Analysis
-
max time kernel
130s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
05/05/2024, 04:19
General
-
Target
c9280e9164396c32b00bf690f5aced78db7fe7b6e162984e8766dae0d20d346d.exe
-
Size
78KB
-
MD5
21232de3e082559c77d93c14e8338ab7
-
SHA1
4bb6a302b75906bbd8fbb07aff7a5da8e7190074
-
SHA256
c9280e9164396c32b00bf690f5aced78db7fe7b6e162984e8766dae0d20d346d
-
SHA512
c570bfb72c981fb91489fa9236f8716a8971a1e17098d9bcff5673689b9abbdc41ca6b85d9078c5aec51571c7f8748493a4736cc4e54da3b012a0fccc14ba5a5
-
SSDEEP
1536:BK3RZYWM/bYHcUCkWroJbnjn13tNMliVQqN+zL20gJi1ie:4Xf8UCkWr2jdQliVZgzL20WKt
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9280e9164396c32b00bf690f5aced78db7fe7b6e162984e8766dae0d20d346d.exe"C:\Users\Admin\AppData\Local\Temp\c9280e9164396c32b00bf690f5aced78db7fe7b6e162984e8766dae0d20d346d.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bekfan32.exeC:\Windows\system32\Bekfan32.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bpqjofcd.exeC:\Windows\system32\Bpqjofcd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bockjc32.exeC:\Windows\system32\Bockjc32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bemcgmak.exeC:\Windows\system32\Bemcgmak.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Blgkdg32.exeC:\Windows\system32\Blgkdg32.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bpcgdfaa.exeC:\Windows\system32\Bpcgdfaa.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Badcln32.exeC:\Windows\system32\Badcln32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Chnlihnl.exeC:\Windows\system32\Chnlihnl.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cpedjf32.exeC:\Windows\system32\Cpedjf32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cafpanem.exeC:\Windows\system32\Cafpanem.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cimhckeo.exeC:\Windows\system32\Cimhckeo.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cpgqpe32.exeC:\Windows\system32\Cpgqpe32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cojqkbdf.exeC:\Windows\system32\Cojqkbdf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cipehkcl.exeC:\Windows\system32\Cipehkcl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Commqb32.exeC:\Windows\system32\Commqb32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cefemliq.exeC:\Windows\system32\Cefemliq.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Clqnjf32.exeC:\Windows\system32\Clqnjf32.exe18⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccjfgphj.exeC:\Windows\system32\Ccjfgphj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Camfbm32.exeC:\Windows\system32\Camfbm32.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Clckpf32.exeC:\Windows\system32\Clckpf32.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Capchmmb.exeC:\Windows\system32\Capchmmb.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpacfd32.exeC:\Windows\system32\Dpacfd32.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcopbp32.exeC:\Windows\system32\Dcopbp32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Denlnk32.exeC:\Windows\system32\Denlnk32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dlgdkeje.exeC:\Windows\system32\Dlgdkeje.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcalgo32.exeC:\Windows\system32\Dcalgo32.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dhnepfpj.exeC:\Windows\system32\Dhnepfpj.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dljqpd32.exeC:\Windows\system32\Dljqpd32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcdimopp.exeC:\Windows\system32\Dcdimopp.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dagiil32.exeC:\Windows\system32\Dagiil32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djnaji32.exeC:\Windows\system32\Djnaji32.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dphifcoi.exeC:\Windows\system32\Dphifcoi.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcfebonm.exeC:\Windows\system32\Dcfebonm.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djpnohej.exeC:\Windows\system32\Djpnohej.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dchbhn32.exeC:\Windows\system32\Dchbhn32.exe36⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Efgodj32.exeC:\Windows\system32\Efgodj32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ejbkehcg.exeC:\Windows\system32\Ejbkehcg.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Epmcab32.exeC:\Windows\system32\Epmcab32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eckonn32.exeC:\Windows\system32\Eckonn32.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ejegjh32.exeC:\Windows\system32\Ejegjh32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Elccfc32.exeC:\Windows\system32\Elccfc32.exe42⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Epopgbia.exeC:\Windows\system32\Epopgbia.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ebploj32.exeC:\Windows\system32\Ebploj32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ehjdldfl.exeC:\Windows\system32\Ehjdldfl.exe45⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eqalmafo.exeC:\Windows\system32\Eqalmafo.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ecphimfb.exeC:\Windows\system32\Ecphimfb.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ejjqeg32.exeC:\Windows\system32\Ejjqeg32.exe48⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ehlaaddj.exeC:\Windows\system32\Ehlaaddj.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ebeejijj.exeC:\Windows\system32\Ebeejijj.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efpajh32.exeC:\Windows\system32\Efpajh32.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ehonfc32.exeC:\Windows\system32\Ehonfc32.exe52⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Emjjgbjp.exeC:\Windows\system32\Emjjgbjp.exe53⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ecdbdl32.exeC:\Windows\system32\Ecdbdl32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fjnjqfij.exeC:\Windows\system32\Fjnjqfij.