Analysis
-
max time kernel
129s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
19-03-2024 04:46
General
-
Target
1d8457308e26f871547aa1bbe6cb2c3367bd7af6c2b8f538921488ae9f254e22.exe
-
Size
224KB
-
MD5
dd72cb919530c4a5e60ef31106f2c25a
-
SHA1
149865567089ffec97009361e75e9ca6305803c8
-
SHA256
1d8457308e26f871547aa1bbe6cb2c3367bd7af6c2b8f538921488ae9f254e22
-
SHA512
f48eadc65a9e6b02a2e0e4da8c0ba07b490e60ed2452e4ea65f8d187de9ba0f06892d9423a26eb639d4b3720c0d597e482829fceff9995b35b697307c4158de4
-
SSDEEP
6144:beDM6k+HME4f9FIUpOVw86CmOJfTo9FIUIhrcflDML:63aAD6RrI1+lDML
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d8457308e26f871547aa1bbe6cb2c3367bd7af6c2b8f538921488ae9f254e22.exe"C:\Users\Admin\AppData\Local\Temp\1d8457308e26f871547aa1bbe6cb2c3367bd7af6c2b8f538921488ae9f254e22.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oiagia32.exeC:\Windows\system32\Oiagia32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Olocem32.exeC:\Windows\system32\Olocem32.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Onnoah32.exeC:\Windows\system32\Onnoah32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oalknd32.exeC:\Windows\system32\Oalknd32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oiccoa32.exeC:\Windows\system32\Oiccoa32.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Olapkmic.exeC:\Windows\system32\Olapkmic.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pnplghhf.exeC:\Windows\system32\Pnplghhf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Paohccgj.exeC:\Windows\system32\Paohccgj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Piepdahl.exeC:\Windows\system32\Piepdahl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ppphak32.exeC:\Windows\system32\Ppphak32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pbndmf32.exeC:\Windows\system32\Pbndmf32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Paaeiceg.exeC:\Windows\system32\Paaeiceg.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pihmjqfj.exeC:\Windows\system32\Pihmjqfj.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phkmem32.exeC:\Windows\system32\Phkmem32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pneebg32.exeC:\Windows\system32\Pneebg32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Peonoaln.exeC:\Windows\system32\Peonoaln.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pijjpp32.exeC:\Windows\system32\Pijjpp32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phmjkmka.exeC:\Windows\system32\Phmjkmka.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Plifll32.exeC:\Windows\system32\Plifll32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ppdbljkd.exeC:\Windows\system32\Ppdbljkd.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pbbnhfjh.exeC:\Windows\system32\Pbbnhfjh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Paendb32.exeC:\Windows\system32\Paendb32.exe23⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pimfep32.exeC:\Windows\system32\Pimfep32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Phpfqmio.exeC:\Windows\system32\Phpfqmio.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Plkbak32.exeC:\Windows\system32\Plkbak32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppgobjia.exeC:\Windows\system32\Ppgobjia.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pniomgpl.exeC:\Windows\system32\Pniomgpl.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pahkjbop.exeC:\Windows\system32\Pahkjbop.exe29⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pecgja32.exeC:\Windows\system32\Pecgja32.exe30⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Piockppb.exeC:\Windows\system32\Piockppb.exe31⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Phbcfl32.exeC:\Windows\system32\Phbcfl32.exe32⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Plmogkoe.exeC:\Windows\system32\Plmogkoe.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qpikgj32.exeC:\Windows\system32\Qpikgj32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qbggce32.exeC:\Windows\system32\Qbggce32.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qajhobmm.exeC:\Windows\system32\Qajhobmm.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qefdpq32.exeC:\Windows\system32\Qefdpq32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qiappono.exeC:\Windows\system32\Qiappono.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qlpllkmc.exeC:\Windows\system32\Qlpllkmc.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qamdda32.exeC:\Windows\system32\Qamdda32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qiclfo32.exeC:\Windows\system32\Qiclfo32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Albibj32.exeC:\Windows\system32\Albibj32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Apndbici.exeC:\Windows\system32\Apndbici.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aaoaja32.exeC:\Windows\system32\Aaoaja32.exe44⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Aldegj32.exeC:\Windows\system32\Aldegj32.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ahkflk32.exeC:\Windows\system32\Ahkflk32.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Aeoffo32.exeC:\Windows\system32\Aeoffo32.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ahncbk32.exeC:\Windows\system32\Ahncbk32.exe48⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Aogkoedl.exeC:\Windows\system32\Aogkoedl.exe49⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Aeacko32.exeC:\Windows\system32\Aeacko32.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Alkkhi32.exeC:\Windows\system32\Alkkhi32.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aedpaoif.exeC:\Windows\system32\Aedpaoif.exe52⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Blnhni32.exeC:\Windows\system32\Blnhni32.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bakqfp32.exeC:\Windows\system32\Bakqfp32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bhdibj32.exeC:\Windows\system32\Bhdibj32.