Analysis
-
max time kernel
133s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
19-03-2024 20:06
General
-
Target
5016026732b558c58e9830579b37149c2fa339155d8426418b5593ee64765cd5.exe
-
Size
844KB
-
MD5
4d885a0f1992ce886b90f6c4e99192be
-
SHA1
fb12c5897060de5252e6ad7a33f690af8853c4c9
-
SHA256
5016026732b558c58e9830579b37149c2fa339155d8426418b5593ee64765cd5
-
SHA512
384c1cb1cd803ac39aa7465ba93c6824fc5a11564f0fc402e0c6436f91aa46766f7f4a4ae45d62eddbd7b1428e311cee68c8e7b96b7edd70f9d2385c2017e5c1
-
SSDEEP
24576:fTZ4ZH5W3TnbQihMpQnqrdX72LbY6x46uR/qYglMi:fT2H5W3TbQihw+cdX2x46uhqllMi
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5016026732b558c58e9830579b37149c2fa339155d8426418b5593ee64765cd5.exe"C:\Users\Admin\AppData\Local\Temp\5016026732b558c58e9830579b37149c2fa339155d8426418b5593ee64765cd5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cfigpm32.exeC:\Windows\system32\Cfigpm32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccmgiaig.exeC:\Windows\system32\Ccmgiaig.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cimmggfl.exeC:\Windows\system32\Cimmggfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Coiaiakf.exeC:\Windows\system32\Coiaiakf.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Coknoaic.exeC:\Windows\system32\Coknoaic.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dbndfl32.exeC:\Windows\system32\Dbndfl32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dcpmen32.exeC:\Windows\system32\Dcpmen32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebejfk32.exeC:\Windows\system32\Ebejfk32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eidlnd32.exeC:\Windows\system32\Eidlnd32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Embddb32.exeC:\Windows\system32\Embddb32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Emdajb32.exeC:\Windows\system32\Emdajb32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fjhacf32.exeC:\Windows\system32\Fjhacf32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fjjnifbl.exeC:\Windows\system32\Fjjnifbl.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fpggamqc.exeC:\Windows\system32\Fpggamqc.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdjibj32.exeC:\Windows\system32\Gdjibj32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glgjlm32.exeC:\Windows\system32\Glgjlm32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gmggfp32.exeC:\Windows\system32\Gmggfp32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gingkqkd.exeC:\Windows\system32\Gingkqkd.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hibafp32.exeC:\Windows\system32\Hibafp32.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hpofii32.exeC:\Windows\system32\Hpofii32.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hmechmip.exeC:\Windows\system32\Hmechmip.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hildmn32.exeC:\Windows\system32\Hildmn32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Igpdfb32.exeC:\Windows\system32\Igpdfb32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ijcjmmil.exeC:\Windows\system32\Ijcjmmil.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ikbfgppo.exeC:\Windows\system32\Ikbfgppo.exe26⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jncoikmp.exeC:\Windows\system32\Jncoikmp.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jjjpnlbd.exeC:\Windows\system32\Jjjpnlbd.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jkimho32.exeC:\Windows\system32\Jkimho32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jqhafffk.exeC:\Windows\system32\Jqhafffk.exe30⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jlobkg32.exeC:\Windows\system32\Jlobkg32.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kkeldnpi.exeC:\Windows\system32\Kkeldnpi.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kqbdldnq.exeC:\Windows\system32\Kqbdldnq.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kdpmbc32.exeC:\Windows\system32\Kdpmbc32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lgqfdnah.exeC:\Windows\system32\Lgqfdnah.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lddgmbpb.exeC:\Windows\system32\Lddgmbpb.exe36⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lmpkadnm.exeC:\Windows\system32\Lmpkadnm.exe37⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lkalplel.exeC:\Windows\system32\Lkalplel.exe38⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lclpdncg.exeC:\Windows\system32\Lclpdncg.exe39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lqpamb32.exeC:\Windows\system32\Lqpamb32.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lndagg32.exeC:\Windows\system32\Lndagg32.exe41⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mcqjon32.exeC:\Windows\system32\Mcqjon32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mminhceb.exeC:\Windows\system32\Mminhceb.exe43⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mgobel32.exeC:\Windows\system32\Mgobel32.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mmkkmc32.exeC:\Windows\system32\Mmkkmc32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mgaokl32.exeC:\Windows\system32\Mgaokl32.exe46⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Meepdp32.exeC:\Windows\system32\Meepdp32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcjmel32.exeC:\Windows\system32\Mcjmel32.exe48⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ohfami32.exeC:\Windows\system32\Ohfami32.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oanfen32.exeC:\Windows\system32\Oanfen32.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ojgjndno.exeC:\Windows\system32\Ojgjndno.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omgcpokp.exeC:\Windows\system32\Omgcpokp.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ohmhmh32.exeC:\Windows\system32\Ohmhmh32.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pddhbipj.exeC:\Windows\system32\Pddhbipj.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdfehh32.exeC:\Windows\system32\Pdfehh32.exe55⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Poliea32.exeC:\Windows\system32\Poliea32.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ponfka32.exeC:\Windows\system32\Ponfka32.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Plbfdekd.exeC:\Windows\system32\Plbfdekd.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Paoollik.exeC:\Windows\system32\Paoollik.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qhkdof32.exeC:\Windows\system32\Qhkdof32.exe60⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qachgk32.exeC:\Windows\system32\Qachgk32.exe61⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qklmpalf.exeC:\Windows\system32\Qklmpalf.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Alkijdci.exeC:\Windows\system32\Alkijdci.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aahbbkaq.exeC:\Windows\system32\Aahbbkaq.exe64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ahbjoe32.exeC:\Windows\system32\Ahbjoe32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aolblopj.exeC:\Windows\system32\Aolblopj.exe66⤵
-
C:\Windows\SysWOW64\Alpbecod.exeC:\Windows\system32\Alpbecod.exe67⤵
-
C:\Windows\SysWOW64\Anaomkdb.exeC:\Windows\system32\Anaomkdb.exe68⤵
-
C:\Windows\SysWOW64\Aehgnied.exeC:\Windows\system32\Aehgnied.exe69⤵
-
C:\Windows\SysWOW64\Albpkc32.exeC:\Windows\system32\Albpkc32.exe70⤵
-
C:\Windows\SysWOW64\Aekddhcb.exeC:\Windows\system32\Aekddhcb.exe71⤵
-
C:\Windows\SysWOW64\Akglloai.exeC:\Windows\system32\Akglloai.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Baadiiif.exeC:\Windows\system32\Baadiiif.exe73⤵
-
C:\Windows\SysWOW64\Bkjiao32.exeC:\Windows\system32\Bkjiao32.exe74⤵
-
C:\Windows\SysWOW64\Badanigc.exeC:\Windows\system32\Badanigc.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Blielbfi.exeC:\Windows\system32\Blielbfi.exe76⤵
-
C:\Windows\SysWOW64\Bafndi32.exeC:\Windows\system32\Bafndi32.exe77⤵
-
C:\Windows\SysWOW64\Bhpfqcln.exeC:\Windows\system32\Bhpfqcln.exe78⤵
-
C:\Windows\SysWOW64\Bahkih32.exeC:\Windows\system32\Bahkih32.exe79⤵
-
C:\Windows\SysWOW64\Bkaobnio.exeC:\Windows\system32\Bkaobnio.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bakgoh32.exeC:\Windows\system32\Bakgoh32.exe81⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bheplb32.exeC:\Windows\system32\Bheplb32.exe82⤵
-
C:\Windows\SysWOW64\Cfipef32.exeC:\Windows\system32\Cfipef32.exe83⤵
-
C:\Windows\SysWOW64\Ckeimm32.exeC:\Windows\system32\Ckeimm32.exe84⤵
-
C:\Windows\SysWOW64\Cbpajgmf.exeC:\Windows\system32\Cbpajgmf.exe85⤵
-
C:\Windows\SysWOW64\Cleegp32.exeC:\Windows\system32\Cleegp32.exe86⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cfnjpfcl.exeC:\Windows\system32\Cfnjpfcl.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cofnik32.exeC:\Windows\system32\Cofnik32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cdbfab32.exeC:\Windows\system32\Cdbfab32.exe89⤵
-
C:\Windows\SysWOW64\Cohkokgj.exeC:\Windows\system32\Cohkokgj.exe90⤵
-
C:\Windows\SysWOW64\Cdecgbfa.exeC:\Windows\system32\Cdecgbfa.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dkokcl32.exeC:\Windows\system32\Dkokcl32.exe92⤵
-
C:\Windows\SysWOW64\Dbicpfdk.exeC:\Windows\system32\Dbicpfdk.exe93⤵
-
C:\Windows\SysWOW64\Dmohno32.exeC:\Windows\system32\Dmohno32.exe94⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dnpdegjp.exeC:\Windows\system32\Dnpdegjp.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dheibpje.exeC:\Windows\system32\Dheibpje.exe96⤵
-
C:\Windows\SysWOW64\Dnbakghm.exeC:\Windows\system32\Dnbakghm.exe97⤵
-
C:\Windows\SysWOW64\Dfiildio.exeC:\Windows\system32\Dfiildio.exe98⤵
-
C:\Windows\SysWOW64\Dkfadkgf.exeC:\Windows\system32\Dkfadkgf.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dbpjaeoc.exeC:\Windows\system32\Dbpjaeoc.exe100⤵
-
C:\Windows\SysWOW64\Dodjjimm.exeC:\Windows\system32\Dodjjimm.exe101⤵
-
C:\Windows\SysWOW64\Eiloco32.exeC:\Windows\system32\Eiloco32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ebdcld32.exeC:\Windows\system32\Ebdcld32.exe103⤵
-
C:\Windows\SysWOW64\Ennqfenp.exeC:\Windows\system32\Ennqfenp.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fneggdhg.exeC:\Windows\system32\Fneggdhg.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fijkdmhn.exeC:\Windows\system32\Fijkdmhn.exe106⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fngcmcfe.exeC:\Windows\system32\Fngcmcfe.exe107⤵
-
C:\Windows\SysWOW64\Fimhjl32.exeC:\Windows\system32\Fimhjl32.exe108⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fnipbc32.exeC:\Windows\system32\Fnipbc32.exe109⤵
-
C:\Windows\SysWOW64\Fiodpl32.exeC:\Windows\system32\Fiodpl32.exe110⤵
-
C:\Windows\SysWOW64\Fpimlfke.exeC:\Windows\system32\Fpimlfke.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gidnkkpc.exeC:\Windows\system32\Gidnkkpc.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Gpnfge32.exeC:\Windows\system32\Gpnfge32.exe113⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gejopl32.exeC:\Windows\system32\Gejopl32.exe114⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gldglf32.exeC:\Windows\system32\Gldglf32.exe115⤵
-
C:\Windows\SysWOW64\Gbnoiqdq.exeC:\Windows\system32\Gbnoiqdq.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gmdcfidg.exeC:\Windows\system32\Gmdcfidg.exe117⤵
-
C:\Windows\SysWOW64\Gflhoo32.exeC:\Windows\system32\Gflhoo32.exe118⤵
-
C:\Windows\SysWOW64\Glipgf32.exeC:\Windows\system32\Glipgf32.exe119⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gbchdp32.exeC:\Windows\system32\Gbchdp32.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gmimai32.exeC:\Windows\system32\Gmimai32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-