faec91e87a41812cb961920
SHA1

525eef3657339797a0215293bebaf288a9c730d8
SHA256

b27ce3464066c275c32da163296c6ff88485282e2ce417c5f3cac3cdab0056ba
SHA512

d44d88a29748bff9682b57487b642dfa2b1310a5b75407c8dc22639b423fa0cfed9f8977d8a5cdfe437dfdbb112b69c3083bb3d68a7adab4f2c62e73ef475b7a
SSDEEP

6144:zHkaY+yOtq5UNpGBPdU+mMQzClUru5eVqRJTQS5t13PwkIz2T4Il1:zEiy87pGjQqWmewRJTQe1Ibz2Tp

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2476	sswwww

Loads dropped DLL 1 IoCs

pid	Process
2476	sswwww

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\inf\sswwww	c66cf1d95faec91e87a41812cb961920.exe
File opened for modification	C:\Windows\inf\sswwww	c66cf1d95faec91e87a41812cb961920.exe
File created	C:\Windows\inf\RHWLQC.DAT	c66cf1d95faec91e87a41812cb961920.exe
File opened for modification	C:\Windows\inf\RHWLQC.DAT	c66cf1d95faec91e87a41812cb961920.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties	sswwww
Set value (int)	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel = "1"	sswwww
Key created	\REGISTRY\USER\.DEFAULT\System	sswwww
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet	sswwww
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control	sswwww
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	sswwww
Key created	\REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	sswwww
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties	sswwww
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick	sswwww

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2476	sswwww

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2512	2476	sswwww	29
PID 2476 wrote to memory of 2512	2476	sswwww	29
PID 2476 wrote to memory of 2512	2476	sswwww	29
PID 2476 wrote to memory of 2512	2476	sswwww	29

C:\Users\Admin\AppData\Local\Temp\c66cf1d95faec91e87a41812cb961920.exe
"C:\Users\Admin\AppData\Local\Temp\c66cf1d95faec91e87a41812cb961920.exe"
1⤵
- Drops file in Windows directory
PID:2464

C:\Windows\inf\sswwww
C:\Windows\inf\sswwww
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2512

C:\Windows\inf\sswwww

Filesize
323KB

MD5
c66cf1d95faec91e87a41812cb961920

SHA1
525eef3657339797a0215293bebaf288a9c730d8

SHA256
b27ce3464066c275c32da163296c6ff88485282e2ce417c5f3cac3cdab0056ba

SHA512
d44d88a29748bff9682b57487b642dfa2b1310a5b75407c8dc22639b423fa0cfed9f8977d8a5cdfe437dfdbb112b69c3083bb3d68a7adab4f2c62e73ef475b7a

Download Submit
\Windows\inf\RHWLQC.DAT

Filesize
52KB

MD5
94d93c03db741baf052a6b6d0bfdbd24

SHA1
ff35bcb2c67b0f56949a95965306e39e92c07e3b

SHA256
f0086aeaad14f631fbf943cb8a41dc00b9f6027b2fe8f7323ff39147b12a04ad

SHA512
27bb57634f189cd7adfeaf7b2353ad3da6d0122434b1441a68604eb94a25e5b34e5ba76da6c8cff42721025710619883f5f197dd4320e728c27ed7cf555798ce

Download Submit
memory/2464-0-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2464-7-0x0000000000400000-0x00000000004BE278-memory.dmp

Filesize
760KB

Download
memory/2476-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2476-11-0x0000000001F20000-0x0000000001F50000-memory.dmp

Filesize
192KB

Download
memory/2476-12-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2476-13-0x0000000000400000-0x00000000004BE278-memory.dmp

Filesize
760KB

Download
memory/2476-15-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2476-16-0x0000000001F20000-0x0000000001F50000-memory.dmp

Filesize
192KB

Download