0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
Size

58KB
MD5

08c12f2e2d555fb9b0247411276d1c46
SHA1

17bcdc2d577fe07a031ab464e0ecb723d6b45da9
SHA256

0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f
SHA512

de6ab695408eef8488bf54e3fa6e2324450cf00451e3a0460589ad8b538c95bf30ed21f4dd660faa68350be3d57dfe72f6dce9bf7e8f3943d955d629a6652011
SSDEEP

1536:QHK+ZHaTXNZOxpZTy1IsTTm84rz5iiwSS:QHpRaT+plyGsTTl2if

Score

7^/10

persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000d000000023b10-2.dat	acprotect

Loads dropped DLL 2 IoCs

pid	Process
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3924-1-0x0000000000500000-0x000000000050F000-memory.dmp	upx
behavioral2/files/0x000d000000023b10-2.dat	upx
behavioral2/memory/3924-9-0x0000000000640000-0x0000000000647000-memory.dmp	upx
behavioral2/files/0x000b000000023b85-14.dat	upx
behavioral2/memory/3924-144-0x0000000000500000-0x000000000050F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpgqdk = "C:\\Windows\\system32\\hoefmsdylzm.exe"	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\tjblru.dll	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File opened for modification	C:\Windows\SysWOW64\hoefmsdylzm.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Windows\SysWOW64\hoefmsdylzm.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\vwwcdpqla.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ilwymszrww.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\smnwzq.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\imetur.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\AppxMetadata\syfxtfyubv.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\matztugundxec.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Microsoft Office 15\goyvfwg.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\qfplrbrtiqoxk.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\oxtojaj.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\ivbjjaobrsg.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\kvqunwnhaa.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\pdtnxf.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Bundle\fhudylohz.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\qksbdjajya.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\limvmazslexw.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\el-GR\View3d\gqzrohwxxcoz.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\ezdnvaoj.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\igngqwak.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\faanpfipoa.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\asyf.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\zyvemw.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\rrrguph.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\wldfchvdae.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\pmdq.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_neutral_~_8wekyb3d8bbwe\jgbmgywpzq.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\iqsmw.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\zdesvuec.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Velocity\aobbxs.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\x64\msuvx.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\avlkzqsbsulah.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\pkdmzpnbssx.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\wgcg.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\etstaexgqw.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\aacqxueajpxnt.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\fiertuw.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\vdojia.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\qyczfc.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\wkoidnffoulr.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\Triedit\en-US\hcsbpgivgikid.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\nkchix.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ffocpkpgsgyut.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\gatyv.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\qrhwdrpmyfzle.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\stohoxompioy.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\uvbjjmxxz.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\wrpybdfprozmq.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\uavckpnhertc.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\nsnt.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ispzoksqvj.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\System\ole db\hghjqmrmahrll.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\assembly\cjhp.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\nfmypdkluj.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\bbeigogtkfkx.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\pzgyrqnf.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bg-BG\jegchzgj.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\vfjj.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\en-US\nnukt.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\pxzcg.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\orkwgvcqiebw.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\vfuj.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\Java\jdk-1.8\include\aebwgklqcxxh.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\pxdpsg.exe	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\onfq.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\be-BY\View3d\amlbhgzxt.zip	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
3924	0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe

C:\Users\Admin\AppData\Local\Temp\0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe
"C:\Users\Admin\AppData\Local\Temp\0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\microsoft shared\ClickToRun\ljlvcbrietj.exe

Filesize
58KB

MD5
08c12f2e2d555fb9b0247411276d1c46

SHA1
17bcdc2d577fe07a031ab464e0ecb723d6b45da9

SHA256
0af6b082925452ebea3da8a972c26282600e0644501c87db49fb2cf0d4c19d8f

SHA512
de6ab695408eef8488bf54e3fa6e2324450cf00451e3a0460589ad8b538c95bf30ed21f4dd660faa68350be3d57dfe72f6dce9bf7e8f3943d955d629a6652011

Download Submit
C:\Windows\SysWOW64\tjblru.dll

Filesize
9KB

MD5
91e37e614228c948e145d3a868cafd23

SHA1
f53b6bb29e82054d6d8c74713d612d8e47907390

SHA256
5cbbf844ef091ecb16dfba6b38b48b56095796440b9bb4a8417677cd3d074623

SHA512
b22649a029d038c570c86f35183952b0cc46435195ff07a01fd844bc76a107ebdc38f9df8cbaa743b69d7c0bc58c1cdff6bf642df0b92a7c16d9e5127401fe7a

Download Submit
memory/3924-1-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3924-9-0x0000000000640000-0x0000000000647000-memory.dmp

Filesize
28KB

Download
memory/3924-144-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download