0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-04-2024 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
Size

58KB
MD5

08c12f2e2d555fb9b0247411276d1c46
SHA1

17bcdc2d577fe07a031ab464e0ecb723d6b45da9
SHA256

0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f
SHA512

de6ab695408eef8488bf54e3fa6e2324450cf00451e3a0460589ad8b538c95bf30ed21f4dd660faa68350be3d57dfe72f6dce9bf7e8f3943d955d629a6652011
SSDEEP

1536:QHK+ZHaTXNZOxpZTy1IsTTm84rz5iiwSS:QHpRaT+plyGsTTl2if

Score

7^/10

persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000c000000014c67-2.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3024-0-0x0000000000500000-0x000000000050F000-memory.dmp	upx
behavioral1/files/0x000c000000014c67-2.dat	upx
behavioral1/memory/3024-4-0x0000000075000000-0x0000000075007000-memory.dmp	upx
behavioral1/memory/3024-14-0x0000000075000000-0x0000000075007000-memory.dmp	upx
behavioral1/memory/3024-25-0x0000000000500000-0x000000000050F000-memory.dmp	upx
behavioral1/files/0x000200000000fb95-26.dat	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ezqql = "C:\\Windows\\system32\\gvapxshxjtkoh.exe"	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\yqlr.dll	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File opened for modification	C:\Windows\SysWOW64\gvapxshxjtkoh.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Windows\SysWOW64\gvapxshxjtkoh.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\lvhpelnprnpw.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\hfmfsqbqsfb.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\txmzahicbuijk.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\djxfxmcjh.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\mxsk.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\ynzpikxsjkejy.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\fjkmxlh.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\ddykpbae.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\vkgp.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\ryghbmojtwt.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Filters\roptozpklzf.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\ysrg.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\mnuwmbxch.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\ojvtkjml.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\wdhaf.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\jrgaqwrcegb.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\dashnlgdoyxue.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\qajwt.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\uddpdy.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\dayorgqdcf.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\mbwfx.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\dwgfqxqyy.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\xhoy.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\gmxdjqs.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\embguhef.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\bckpxjszsfu.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\liowowrsd.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\kbhbdmsplputy.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Windows Mail\wgzcet.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\fqqkgqc.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\xzuhvux.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\yoifafhbvzzdq.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\xccbwphc.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\jggxxx.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\dhxv.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\ndwncavqnaqw.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\aildhmih.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\bruwhlxbqanmr.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\coafsxwioclac.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\dcuz.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\gkzepo.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\bydsta.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VC\uercqtsybpcxn.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\nfhqzzassymu.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\eeuyraj.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\warqe.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\qgif.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\bfwevioc.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\jbwnsohq.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\dhaxo.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\wlvjs.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\ntuhsaw.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\vsenuyayfkn.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\fpjdptviia.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\uuogrrdkso.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\belkdggma.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\wuxuv.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\qdfxookc.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\pojibneheh.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Windows Defender\de-DE\mdrjn.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\ykrjbvpunreek.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\bcqcba.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\gwxzytsrejay.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\xuwkspdkyamzn.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3024	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

C:\Users\Admin\AppData\Local\Temp\0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
"C:\Users\Admin\AppData\Local\Temp\0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\omjglxk.exe

Filesize
58KB

MD5
08c12f2e2d555fb9b0247411276d1c46

SHA1
17bcdc2d577fe07a031ab464e0ecb723d6b45da9

SHA256
0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f

SHA512
de6ab695408eef8488bf54e3fa6e2324450cf00451e3a0460589ad8b538c95bf30ed21f4dd660faa68350be3d57dfe72f6dce9bf7e8f3943d955d629a6652011

Download Submit
\Windows\SysWOW64\yqlr.dll

Filesize
10KB

MD5
1ec381c075bb4bbde66e5ca67b7f1831

SHA1
24d256e7f6d03075bb21a2c86e6b6584e3d42cb5

SHA256
ea6e0ee9b07322580747638476374354832e754751e46b9ca89646701f846746

SHA512
0dcab88a1adafc6e10e99909558421768164d7c5d5c710b680332c6a00b73e368f37a110c5be6bcfede3dd958b6b50470ec47f578fee37f05710a1d8fa82794a

Download Submit
memory/3024-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3024-4-0x0000000075000000-0x0000000075007000-memory.dmp

Filesize
28KB

Download
memory/3024-14-0x0000000075000000-0x0000000075007000-memory.dmp

Filesize
28KB

Download
memory/3024-25-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download