Analysis
-
max time kernel
142s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/05/2024, 01:36
General
-
Target
af4b9ed2848ef43503c30249c56dbf55da8a800c22ee759f975a346590260f19.exe
-
Size
117KB
-
MD5
d6d44281ab66ed3ce22d21323c8e5131
-
SHA1
78f50a475bd3c42a93a586b3398954e654fdc8e6
-
SHA256
af4b9ed2848ef43503c30249c56dbf55da8a800c22ee759f975a346590260f19
-
SHA512
3fefbff92c3a67d446f5a7b9faa81337db293e84992d6fbbda2c19984c137b29a4a3bbe60149b2b85eac807cea3d4746853065ebf6bd3d7779412e8e5ef32a98
-
SSDEEP
3072:WbDrGcQDdQeSBJqoMHWipPE8VFFfUrQlM:WbDrGcQtwcoMHWifVTfMQ
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\af4b9ed2848ef43503c30249c56dbf55da8a800c22ee759f975a346590260f19.exe"C:\Users\Admin\AppData\Local\Temp\af4b9ed2848ef43503c30249c56dbf55da8a800c22ee759f975a346590260f19.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aeopki32.exeC:\Windows\system32\Aeopki32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Angddopp.exeC:\Windows\system32\Angddopp.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aaepqjpd.exeC:\Windows\system32\Aaepqjpd.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Adcmmeog.exeC:\Windows\system32\Adcmmeog.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Alkdnboj.exeC:\Windows\system32\Alkdnboj.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abemjmgg.exeC:\Windows\system32\Abemjmgg.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bhaebcen.exeC:\Windows\system32\Bhaebcen.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bbgipldd.exeC:\Windows\system32\Bbgipldd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bhdbhcck.exeC:\Windows\system32\Bhdbhcck.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnnjen32.exeC:\Windows\system32\Bnnjen32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Behbag32.exeC:\Windows\system32\Behbag32.exe12⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Blbknaib.exeC:\Windows\system32\Blbknaib.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bejogg32.exeC:\Windows\system32\Bejogg32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bldgdago.exeC:\Windows\system32\Bldgdago.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Baaplhef.exeC:\Windows\system32\Baaplhef.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bdolhc32.exeC:\Windows\system32\Bdolhc32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Boepel32.exeC:\Windows\system32\Boepel32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cbqlfkmi.exeC:\Windows\system32\Cbqlfkmi.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ceoibflm.exeC:\Windows\system32\Ceoibflm.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cklaknjd.exeC:\Windows\system32\Cklaknjd.exe21⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cafigg32.exeC:\Windows\system32\Cafigg32.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cddecc32.exeC:\Windows\system32\Cddecc32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbefaj32.exeC:\Windows\system32\Cbefaj32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chbnia32.exeC:\Windows\system32\Chbnia32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Colffknh.exeC:\Windows\system32\Colffknh.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cdiooblp.exeC:\Windows\system32\Cdiooblp.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckcgkldl.exeC:\Windows\system32\Ckcgkldl.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Camphf32.exeC:\Windows\system32\Camphf32.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckedalaj.exeC:\Windows\system32\Ckedalaj.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Daolnf32.exeC:\Windows\system32\Daolnf32.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dhidjpqc.exeC:\Windows\system32\Dhidjpqc.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Docmgjhp.exeC:\Windows\system32\Docmgjhp.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dlgmpogj.exeC:\Windows\system32\Dlgmpogj.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbaemi32.exeC:\Windows\system32\Dbaemi32.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Deoaid32.exeC:\Windows\system32\Deoaid32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dlijfneg.exeC:\Windows\system32\Dlijfneg.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dccbbhld.exeC:\Windows\system32\Dccbbhld.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dddojq32.exeC:\Windows\system32\Dddojq32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dllfkn32.exeC:\Windows\system32\Dllfkn32.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dceohhja.exeC:\Windows\system32\Dceohhja.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dedkdcie.exeC:\Windows\system32\Dedkdcie.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dlncan32.exeC:\Windows\system32\Dlncan32.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Echknh32.exeC:\Windows\system32\Echknh32.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eaklidoi.exeC:\Windows\system32\Eaklidoi.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Elppfmoo.exeC:\Windows\system32\Elppfmoo.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eoolbinc.exeC:\Windows\system32\Eoolbinc.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eamhodmf.exeC:\Windows\system32\Eamhodmf.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Elbmlmml.exeC:\Windows\system32\Elbmlmml.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eekaebcm.exeC:\Windows\system32\Eekaebcm.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eleiam32.exeC:\Windows\system32\Eleiam32.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eocenh32.exeC:\Windows\system32\Eocenh32.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ehljfnpn.exeC:\Windows\system32\Ehljfnpn.