Analysis
-
max time kernel
142s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
25-05-2024 03:38
General
-
Target
cb79db30d31111f4ce6d6aec2e93e03149bf7971328fb54f27e5403b7f5ae6bb.exe
-
Size
56KB
-
MD5
6c4c4dc2b75583e70eb2802570c384c4
-
SHA1
9c54b555fc968e24f4fdfa5c76f8ba75ac106287
-
SHA256
cb79db30d31111f4ce6d6aec2e93e03149bf7971328fb54f27e5403b7f5ae6bb
-
SHA512
ab707b23a8e0d600dd5e81f0b318ad023234c9a079babfbc5962b8a3224beb4cc752afa14747ec30f1ba223818e6c477624f33d9e1aa659db3419e20b5575e8a
-
SSDEEP
1536:+E5lrj03xn3GOKqRMb3qsOnJjx/yuVUqoGU3W+iKy+MKYZ7Se:x5p6xvG2zJ9KIUqoW+AZ7f
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb79db30d31111f4ce6d6aec2e93e03149bf7971328fb54f27e5403b7f5ae6bb.exe"C:\Users\Admin\AppData\Local\Temp\cb79db30d31111f4ce6d6aec2e93e03149bf7971328fb54f27e5403b7f5ae6bb.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cogddd32.exeC:\Windows\system32\Cogddd32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Doccpcja.exeC:\Windows\system32\Doccpcja.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eklajcmc.exeC:\Windows\system32\Eklajcmc.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eqlfhjig.exeC:\Windows\system32\Eqlfhjig.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebkbbmqj.exeC:\Windows\system32\Ebkbbmqj.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fkfcqb32.exeC:\Windows\system32\Fkfcqb32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fofilp32.exeC:\Windows\system32\Fofilp32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fkmjaa32.exeC:\Windows\system32\Fkmjaa32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gnnccl32.exeC:\Windows\system32\Gnnccl32.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gghdaa32.exeC:\Windows\system32\Gghdaa32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glfmgp32.exeC:\Windows\system32\Glfmgp32.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hpfbcn32.exeC:\Windows\system32\Hpfbcn32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hlblcn32.exeC:\Windows\system32\Hlblcn32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ibqnkh32.exeC:\Windows\system32\Ibqnkh32.exe15⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ilnlom32.exeC:\Windows\system32\Ilnlom32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jpnakk32.exeC:\Windows\system32\Jpnakk32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jaajhb32.exeC:\Windows\system32\Jaajhb32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Klpakj32.exeC:\Windows\system32\Klpakj32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kocgbend.exeC:\Windows\system32\Kocgbend.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lojmcdgl.exeC:\Windows\system32\Lojmcdgl.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Llqjbhdc.exeC:\Windows\system32\Llqjbhdc.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mapppn32.exeC:\Windows\system32\Mapppn32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mqjbddpl.exeC:\Windows\system32\Mqjbddpl.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmfmde32.exeC:\Windows\system32\Nmfmde32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Niojoeel.exeC:\Windows\system32\Niojoeel.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oqmhqapg.exeC:\Windows\system32\Oqmhqapg.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oihmedma.exeC:\Windows\system32\Oihmedma.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pfagighf.exeC:\Windows\system32\Pfagighf.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcegclgp.exeC:\Windows\system32\Pcegclgp.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcgdhkem.exeC:\Windows\system32\Pcgdhkem.exe31⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ppnenlka.exeC:\Windows\system32\Ppnenlka.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qapnmopa.exeC:\Windows\system32\Qapnmopa.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Aadghn32.exeC:\Windows\system32\Aadghn32.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Abhqefpg.exeC:\Windows\system32\Abhqefpg.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Abjmkf32.exeC:\Windows\system32\Abjmkf32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Abmjqe32.exeC:\Windows\system32\Abmjqe32.exe37⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Banjnm32.exeC:\Windows\system32\Banjnm32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bmdkcnie.exeC:\Windows\system32\Bmdkcnie.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Biklho32.exeC:\Windows\system32\Biklho32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bfolacnc.exeC:\Windows\system32\Bfolacnc.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cajjjk32.exeC:\Windows\system32\Cajjjk32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cgfbbb32.exeC:\Windows\system32\Cgfbbb32.exe43⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Calfpk32.exeC:\Windows\system32\Calfpk32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckdkhq32.exeC:\Windows\system32\Ckdkhq32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cpcpfg32.exeC:\Windows\system32\Cpcpfg32.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cmgqpkip.exeC:\Windows\system32\Cmgqpkip.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Daeifj32.exeC:\Windows\system32\Daeifj32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dgbanq32.exeC:\Windows\system32\Dgbanq32.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcibca32.exeC:\Windows\system32\Dcibca32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dickplko.exeC:\Windows\system32\Dickplko.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dpopbepi.exeC:\Windows\system32\Dpopbepi.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dncpkjoc.exeC:\Windows\system32\Dncpkjoc.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ddmhhd32.exeC:\Windows\system32\Ddmhhd32.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ecbeip32.exeC:\Windows\system32\Ecbeip32.exe55⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ejlnfjbd.exeC:\Windows\system32\Ejlnfjbd.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ekljpm32.exeC:\Windows\system32\Ekljpm32.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ekngemhd.exeC:\Windows\system32\Ekngemhd.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eahobg32.exeC:\Windows\system32\Eahobg32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ekqckmfb.exeC:\Windows\system32\Ekqckmfb.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fkcpql32.exeC:\Windows\system32\Fkcpql32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fqphic32.exeC:\Windows\system32\Fqphic32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fncibg32.exeC:\Windows\system32\Fncibg32.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fkgillpj.exeC:\Windows\system32\Fkgillpj.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fjocbhbo.exeC:\Windows\system32\Fjocbhbo.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gjaphgpl.exeC:\Windows\system32\Gjaphgpl.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gkalbj32.exeC:\Windows\system32\Gkalbj32.exe67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gnaecedp.exeC:\Windows\system32\Gnaecedp.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gndbie32.exeC:\Windows\system32\Gndbie32.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gcqjal32.exeC:\Windows\system32\Gcqjal32.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hccggl32.exeC:\Windows\system32\Hccggl32.exe71⤵
-
C:\Windows\SysWOW64\Hkmlnimb.exeC:\Windows\system32\Hkmlnimb.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Heepfn32.exeC:\Windows\system32\Heepfn32.exe73⤵
-
C:\Windows\SysWOW64\Hbiapb32.exeC:\Windows\system32\Hbiapb32.exe74⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hjfbjdnd.exeC:\Windows\system32\Hjfbjdnd.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jhmhpfmi.exeC:\Windows\system32\Jhmhpfmi.exe76⤵
-
C:\Windows\SysWOW64\Jhoeef32.exeC:\Windows\system32\Jhoeef32.exe77⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Kahinkaf.exeC:\Windows\system32\Kahinkaf.exe78⤵
-
C:\Windows\SysWOW64\Kdhbpf32.exeC:\Windows\system32\Kdhbpf32.exe79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kbjbnnfg.exeC:\Windows\system32\Kbjbnnfg.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kdkoef32.exeC:\Windows\system32\Kdkoef32.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kopcbo32.exeC:\Windows\system32\Kopcbo32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Khihld32.exeC:\Windows\system32\Khihld32.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kaaldjil.exeC:\Windows\system32\Kaaldjil.exe84⤵
-
C:\Windows\SysWOW64\Lbqinm32.exeC:\Windows\system32\Lbqinm32.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lhmafcnf.exeC:\Windows\system32\Lhmafcnf.exe86⤵
-
C:\Windows\SysWOW64\Lddble32.exeC:\Windows\system32\Lddble32.exe87⤵
-
C:\Windows\SysWOW64\Lamlphoo.exeC:\Windows\system32\Lamlphoo.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mhiabbdi.exeC:\Windows\system32\Mhiabbdi.exe89⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mdpagc32.exeC:\Windows\system32\Mdpagc32.exe90⤵
-
C:\Windows\SysWOW64\Mkjjdmaj.exeC:\Windows\system32\Mkjjdmaj.exe91⤵
-
C:\Windows\SysWOW64\Mhnjna32.exeC:\Windows\system32\Mhnjna32.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mddkbbfg.exeC:\Windows\system32\Mddkbbfg.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mahklf32.exeC:\Windows\system32\Mahklf32.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ndidna32.exeC:\Windows\system32\Ndidna32.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ndlacapp.exeC:\Windows\system32\Ndlacapp.exe96⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ncmaai32.exeC:\Windows\system32\Ncmaai32.exe97⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nbbnbemf.exeC:\Windows\system32\Nbbnbemf.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nlgbon32.exeC:\Windows\system32\Nlgbon32.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ohncdobq.exeC:\Windows\system32\Ohncdobq.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ochamg32.exeC:\Windows\system32\Ochamg32.exe101⤵
-
C:\Windows\SysWOW64\Omcbkl32.exeC:\Windows\system32\Omcbkl32.exe102⤵
-
C:\Windows\SysWOW64\Pomncfge.exeC:\Windows\system32\Pomncfge.exe103⤵
-
C:\Windows\SysWOW64\Qejfkmem.exeC:\Windows\system32\Qejfkmem.exe104⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qkdohg32.exeC:\Windows\system32\Qkdohg32.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qbngeadf.exeC:\Windows\system32\Qbngeadf.exe106⤵
-
C:\Windows\SysWOW64\Afnlpohj.exeC:\Windows\system32\Afnlpohj.exe107⤵
-
C:\Windows\SysWOW64\Abemep32.exeC:\Windows\system32\Abemep32.exe108⤵
-
C:\Windows\SysWOW64\Acdioc32.exeC:\Windows\system32\Acdioc32.exe109⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aiabhj32.exeC:\Windows\system32\Aiabhj32.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Abjfqpji.exeC:\Windows\system32\Abjfqpji.exe111⤵
-
C:\Windows\SysWOW64\Amoknh32.exeC:\Windows\system32\Amoknh32.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bmagch32.exeC:\Windows\system32\Bmagch32.exe113⤵
-
C:\Windows\SysWOW64\Bikeni32.exeC:\Windows\system32\Bikeni32.exe114⤵
-
C:\Windows\SysWOW64\Bbefln32.exeC:\Windows\system32\Bbefln32.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Cdgolq32.exeC:\Windows\system32\Cdgolq32.exe116⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cpcila32.exeC:\Windows\system32\Cpcila32.exe117⤵
-
C:\Windows\SysWOW64\Dmnpfd32.exeC:\Windows\system32\Dmnpfd32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dcmedk32.exeC:\Windows\system32\Dcmedk32.exe119⤵
-
C:\Windows\SysWOW64\Epaemojk.exeC:\Windows\system32\Epaemojk.exe120⤵
-
C:\Windows\SysWOW64\Eebgqe32.exeC:\Windows\system32\Eebgqe32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-