0ece9dfe590254c16c6a8965a6f0b2b45466ab515aa2c66b795ed32998381f33

Analysis

max time kernel
150s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6b9407b18b0ef5cc3cab7831afd088e.exe
Size

83KB
MD5

d6b9407b18b0ef5cc3cab7831afd088e
SHA1

27fa4c839884ee6b009be1b56750d0b1d8ccad70
SHA256

0ece9dfe590254c16c6a8965a6f0b2b45466ab515aa2c66b795ed32998381f33
SHA512

e72e9bc0498f8f2b1500afdf0684daafbb982a5b2528e10206be520bd3c4abfa3e90cdaad2be38a07ade34173cd0d4dea9d4e764ab83553e48072c69d02653c2
SSDEEP

1536:5mN1NXyLwZvnAgt7gzygAK8k3TVtah3fEjg94TVn67hXIQjEErxTWDTMqhGKYIZg:5o3XkwVvwfAdk3THaEjg94RnWjBkMqhW

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\revhnlhn.exe	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\tsbknceh.exe	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Java\jre-1.8\hcjzqenb.exe	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\rvhrjtnt.exe	d6b9407b18b0ef5cc3cab7831afd088e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\chllsvtv.exe	d6b9407b18b0ef5cc3cab7831afd088e.exe

Modifies registry class 24 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E54C4D2E-D54C-201E-5B48-D6CCB89CDA51}\LocalServer32	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E54C4D2E-D54C-201E-5B48-D6CCB89CDA51}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d6b9407b18b0ef5cc3cab7831afd088e.exe"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\chllsvtv.exe"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E54C4D2E-D54C-201E-5B48-D6CCB89CDA51}\ = "kxlvwbznbjhhksee"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\jre\\revhnlhn.exe"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\ = "nqtwkrlbsnhhqzhl"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E54C4D2E-D54C-201E-5B48-D6CCB89CDA51}	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\ = "snvnkhkceshhjwrs"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\ = "tlrbqjnntzjjhnsb"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\ = "knkzwrjnknlklknr"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\rvhrjtnt.exe"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}	d6b9407b18b0ef5cc3cab7831afd088e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\ = "rjtsjrbrjhhbjsrj"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32\ = "C:\\Program Files\\Java\\jre-1.8\\hcjzqenb.exe"	d6b9407b18b0ef5cc3cab7831afd088e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\tsbknceh.exe"	d6b9407b18b0ef5cc3cab7831afd088e.exe

C:\Users\Admin\AppData\Local\Temp\d6b9407b18b0ef5cc3cab7831afd088e.exe
"C:\Users\Admin\AppData\Local\Temp\d6b9407b18b0ef5cc3cab7831afd088e.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:5904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2248-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2248-1-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-2-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-3-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-5-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-8-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-9-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-10-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-11-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-12-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-13-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-14-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-15-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-16-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-17-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-18-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-19-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-20-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-21-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-22-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-23-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-24-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-25-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-26-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-27-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-28-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-29-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-30-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-31-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-32-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-33-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-34-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-35-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-36-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-37-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-38-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-39-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-40-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-41-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-42-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-43-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-44-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-45-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-46-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-47-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-48-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-49-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-50-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-51-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-52-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-53-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-54-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-55-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-56-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-57-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-58-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-59-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-60-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-61-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-62-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-63-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-64-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-65-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download
memory/2248-1387-0x0000000000430000-0x000000000044E000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads