Analysis
-
max time kernel
92s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
15-06-2024 23:38
General
-
Target
8408453d99c300da6b296abb88c41324c29c88947360c713f7aff78499344d3e.exe
-
Size
59KB
-
MD5
51678185ba102bb256ff55a1fb6d17b0
-
SHA1
42210f9039a76d91898748461d12b83c67982cdc
-
SHA256
8408453d99c300da6b296abb88c41324c29c88947360c713f7aff78499344d3e
-
SHA512
bf9a83508cddd6785d11965b34911231c6f6bff26ac3060d24a0fe60fabd68a9a14202ae6b1137635465e4a970fe0ee2cbd74985bffd36eb6c0f06af92795b3b
-
SSDEEP
1536:Iew3JFkRrm8X4F93MAMiIy+ziziV6YNCyVs:Iew5ORrBX4f3MAWyeEXes
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8408453d99c300da6b296abb88c41324c29c88947360c713f7aff78499344d3e.exe"C:\Users\Admin\AppData\Local\Temp\8408453d99c300da6b296abb88c41324c29c88947360c713f7aff78499344d3e.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pghieg32.exeC:\Windows\system32\Pghieg32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pjffbc32.exeC:\Windows\system32\Pjffbc32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pbmncp32.exeC:\Windows\system32\Pbmncp32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pqpnombl.exeC:\Windows\system32\Pqpnombl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pgjfkg32.exeC:\Windows\system32\Pgjfkg32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pjhbgb32.exeC:\Windows\system32\Pjhbgb32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pabkdmpi.exeC:\Windows\system32\Pabkdmpi.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pkhoae32.exeC:\Windows\system32\Pkhoae32.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pbbgnpgl.exeC:\Windows\system32\Pbbgnpgl.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Peqcjkfp.exeC:\Windows\system32\Peqcjkfp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pkjlge32.exeC:\Windows\system32\Pkjlge32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pbddcoei.exeC:\Windows\system32\Pbddcoei.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qecppkdm.exeC:\Windows\system32\Qecppkdm.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qgallfcq.exeC:\Windows\system32\Qgallfcq.exe15⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qnkdhpjn.exeC:\Windows\system32\Qnkdhpjn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qchmagie.exeC:\Windows\system32\Qchmagie.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qnnanphk.exeC:\Windows\system32\Qnnanphk.exe18⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qalnjkgo.exeC:\Windows\system32\Qalnjkgo.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Agffge32.exeC:\Windows\system32\Agffge32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abkjdnoa.exeC:\Windows\system32\Abkjdnoa.exe21⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Acmflf32.exeC:\Windows\system32\Acmflf32.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ajfoiqll.exeC:\Windows\system32\Ajfoiqll.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aaqgek32.exeC:\Windows\system32\Aaqgek32.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Acocaf32.exeC:\Windows\system32\Acocaf32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Alfkbc32.exeC:\Windows\system32\Alfkbc32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Abpcon32.exeC:\Windows\system32\Abpcon32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Adapgfqj.exeC:\Windows\system32\Adapgfqj.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Alhhhcal.exeC:\Windows\system32\Alhhhcal.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Abbpem32.exeC:\Windows\system32\Abbpem32.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Adcmmeog.exeC:\Windows\system32\Adcmmeog.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ajneip32.exeC:\Windows\system32\Ajneip32.exe32⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Aniajnnn.exeC:\Windows\system32\Aniajnnn.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Becifhfj.exeC:\Windows\system32\Becifhfj.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bhaebcen.exeC:\Windows\system32\Bhaebcen.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bbgipldd.exeC:\Windows\system32\Bbgipldd.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Beeflhdh.exeC:\Windows\system32\Beeflhdh.exe37⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bhdbhcck.exeC:\Windows\system32\Bhdbhcck.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bnnjen32.exeC:\Windows\system32\Bnnjen32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bbifelba.exeC:\Windows\system32\Bbifelba.exe40⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bdkcmdhp.exeC:\Windows\system32\Bdkcmdhp.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bjdkjo32.exeC:\Windows\system32\Bjdkjo32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bblckl32.exeC:\Windows\system32\Bblckl32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bejogg32.exeC:\Windows\system32\Bejogg32.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bjghpn32.exeC:\Windows\system32\Bjghpn32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bbnpqk32.exeC:\Windows\system32\Bbnpqk32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bemlmgnp.exeC:\Windows\system32\Bemlmgnp.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blfdia32.exeC:\Windows\system32\Blfdia32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbqlfkmi.exeC:\Windows\system32\Cbqlfkmi.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cliaoq32.exeC:\Windows\system32\Cliaoq32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cogmkl32.exeC:\Windows\system32\Cogmkl32.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cafigg32.exeC:\Windows\system32\Cafigg32.exe52⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Chpada32.exeC:\Windows\system32\Chpada32.exe53⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cojjqlpk.exeC:\Windows\system32\Cojjqlpk.exe54⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cecbmf32.exeC:\Windows\system32\Cecbmf32.exe55⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Clnjjpod.exeC:\Windows\system32\Clnjjpod.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbgbgj32.exeC:\Windows\system32\Cbgbgj32.exe57⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cefoce32.exeC:\Windows\system32\Cefoce32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Clpgpp32.exeC:\Windows\system32\Clpgpp32.exe59⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cbjoljdo.exeC:\Windows\system32\Cbjoljdo.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdkldb32.exeC:\Windows\system32\Cdkldb32.exe61⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Clbceo32.exeC:\Windows\system32\Clbceo32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbllbibl.exeC:\Windows\system32\Dbllbibl.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Daolnf32.exeC:\Windows\system32\Daolnf32.exe64⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ddmhja32.exeC:\Windows\system32\Ddmhja32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dboigi32.exeC:\Windows\system32\Dboigi32.exe66⤵
-
C:\Windows\SysWOW64\Demecd32.exeC:\Windows\system32\Demecd32.exe67⤵
-
C:\Windows\SysWOW64\Dbaemi32.exeC:\Windows\system32\Dbaemi32.exe68⤵
-
C:\Windows\SysWOW64\Ddbbeade.exeC:\Windows\system32\Ddbbeade.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dlijfneg.exeC:\Windows\system32\Dlijfneg.exe70⤵
-
C:\Windows\SysWOW64\Dafbne32.exeC:\Windows\system32\Dafbne32.exe71⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dhpjkojk.exeC:\Windows\system32\Dhpjkojk.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dedkdcie.exeC:\Windows\system32\Dedkdcie.exe73⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dhbgqohi.exeC:\Windows\system32\Dhbgqohi.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ekacmjgl.exeC:\Windows\system32\Ekacmjgl.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eaklidoi.exeC:\Windows\system32\Eaklidoi.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Edihepnm.exeC:\Windows\system32\Edihepnm.exe77⤵
-
C:\Windows\SysWOW64\Eoolbinc.exeC:\Windows\system32\Eoolbinc.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ecmeig32.exeC:\Windows\system32\Ecmeig32.exe79⤵
-
C:\Windows\SysWOW64\Eekaebcm.exeC:\Windows\system32\Eekaebcm.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ehimanbq.exeC:\Windows\system32\Ehimanbq.exe81⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Eocenh32.exeC:\Windows\system32\Eocenh32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eabbjc32.exeC:\Windows\system32\Eabbjc32.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ehljfnpn.exeC:\Windows\system32\Ehljfnpn.exe84⤵
-
C:\Windows\SysWOW64\Ekjfcipa.exeC:\Windows\system32\Ekjfcipa.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ecandfpd.exeC:\Windows\system32\Ecandfpd.exe86⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eepjpb32.exeC:\Windows\system32\Eepjpb32.exe87⤵
-
C:\Windows\SysWOW64\Fkmchi32.exeC:\Windows\system32\Fkmchi32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fafkecel.exeC:\Windows\system32\Fafkecel.exe89⤵
-
C:\Windows\SysWOW64\Fdegandp.exeC:\Windows\system32\Fdegandp.exe90⤵
-
C:\Windows\SysWOW64\Ffddka32.exeC:\Windows\system32\Ffddka32.exe91⤵
-
C:\Windows\SysWOW64\Fdialn32.exeC:\Windows\system32\Fdialn32.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flqimk32.exeC:\Windows\system32\Flqimk32.exe93⤵
-
C:\Windows\SysWOW64\Fooeif32.exeC:\Windows\system32\Fooeif32.exe94⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fdlnbm32.exeC:\Windows\system32\Fdlnbm32.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flceckoj.exeC:\Windows\system32\Flceckoj.exe96⤵
-
C:\Windows\SysWOW64\Fcmnpe32.exeC:\Windows\system32\Fcmnpe32.exe97⤵
-
C:\Windows\SysWOW64\Ffkjlp32.exeC:\Windows\system32\Ffkjlp32.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Glebhjlg.exeC:\Windows\system32\Glebhjlg.exe99⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gododflk.exeC:\Windows\system32\Gododflk.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gfngap32.exeC:\Windows\system32\Gfngap32.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ghlcnk32.exeC:\Windows\system32\Ghlcnk32.exe102⤵
-
C:\Windows\SysWOW64\Gofkje32.exeC:\Windows\system32\Gofkje32.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gcagkdba.exeC:\Windows\system32\Gcagkdba.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gfpcgpae.exeC:\Windows\system32\Gfpcgpae.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gmjlcj32.exeC:\Windows\system32\Gmjlcj32.exe106⤵
-
C:\Windows\SysWOW64\Gohhpe32.exeC:\Windows\system32\Gohhpe32.exe107⤵
-
C:\Windows\SysWOW64\Gdeqhl32.exeC:\Windows\system32\Gdeqhl32.exe108⤵
-
C:\Windows\SysWOW64\Gmlhii32.exeC:\Windows\system32\Gmlhii32.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gokdeeec.exeC:\Windows\system32\Gokdeeec.exe110⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gbiaapdf.exeC:\Windows\system32\Gbiaapdf.exe111⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gfembo32.exeC:\Windows\system32\Gfembo32.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gmoeoidl.exeC:\Windows\system32\Gmoeoidl.exe113⤵
-
C:\Windows\SysWOW64\Gblngpbd.exeC:\Windows\system32\Gblngpbd.exe114⤵
-
C:\Windows\SysWOW64\Hmabdibj.exeC:\Windows\system32\Hmabdibj.exe115⤵
-
C:\Windows\SysWOW64\Hkdbpe32.exeC:\Windows\system32\Hkdbpe32.exe116⤵
-
C:\Windows\SysWOW64\Hopnqdan.exeC:\Windows\system32\Hopnqdan.exe117⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hfifmnij.exeC:\Windows\system32\Hfifmnij.exe118⤵
-
C:\Windows\SysWOW64\Hmcojh32.exeC:\Windows\system32\Hmcojh32.exe119⤵
-
C:\Windows\SysWOW64\Hcmgfbhd.exeC:\Windows\system32\Hcmgfbhd.exe120⤵
-
C:\Windows\SysWOW64\Heocnk32.exeC:\Windows\system32\Heocnk32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-