Analysis
-
max time kernel
137s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2024 20:28
Static task
static1
Behavioral task
behavioral1
Sample
39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe
Resource
win10v2004-20240419-en
General
-
Target
39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe
-
Size
55KB
-
MD5
848180c9ca9a49609d059cabd0fbade7
-
SHA1
c0be6a725d14cccddad98a8e46136b0bf279d131
-
SHA256
39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6
-
SHA512
ea945009e685c354f4156dd8ae5ce01e4f462a97eb2eb08d7b53a46d5adc0e4f47ac2242d3ac8d2fab40b708f29d84efa220d57a0da212d20c43a730c9e31dee
-
SSDEEP
768:QFM2Og2PeORuCGd4pSY7C3fg4YWPhbgd9PyOV6TEDQJXnupVWmuGMWx:oT25RC4pW3fj87PhV6zhaVR
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 2784 wrote to memory of 3540 2784 39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe 85 PID 2784 wrote to memory of 3540 2784 39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe 85 PID 2784 wrote to memory of 3540 2784 39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe 85 PID 3540 wrote to memory of 1468 3540 cmd.exe 86 PID 3540 wrote to memory of 1468 3540 cmd.exe 86 PID 3540 wrote to memory of 1468 3540 cmd.exe 86 PID 2784 wrote to memory of 3572 2784 39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe 87 PID 2784 wrote to memory of 3572 2784 39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe 87 PID 2784 wrote to memory of 3572 2784 39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe 87 PID 3572 wrote to memory of 4204 3572 cmd.exe 88 PID 3572 wrote to memory of 4204 3572 cmd.exe 88 PID 3572 wrote to memory of 4204 3572 cmd.exe 88 PID 2784 wrote to memory of 720 2784 39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe 89 PID 2784 wrote to memory of 720 2784 39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe 89 PID 2784 wrote to memory of 720 2784 39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe 89 PID 720 wrote to memory of 4472 720 cmd.exe 90 PID 720 wrote to memory of 4472 720 cmd.exe 90 PID 720 wrote to memory of 4472 720 cmd.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe"C:\Users\Admin\AppData\Local\Temp\39ee0b399bd58b5bb3e3bf84442336e62c11979c140a650a648f4da3f984e7b6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c regsvr32 /S "C:\Program Files\NetIPCamera\npIPCamera.dll"2⤵
- Suspicious use of WriteProcessMemory
PID:3540 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /S "C:\Program Files\NetIPCamera\npIPCamera.dll"3⤵PID:1468
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tvt.cn/npIPCamera" /v "Path" /t reg_sz /d "C:\Program Files\NetIPCamera\npIPCamera.dll" /f2⤵
- Suspicious use of WriteProcessMemory
PID:3572 -
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tvt.cn/npIPCamera" /v "Path" /t reg_sz /d "C:\Program Files\NetIPCamera\npIPCamera.dll" /f3⤵PID:4204
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\npIPCamera" /f2⤵
- Suspicious use of WriteProcessMemory
PID:720 -
C:\Windows\SysWOW64\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\npIPCamera" /f3⤵PID:4472
-
-