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpladg32.exeC:\Windows\system32\Bpladg32.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bbjmpb32.exeC:\Windows\system32\Bbjmpb32.exe57⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bidemmnj.exeC:\Windows\system32\Bidemmnj.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blbaihmn.exeC:\Windows\system32\Blbaihmn.exe59⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bbljeb32.exeC:\Windows\system32\Bbljeb32.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bekfan32.exeC:\Windows\system32\Bekfan32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blennh32.exeC:\Windows\system32\Blennh32.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpqjofcd.exeC:\Windows\system32\Bpqjofcd.exe63⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Baaggo32.exeC:\Windows\system32\Baaggo32.exe64⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Biiohl32.exeC:\Windows\system32\Biiohl32.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Blgkdg32.exeC:\Windows\system32\Blgkdg32.exe66⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bpcgdfaa.exeC:\Windows\system32\Bpcgdfaa.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bbacqape.exeC:\Windows\system32\Bbacqape.exe68⤵
-
C:\Windows\SysWOW64\Badcln32.exeC:\Windows\system32\Badcln32.exe69⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Chnlihnl.exeC:\Windows\system32\Chnlihnl.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cpedjf32.exeC:\Windows\system32\Cpedjf32.exe71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cccpfa32.exeC:\Windows\system32\Cccpfa32.exe72⤵
-
C:\Windows\SysWOW64\Ceblbm32.exeC:\Windows\system32\Ceblbm32.exe73⤵
-
C:\Windows\SysWOW64\Chphoh32.exeC:\Windows\system32\Chphoh32.exe74⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cpgqpe32.exeC:\Windows\system32\Cpgqpe32.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cedihl32.exeC:\Windows\system32\Cedihl32.exe76⤵
-
C:\Windows\SysWOW64\Chbedh32.exeC:\Windows\system32\Chbedh32.exe77⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cpjmee32.exeC:\Windows\system32\Cpjmee32.exe78⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cakjmm32.exeC:\Windows\system32\Cakjmm32.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cefemliq.exeC:\Windows\system32\Cefemliq.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Clqnjf32.exeC:\Windows\system32\Clqnjf32.exe81⤵
-
C:\Windows\SysWOW64\Ccjfgphj.exeC:\Windows\system32\Ccjfgphj.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ceibclgn.exeC:\Windows\system32\Ceibclgn.exe83⤵
-
C:\Windows\SysWOW64\Chgoogfa.exeC:\Windows\system32\Chgoogfa.exe84⤵
-
C:\Windows\SysWOW64\Coagla32.exeC:\Windows\system32\Coagla32.exe85⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Cekohk32.exeC:\Windows\system32\Cekohk32.exe86⤵
-
C:\Windows\SysWOW64\Dpacfd32.exeC:\Windows\system32\Dpacfd32.exe87⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dabpnlkp.exeC:\Windows\system32\Dabpnlkp.exe88⤵
-
C:\Windows\SysWOW64\Diihojkb.exeC:\Windows\system32\Diihojkb.exe89⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dlgdkeje.exeC:\Windows\system32\Dlgdkeje.exe90⤵
-
C:\Windows\SysWOW64\Dpcpkc32.exeC:\Windows\system32\Dpcpkc32.exe91⤵
-
C:\Windows\SysWOW64\Dcalgo32.exeC:\Windows\system32\Dcalgo32.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Djlddi32.exeC:\Windows\system32\Djlddi32.exe93⤵
-
C:\Windows\SysWOW64\Dljqpd32.exeC:\Windows\system32\Dljqpd32.exe94⤵
-
C:\Windows\SysWOW64\Dcdimopp.exeC:\Windows\system32\Dcdimopp.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Debeijoc.exeC:\Windows\system32\Debeijoc.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dhqaefng.exeC:\Windows\system32\Dhqaefng.exe97⤵
-
C:\Windows\SysWOW64\Dphifcoi.exeC:\Windows\system32\Dphifcoi.exe98⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dcfebonm.exeC:\Windows\system32\Dcfebonm.exe99⤵
-
C:\Windows\SysWOW64\Dhcnke32.exeC:\Windows\system32\Dhcnke32.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dpjflb32.exeC:\Windows\system32\Dpjflb32.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dchbhn32.exeC:\Windows\system32\Dchbhn32.exe102⤵
-
C:\Windows\SysWOW64\Efgodj32.exeC:\Windows\system32\Efgodj32.exe103⤵
-
C:\Windows\SysWOW64\Ejbkehcg.exeC:\Windows\system32\Ejbkehcg.exe104⤵
-
C:\Windows\SysWOW64\Elagacbk.exeC:\Windows\system32\Elagacbk.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eckonn32.exeC:\Windows\system32\Eckonn32.exe106⤵
-
C:\Windows\SysWOW64\Efikji32.exeC:\Windows\system32\Efikji32.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ehhgfdho.exeC:\Windows\system32\Ehhgfdho.exe108⤵
-
C:\Windows\SysWOW64\Epopgbia.exeC:\Windows\system32\Epopgbia.exe109⤵
-
C:\Windows\SysWOW64\Ecmlcmhe.exeC:\Windows\system32\Ecmlcmhe.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ebploj32.exeC:\Windows\system32\Ebploj32.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eodlho32.exeC:\Windows\system32\Eodlho32.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ecphimfb.exeC:\Windows\system32\Ecphimfb.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Efneehef.exeC:\Windows\system32\Efneehef.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eofinnkf.exeC:\Windows\system32\Eofinnkf.exe115⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ecbenm32.exeC:\Windows\system32\Ecbenm32.exe116⤵
-
C:\Windows\SysWOW64\Ehonfc32.exeC:\Windows\system32\Ehonfc32.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eqfeha32.exeC:\Windows\system32\Eqfeha32.exe118⤵
-
C:\Windows\SysWOW64\Ecdbdl32.exeC:\Windows\system32\Ecdbdl32.exe119⤵
-
C:\Windows\SysWOW64\Fjnjqfij.exeC:\Windows\system32\Fjnjqfij.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fmmfmbhn.exeC:\Windows\system32\Fmmfmbhn.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-