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eepjpb32.exeC:\Windows\system32\Eepjpb32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ehnglm32.exeC:\Windows\system32\Ehnglm32.exe55⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Febgea32.exeC:\Windows\system32\Febgea32.exe56⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fllpbldb.exeC:\Windows\system32\Fllpbldb.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Faihkbci.exeC:\Windows\system32\Faihkbci.exe58⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flnlhk32.exeC:\Windows\system32\Flnlhk32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fakdpb32.exeC:\Windows\system32\Fakdpb32.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fhemmlhc.exeC:\Windows\system32\Fhemmlhc.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fooeif32.exeC:\Windows\system32\Fooeif32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ffimfqgm.exeC:\Windows\system32\Ffimfqgm.exe63⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fkffog32.exeC:\Windows\system32\Fkffog32.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fcmnpe32.exeC:\Windows\system32\Fcmnpe32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fdnjgmle.exeC:\Windows\system32\Fdnjgmle.exe66⤵
-
C:\Windows\SysWOW64\Glebhjlg.exeC:\Windows\system32\Glebhjlg.exe67⤵
-
C:\Windows\SysWOW64\Gcojed32.exeC:\Windows\system32\Gcojed32.exe68⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gfngap32.exeC:\Windows\system32\Gfngap32.exe69⤵
-
C:\Windows\SysWOW64\Glhonj32.exeC:\Windows\system32\Glhonj32.exe70⤵
-
C:\Windows\SysWOW64\Gkkojgao.exeC:\Windows\system32\Gkkojgao.exe71⤵
-
C:\Windows\SysWOW64\Gbdgfa32.exeC:\Windows\system32\Gbdgfa32.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gdcdbl32.exeC:\Windows\system32\Gdcdbl32.exe73⤵
-
C:\Windows\SysWOW64\Gkmlofol.exeC:\Windows\system32\Gkmlofol.exe74⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ghaliknf.exeC:\Windows\system32\Ghaliknf.exe75⤵
-
C:\Windows\SysWOW64\Gkoiefmj.exeC:\Windows\system32\Gkoiefmj.exe76⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gcfqfc32.exeC:\Windows\system32\Gcfqfc32.exe77⤵
-
C:\Windows\SysWOW64\Gfembo32.exeC:\Windows\system32\Gfembo32.exe78⤵
-
C:\Windows\SysWOW64\Gcimkc32.exeC:\Windows\system32\Gcimkc32.exe79⤵
-
C:\Windows\SysWOW64\Gdjjckag.exeC:\Windows\system32\Gdjjckag.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Hmabdibj.exeC:\Windows\system32\Hmabdibj.exe81⤵
-
C:\Windows\SysWOW64\Hopnqdan.exeC:\Windows\system32\Hopnqdan.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Helfik32.exeC:\Windows\system32\Helfik32.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hkfoeega.exeC:\Windows\system32\Hkfoeega.exe84⤵
-
C:\Windows\SysWOW64\Hflcbngh.exeC:\Windows\system32\Hflcbngh.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hmfkoh32.exeC:\Windows\system32\Hmfkoh32.exe86⤵
-
C:\Windows\SysWOW64\Hcpclbfa.exeC:\Windows\system32\Hcpclbfa.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Himldi32.exeC:\Windows\system32\Himldi32.exe88⤵
-
C:\Windows\SysWOW64\Hbeqmoji.exeC:\Windows\system32\Hbeqmoji.exe89⤵
-
C:\Windows\SysWOW64\Hecmijim.exeC:\Windows\system32\Hecmijim.exe90⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hmjdjgjo.exeC:\Windows\system32\Hmjdjgjo.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hoiafcic.exeC:\Windows\system32\Hoiafcic.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Hbgmcnhf.exeC:\Windows\system32\Hbgmcnhf.exe93⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iefioj32.exeC:\Windows\system32\Iefioj32.exe94⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Immapg32.exeC:\Windows\system32\Immapg32.exe95⤵
-
C:\Windows\SysWOW64\Ipknlb32.exeC:\Windows\system32\Ipknlb32.exe96⤵
-
C:\Windows\SysWOW64\Ibjjhn32.exeC:\Windows\system32\Ibjjhn32.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Iicbehnq.exeC:\Windows\system32\Iicbehnq.exe98⤵
-
C:\Windows\SysWOW64\Ipnjab32.exeC:\Windows\system32\Ipnjab32.exe99⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iblfnn32.exeC:\Windows\system32\Iblfnn32.exe100⤵
-
C:\Windows\SysWOW64\Iejcji32.exeC:\Windows\system32\Iejcji32.exe101⤵
-
C:\Windows\SysWOW64\Iifokh32.exeC:\Windows\system32\Iifokh32.exe102⤵
-
C:\Windows\SysWOW64\Ickchq32.exeC:\Windows\system32\Ickchq32.exe103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ifjodl32.exeC:\Windows\system32\Ifjodl32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iemppiab.exeC:\Windows\system32\Iemppiab.exe105⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ilghlc32.exeC:\Windows\system32\Ilghlc32.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ipbdmaah.exeC:\Windows\system32\Ipbdmaah.exe107⤵
-
C:\Windows\SysWOW64\Ibqpimpl.exeC:\Windows\system32\Ibqpimpl.exe108⤵
-
C:\Windows\SysWOW64\Ieolehop.exeC:\Windows\system32\Ieolehop.exe109⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Imfdff32.exeC:\Windows\system32\Imfdff32.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Icplcpgo.exeC:\Windows\system32\Icplcpgo.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jfoiokfb.exeC:\Windows\system32\Jfoiokfb.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jmhale32.exeC:\Windows\system32\Jmhale32.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jpgmha32.exeC:\Windows\system32\Jpgmha32.exe114⤵
-
C:\Windows\SysWOW64\Jbeidl32.exeC:\Windows\system32\Jbeidl32.exe115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jedeph32.exeC:\Windows\system32\Jedeph32.exe116⤵
-
C:\Windows\SysWOW64\Jmknaell.exeC:\Windows\system32\Jmknaell.exe117⤵
-
C:\Windows\SysWOW64\Jpijnqkp.exeC:\Windows\system32\Jpijnqkp.exe118⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jbhfjljd.exeC:\Windows\system32\Jbhfjljd.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jefbfgig.exeC:\Windows\system32\Jefbfgig.exe120⤵
-
C:\Windows\SysWOW64\Jmmjgejj.exeC:\Windows\system32\Jmmjgejj.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-