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fmmfmbhn.exeC:\Windows\system32\Fmmfmbhn.exe56⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fcgoilpj.exeC:\Windows\system32\Fcgoilpj.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbioei32.exeC:\Windows\system32\Fbioei32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fmocba32.exeC:\Windows\system32\Fmocba32.exe59⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fqkocpod.exeC:\Windows\system32\Fqkocpod.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fomonm32.exeC:\Windows\system32\Fomonm32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbllkh32.exeC:\Windows\system32\Fbllkh32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ffggkgmk.exeC:\Windows\system32\Ffggkgmk.exe63⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fifdgblo.exeC:\Windows\system32\Fifdgblo.exe64⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fmapha32.exeC:\Windows\system32\Fmapha32.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fopldmcl.exeC:\Windows\system32\Fopldmcl.exe66⤵
-
C:\Windows\SysWOW64\Fckhdk32.exeC:\Windows\system32\Fckhdk32.exe67⤵
-
C:\Windows\SysWOW64\Ffjdqg32.exeC:\Windows\system32\Ffjdqg32.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fmclmabe.exeC:\Windows\system32\Fmclmabe.exe69⤵
-
C:\Windows\SysWOW64\Fobiilai.exeC:\Windows\system32\Fobiilai.exe70⤵
-
C:\Windows\SysWOW64\Fbqefhpm.exeC:\Windows\system32\Fbqefhpm.exe71⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fjhmgeao.exeC:\Windows\system32\Fjhmgeao.exe72⤵
-
C:\Windows\SysWOW64\Fqaeco32.exeC:\Windows\system32\Fqaeco32.exe73⤵
-
C:\Windows\SysWOW64\Gcpapkgp.exeC:\Windows\system32\Gcpapkgp.exe74⤵
-
C:\Windows\SysWOW64\Gfnnlffc.exeC:\Windows\system32\Gfnnlffc.exe75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gjjjle32.exeC:\Windows\system32\Gjjjle32.exe76⤵
-
C:\Windows\SysWOW64\Gqdbiofi.exeC:\Windows\system32\Gqdbiofi.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gfqjafdq.exeC:\Windows\system32\Gfqjafdq.exe78⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gjlfbd32.exeC:\Windows\system32\Gjlfbd32.exe79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gmkbnp32.exeC:\Windows\system32\Gmkbnp32.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gqfooodg.exeC:\Windows\system32\Gqfooodg.exe81⤵
-
C:\Windows\SysWOW64\Gbgkfg32.exeC:\Windows\system32\Gbgkfg32.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gjocgdkg.exeC:\Windows\system32\Gjocgdkg.exe83⤵
-
C:\Windows\SysWOW64\Gmmocpjk.exeC:\Windows\system32\Gmmocpjk.exe84⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gqikdn32.exeC:\Windows\system32\Gqikdn32.exe85⤵
-
C:\Windows\SysWOW64\Gcggpj32.exeC:\Windows\system32\Gcggpj32.exe86⤵
-
C:\Windows\SysWOW64\Gbjhlfhb.exeC:\Windows\system32\Gbjhlfhb.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gjapmdid.exeC:\Windows\system32\Gjapmdid.exe88⤵
-
C:\Windows\SysWOW64\Gidphq32.exeC:\Windows\system32\Gidphq32.exe89⤵
-
C:\Windows\SysWOW64\Gmoliohh.exeC:\Windows\system32\Gmoliohh.exe90⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gpnhekgl.exeC:\Windows\system32\Gpnhekgl.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gbldaffp.exeC:\Windows\system32\Gbldaffp.exe92⤵
-
C:\Windows\SysWOW64\Gfhqbe32.exeC:\Windows\system32\Gfhqbe32.exe93⤵
-
C:\Windows\SysWOW64\Gifmnpnl.exeC:\Windows\system32\Gifmnpnl.exe94⤵
-
C:\Windows\SysWOW64\Gmaioo32.exeC:\Windows\system32\Gmaioo32.exe95⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gppekj32.exeC:\Windows\system32\Gppekj32.exe96⤵
-
C:\Windows\SysWOW64\Hclakimb.exeC:\Windows\system32\Hclakimb.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hfjmgdlf.exeC:\Windows\system32\Hfjmgdlf.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hihicplj.exeC:\Windows\system32\Hihicplj.exe99⤵
-
C:\Windows\SysWOW64\Hapaemll.exeC:\Windows\system32\Hapaemll.exe100⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpbaqj32.exeC:\Windows\system32\Hpbaqj32.exe101⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hfljmdjc.exeC:\Windows\system32\Hfljmdjc.exe102⤵
-
C:\Windows\SysWOW64\Hjhfnccl.exeC:\Windows\system32\Hjhfnccl.exe103⤵
-
C:\Windows\SysWOW64\Hmfbjnbp.exeC:\Windows\system32\Hmfbjnbp.exe104⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Habnjm32.exeC:\Windows\system32\Habnjm32.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hcqjfh32.exeC:\Windows\system32\Hcqjfh32.exe106⤵
-
C:\Windows\SysWOW64\Hbckbepg.exeC:\Windows\system32\Hbckbepg.exe107⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hfofbd32.exeC:\Windows\system32\Hfofbd32.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Himcoo32.exeC:\Windows\system32\Himcoo32.exe109⤵
-
C:\Windows\SysWOW64\Hmioonpn.exeC:\Windows\system32\Hmioonpn.exe110⤵
-
C:\Windows\SysWOW64\Hadkpm32.exeC:\Windows\system32\Hadkpm32.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Hccglh32.exeC:\Windows\system32\Hccglh32.exe112⤵
-
C:\Windows\SysWOW64\Hbeghene.exeC:\Windows\system32\Hbeghene.exe113⤵
-
C:\Windows\SysWOW64\Hippdo32.exeC:\Windows\system32\Hippdo32.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hmklen32.exeC:\Windows\system32\Hmklen32.exe115⤵
-
C:\Windows\SysWOW64\Hpihai32.exeC:\Windows\system32\Hpihai32.exe116⤵
-
C:\Windows\SysWOW64\Hcedaheh.exeC:\Windows\system32\Hcedaheh.exe117⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hbhdmd32.exeC:\Windows\system32\Hbhdmd32.exe118⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hfcpncdk.exeC:\Windows\system32\Hfcpncdk.exe119⤵
-
C:\Windows\SysWOW64\Hjolnb32.exeC:\Windows\system32\Hjolnb32.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hmmhjm32.exeC:\Windows\system32\Hmmhjm32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-