Analysis
-
max time kernel
173s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/04/2024, 05:51
General
-
Target
2b0365d01833a09b03170ce8cf0bf18d.exe
-
Size
109KB
-
MD5
2b0365d01833a09b03170ce8cf0bf18d
-
SHA1
9c0765e25968d161e12db27bd04a97334144b3be
-
SHA256
21cf074ebdd36a367c022b6c7c653726fe4948e59278093dc303e87db85b42cd
-
SHA512
ec35af5723befa161dd8db98cbb742d968a76c3258d9ccd04aabe2062bc5b630c219f1014ec2548bf2dd2c012676373ae56209c3dc68b61f2121ab5749bb776e
-
SSDEEP
3072:XIBVjhYgTDeifo+8fo3PXl9Z7S/yCsKh2EzZA/z:4bj2KDZo+go35e/yCthvUz
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b0365d01833a09b03170ce8cf0bf18d.exe"C:\Users\Admin\AppData\Local\Temp\2b0365d01833a09b03170ce8cf0bf18d.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nblfee32.exeC:\Windows\system32\Nblfee32.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abmhbplf.exeC:\Windows\system32\Abmhbplf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aofemaog.exeC:\Windows\system32\Aofemaog.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bckddn32.exeC:\Windows\system32\Bckddn32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cphgca32.exeC:\Windows\system32\Cphgca32.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dlcaca32.exeC:\Windows\system32\Dlcaca32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ejjgic32.exeC:\Windows\system32\Ejjgic32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fnacfp32.exeC:\Windows\system32\Fnacfp32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gagebknp.exeC:\Windows\system32\Gagebknp.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Habeni32.exeC:\Windows\system32\Habeni32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Idhgkcln.exeC:\Windows\system32\Idhgkcln.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jknocljn.exeC:\Windows\system32\Jknocljn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kkgbjkac.exeC:\Windows\system32\Kkgbjkac.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kklkej32.exeC:\Windows\system32\Kklkej32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lamjbc32.exeC:\Windows\system32\Lamjbc32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lqfpoope.exeC:\Windows\system32\Lqfpoope.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mglhgg32.exeC:\Windows\system32\Mglhgg32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ogmaneoa.exeC:\Windows\system32\Ogmaneoa.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qecgcfmf.exeC:\Windows\system32\Qecgcfmf.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aiclodaj.exeC:\Windows\system32\Aiclodaj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Algbfo32.exeC:\Windows\system32\Algbfo32.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Alioloje.exeC:\Windows\system32\Alioloje.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bhibgo32.exeC:\Windows\system32\Bhibgo32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Clldhljp.exeC:\Windows\system32\Clldhljp.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Damflb32.exeC:\Windows\system32\Damflb32.exe26⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dhlhcl32.exeC:\Windows\system32\Dhlhcl32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eomfae32.exeC:\Windows\system32\Eomfae32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ffekom32.exeC:\Windows\system32\Ffekom32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fifdqhal.exeC:\Windows\system32\Fifdqhal.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fckhnaab.exeC:\Windows\system32\Fckhnaab.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gpkliaol.exeC:\Windows\system32\Gpkliaol.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcpjpn32.exeC:\Windows\system32\Hcpjpn32.exe33⤵
-
C:\Windows\SysWOW64\Ijcecgnl.exeC:\Windows\system32\Ijcecgnl.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jaljaoii.exeC:\Windows\system32\Jaljaoii.exe35⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kgmlde32.exeC:\Windows\system32\Kgmlde32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjcghm32.exeC:\Windows\system32\Mjcghm32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mdhkefnj.exeC:\Windows\system32\Mdhkefnj.exe38⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nglala32.exeC:\Windows\system32\Nglala32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Odidld32.exeC:\Windows\system32\Odidld32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pjalpida.exeC:\Windows\system32\Pjalpida.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qlmhfj32.exeC:\Windows\system32\Qlmhfj32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Baepjpea.exeC:\Windows\system32\Baepjpea.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blkdgheg.exeC:\Windows\system32\Blkdgheg.exe44⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Balfko32.exeC:\Windows\system32\Balfko32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bblcda32.exeC:\Windows\system32\Bblcda32.exe46⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Chhkmh32.exeC:\Windows\system32\Chhkmh32.exe47⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cbqlpabf.exeC:\Windows\system32\Cbqlpabf.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Chpangnk.exeC:\Windows\system32\Chpangnk.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Docmqp32.exeC:\Windows\system32\Docmqp32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Elkfed32.exeC:\Windows\system32\Elkfed32.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ednajepe.exeC:\Windows\system32\Ednajepe.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fhngfcdi.exeC:\Windows\system32\Fhngfcdi.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ffdddg32.exeC:\Windows\system32\Ffdddg32.exe54⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gdqgfbop.exeC:\Windows\system32\Gdqgfbop.exe55⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gfpcpefb.exeC:\Windows\system32\Gfpcpefb.exe56⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hkaedk32.exeC:\Windows\system32\Hkaedk32.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hbknqeha.exeC:\Windows\system32\Hbknqeha.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hkdbik32.exeC:\Windows\system32\Hkdbik32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hodgei32.exeC:\Windows\system32\Hodgei32.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jidkek32.exeC:\Windows\system32\Jidkek32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kpncbemh.exeC:\Windows\system32\Kpncbemh.exe62⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kmijliej.exeC:\Windows\system32\Kmijliej.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kbebdpca.exeC:\Windows\system32\Kbebdpca.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lgkakm32.exeC:\Windows\system32\Lgkakm32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mphoob32.exeC:\Windows\system32\Mphoob32.exe66⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Medggidb.exeC:\Windows\system32\Medggidb.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nconal32.exeC:\Windows\system32\Nconal32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncakglka.exeC:\Windows\system32\Ncakglka.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nloikqnl.exeC:\Windows\system32\Nloikqnl.exe70⤵
-
C:\Windows\SysWOW64\Oqdgan32.exeC:\Windows\system32\Oqdgan32.exe71⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ognpoheh.exeC:\Windows\system32\Ognpoheh.exe72⤵
-
C:\Windows\SysWOW64\Pqknbmhc.exeC:\Windows\system32\Pqknbmhc.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pdmpck32.exeC:\Windows\system32\Pdmpck32.exe74⤵
-
C:\Windows\SysWOW64\Qnfdlpqd.exeC:\Windows\system32\Qnfdlpqd.exe75⤵
-
C:\Windows\SysWOW64\Eehnnb32.exeC:\Windows\system32\Eehnnb32.exe76⤵
-
C:\Windows\SysWOW64\Emcbcd32.exeC:\Windows\system32\Emcbcd32.exe77⤵
-
C:\Windows\SysWOW64\Fgbmliee.exeC:\Windows\system32\Fgbmliee.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gekckpgl.exeC:\Windows\system32\Gekckpgl.exe79⤵
-
C:\Windows\SysWOW64\Ghpehjph.exeC:\Windows\system32\Ghpehjph.exe80⤵
-
C:\Windows\SysWOW64\Idbfhiko.exeC:\Windows\system32\Idbfhiko.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iohjebkd.exeC:\Windows\system32\Iohjebkd.exe82⤵
-
C:\Windows\SysWOW64\Jgakkb32.exeC:\Windows\system32\Jgakkb32.exe83⤵
-
C:\Windows\SysWOW64\Mbqkfhfh.exeC:\Windows\system32\Mbqkfhfh.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nboggf32.exeC:\Windows\system32\Nboggf32.exe85⤵
-
C:\Windows\SysWOW64\Oocdme32.exeC:\Windows\system32\Oocdme32.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Phqbaj32.exeC:\Windows\system32\Phqbaj32.exe87⤵
-
C:\Windows\SysWOW64\Phekliab.exeC:\Windows\system32\Phekliab.exe88⤵
-
C:\Windows\SysWOW64\Ackiqpce.exeC:\Windows\system32\Ackiqpce.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bogcqpdd.exeC:\Windows\system32\Bogcqpdd.exe90⤵
-
C:\Windows\SysWOW64\Bjlgnh32.exeC:\Windows\system32\Bjlgnh32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bqfokblg.exeC:\Windows\system32\Bqfokblg.exe92⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cipppc32.exeC:\Windows\system32\Cipppc32.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Gpmgph32.exeC:\Windows\system32\Gpmgph32.exe94⤵
-
C:\Windows\SysWOW64\Galcjkmj.exeC:\Windows\system32\Galcjkmj.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gaqmej32.exeC:\Windows\system32\Gaqmej32.exe96⤵
-
C:\Windows\SysWOW64\Ggnenagl.exeC:\Windows\system32\Ggnenagl.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hpaibe32.exeC:\Windows\system32\Hpaibe32.exe98⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hkgnpn32.exeC:\Windows\system32\Hkgnpn32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iacbbh32.exeC:\Windows\system32\Iacbbh32.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Igpkjo32.exeC:\Windows\system32\Igpkjo32.exe101⤵
-
C:\Windows\SysWOW64\Ihpgda32.exeC:\Windows\system32\Ihpgda32.exe102⤵
-
C:\Windows\SysWOW64\Idfhibdn.exeC:\Windows\system32\Idfhibdn.exe103⤵
-
C:\Windows\SysWOW64\Jhlgpp32.exeC:\Windows\system32\Jhlgpp32.exe104⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kiejfo32.exeC:\Windows\system32\Kiejfo32.exe105⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kqpoja32.exeC:\Windows\system32\Kqpoja32.exe106⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kjhccf32.exeC:\Windows\system32\Kjhccf32.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lebalokn.exeC:\Windows\system32\Lebalokn.exe108⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lkmihi32.exeC:\Windows\system32\Lkmihi32.exe109⤵
-
C:\Windows\SysWOW64\Leenanik.exeC:\Windows\system32\Leenanik.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lbinkb32.exeC:\Windows\system32\Lbinkb32.exe111⤵
-
C:\Windows\SysWOW64\Licfgmpa.exeC:\Windows\system32\Licfgmpa.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mbpdkabl.exeC:\Windows\system32\Mbpdkabl.exe113⤵
-
C:\Windows\SysWOW64\Mlhidg32.exeC:\Windows\system32\Mlhidg32.exe114⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Malgmm32.exeC:\Windows\system32\Malgmm32.exe115⤵
-
C:\Windows\SysWOW64\Nlfeeelm.exeC:\Windows\system32\Nlfeeelm.exe116⤵
-
C:\Windows\SysWOW64\Nbqmbo32.exeC:\Windows\system32\Nbqmbo32.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Naejcl32.exeC:\Windows\system32\Naejcl32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Objphn32.exeC:\Windows\system32\Objphn32.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oidhehcl.exeC:\Windows\system32\Oidhehcl.exe120⤵
-
C:\Windows\SysWOW64\Ohiefdhd.exeC:\Windows\system32\Ohiefdhd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-