Analysis
-
max time kernel
124s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
07/07/2024, 01:46
General
-
Target
a5aaaa9888a96738ba1f7c752cf8901c418986b63cbaf60b1067d285831324d1.exe
-
Size
357KB
-
MD5
b91d01243e62ed862c68a840d79e9cb6
-
SHA1
26b4ce939a784c5a56b7651467b280540f16769b
-
SHA256
a5aaaa9888a96738ba1f7c752cf8901c418986b63cbaf60b1067d285831324d1
-
SHA512
2d7679569cf0e26b90471c43f8b3d5ee20899851e8407a5e35fe74b6674a2c8573a46f2a6596d85faebc6aaf51358b14a088cef686592e1adebb76dbc3a8bd1f
-
SSDEEP
6144:TKvg6gAplR1n6xJmPMwZoXpKtCe8AUReheFlfSZR0SvsuFrGoyeg3kl+fiXFOFLG:eptZoXpKtCe1eehil6ZR5ZrQeg3kljFf
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5aaaa9888a96738ba1f7c752cf8901c418986b63cbaf60b1067d285831324d1.exe"C:\Users\Admin\AppData\Local\Temp\a5aaaa9888a96738ba1f7c752cf8901c418986b63cbaf60b1067d285831324d1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eaaiahei.exeC:\Windows\system32\Eaaiahei.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ecgodpgb.exeC:\Windows\system32\Ecgodpgb.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eqmlccdi.exeC:\Windows\system32\Eqmlccdi.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fnalmh32.exeC:\Windows\system32\Fnalmh32.exe5⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fncibg32.exeC:\Windows\system32\Fncibg32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gnmlhf32.exeC:\Windows\system32\Gnmlhf32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdiakp32.exeC:\Windows\system32\Gdiakp32.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gndbie32.exeC:\Windows\system32\Gndbie32.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hqdkkp32.exeC:\Windows\system32\Hqdkkp32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hebcao32.exeC:\Windows\system32\Hebcao32.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hjaioe32.exeC:\Windows\system32\Hjaioe32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hannao32.exeC:\Windows\system32\Hannao32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hnbnjc32.exeC:\Windows\system32\Hnbnjc32.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ibbcfa32.exeC:\Windows\system32\Ibbcfa32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ibdplaho.exeC:\Windows\system32\Ibdplaho.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Inkaqb32.exeC:\Windows\system32\Inkaqb32.exe17⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jdjfohjg.exeC:\Windows\system32\Jdjfohjg.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jjgkab32.exeC:\Windows\system32\Jjgkab32.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kahinkaf.exeC:\Windows\system32\Kahinkaf.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kefbdjgm.exeC:\Windows\system32\Kefbdjgm.exe21⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kongmo32.exeC:\Windows\system32\Kongmo32.exe22⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Khihld32.exeC:\Windows\system32\Khihld32.exe23⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lbqinm32.exeC:\Windows\system32\Lbqinm32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Logicn32.exeC:\Windows\system32\Logicn32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lbhool32.exeC:\Windows\system32\Lbhool32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Moalil32.exeC:\Windows\system32\Moalil32.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mhiabbdi.exeC:\Windows\system32\Mhiabbdi.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mhnjna32.exeC:\Windows\system32\Mhnjna32.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mafofggd.exeC:\Windows\system32\Mafofggd.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Medglemj.exeC:\Windows\system32\Medglemj.exe31⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nlcidopb.exeC:\Windows\system32\Nlcidopb.exe32⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nbbnbemf.exeC:\Windows\system32\Nbbnbemf.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Odbgdp32.exeC:\Windows\system32\Odbgdp32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ollljmhg.exeC:\Windows\system32\Ollljmhg.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ohcmpn32.exeC:\Windows\system32\Ohcmpn32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oheienli.exeC:\Windows\system32\Oheienli.exe37⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ohhfknjf.exeC:\Windows\system32\Ohhfknjf.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmeoqlpl.exeC:\Windows\system32\Pmeoqlpl.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkklbh32.exeC:\Windows\system32\Pkklbh32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Piaiqlak.exeC:\Windows\system32\Piaiqlak.exe41⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Piceflpi.exeC:\Windows\system32\Piceflpi.exe42⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qejfkmem.exeC:\Windows\system32\Qejfkmem.exe43⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qbngeadf.exeC:\Windows\system32\Qbngeadf.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Aeopfl32.exeC:\Windows\system32\Aeopfl32.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afnlpohj.exeC:\Windows\system32\Afnlpohj.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Acbmjcgd.exeC:\Windows\system32\Acbmjcgd.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Acdioc32.exeC:\Windows\system32\Acdioc32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aiabhj32.exeC:\Windows\system32\Aiabhj32.exe49⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Afeban32.exeC:\Windows\system32\Afeban32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bfhofnpp.exeC:\Windows\system32\Bfhofnpp.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bihhhi32.exeC:\Windows\system32\Bihhhi32.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Beoimjce.exeC:\Windows\system32\Beoimjce.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Beaecjab.exeC:\Windows\system32\Beaecjab.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bbefln32.exeC:\Windows\system32\Bbefln32.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cpifeb32.exeC:\Windows\system32\Cpifeb32.exe56⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cibkohef.exeC:\Windows\system32\Cibkohef.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cidgdg32.exeC:\Windows\system32\Cidgdg32.exe58⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cifdjg32.exeC:\Windows\system32\Cifdjg32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cemeoh32.exeC:\Windows\system32\Cemeoh32.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cmgjee32.exeC:\Windows\system32\Cmgjee32.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dllffa32.exeC:\Windows\system32\Dllffa32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dpjompqc.exeC:\Windows\system32\Dpjompqc.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dlqpaafg.exeC:\Windows\system32\Dlqpaafg.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dlcmgqdd.exeC:\Windows\system32\Dlcmgqdd.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ecoaijio.exeC:\Windows\system32\Ecoaijio.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Elhfbp32.exeC:\Windows\system32\Elhfbp32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eilfldoi.exeC:\Windows\system32\Eilfldoi.exe68⤵
-
C:\Windows\SysWOW64\Ecfhji32.exeC:\Windows\system32\Ecfhji32.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Edfddl32.exeC:\Windows\system32\Edfddl32.exe70⤵
-
C:\Windows\SysWOW64\Flaiho32.exeC:\Windows\system32\Flaiho32.exe71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flcfnn32.exeC:\Windows\system32\Flcfnn32.exe72⤵
-
C:\Windows\SysWOW64\Fncbha32.exeC:\Windows\system32\Fncbha32.exe73⤵
-
C:\Windows\SysWOW64\Fgkfqgce.exeC:\Windows\system32\Fgkfqgce.exe74⤵
-
C:\Windows\SysWOW64\Fdogjk32.exeC:\Windows\system32\Fdogjk32.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fcddkggf.exeC:\Windows\system32\Fcddkggf.exe76⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gjqinamq.exeC:\Windows\system32\Gjqinamq.exe77⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gdfmkjlg.exeC:\Windows\system32\Gdfmkjlg.exe78⤵
-
C:\Windows\SysWOW64\Gqmnpk32.exeC:\Windows\system32\Gqmnpk32.exe79⤵
-
C:\Windows\SysWOW64\Gdkffi32.exeC:\Windows\system32\Gdkffi32.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gdmcki32.exeC:\Windows\system32\Gdmcki32.exe81⤵
-
C:\Windows\SysWOW64\Hqfqfj32.exeC:\Windows\system32\Hqfqfj32.exe82⤵
-
C:\Windows\SysWOW64\Hnjaonij.exeC:\Windows\system32\Hnjaonij.exe83⤵
-
C:\Windows\SysWOW64\Hqkjaifk.exeC:\Windows\system32\Hqkjaifk.exe84⤵
-
C:\Windows\SysWOW64\Hqmggi32.exeC:\Windows\system32\Hqmggi32.exe85⤵
-
C:\Windows\SysWOW64\Iqpclh32.exeC:\Windows\system32\Iqpclh32.exe86⤵
-
C:\Windows\SysWOW64\Iglhob32.exeC:\Windows\system32\Iglhob32.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Inhmqlmj.exeC:\Windows\system32\Inhmqlmj.exe88⤵
-
C:\Windows\SysWOW64\Iebfmfdg.exeC:\Windows\system32\Iebfmfdg.exe89⤵
-
C:\Windows\SysWOW64\Icgbob32.exeC:\Windows\system32\Icgbob32.exe90⤵
-
C:\Windows\SysWOW64\Jegohe32.exeC:\Windows\system32\Jegohe32.exe91⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jfhlpnfp.exeC:\Windows\system32\Jfhlpnfp.exe92⤵
-
C:\Windows\SysWOW64\Janpnfee.exeC:\Windows\system32\Janpnfee.exe93⤵
-
C:\Windows\SysWOW64\Jjfdfl32.exeC:\Windows\system32\Jjfdfl32.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jgjeppkp.exeC:\Windows\system32\Jgjeppkp.exe95⤵
-
C:\Windows\SysWOW64\Jnfjbj32.exeC:\Windows\system32\Jnfjbj32.exe96⤵
-
C:\Windows\SysWOW64\Kmlgcf32.exeC:\Windows\system32\Kmlgcf32.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kaioidkh.exeC:\Windows\system32\Kaioidkh.exe98⤵
-
C:\Windows\SysWOW64\Kjbdbjbi.exeC:\Windows\system32\Kjbdbjbi.exe99⤵
-
C:\Windows\SysWOW64\Kdjhkp32.exeC:\Windows\system32\Kdjhkp32.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kmbmdeoj.exeC:\Windows\system32\Kmbmdeoj.exe101⤵
-
C:\Windows\SysWOW64\Ldoafodd.exeC:\Windows\system32\Ldoafodd.exe102⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lndfchdj.exeC:\Windows\system32\Lndfchdj.exe103⤵
-
C:\Windows\SysWOW64\Ldanloba.exeC:\Windows\system32\Ldanloba.exe104⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ljkghi32.exeC:\Windows\system32\Ljkghi32.exe105⤵
-
C:\Windows\SysWOW64\Ldckan32.exeC:\Windows\system32\Ldckan32.exe106⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lhadgmge.exeC:\Windows\system32\Lhadgmge.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ldhdlnli.exeC:\Windows\system32\Ldhdlnli.exe108⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Loniiflo.exeC:\Windows\system32\Loniiflo.exe109⤵
-
C:\Windows\SysWOW64\Mhfmbl32.exeC:\Windows\system32\Mhfmbl32.exe110⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mmcfkc32.exeC:\Windows\system32\Mmcfkc32.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mkgfdgpq.exeC:\Windows\system32\Mkgfdgpq.exe112⤵
-
C:\Windows\SysWOW64\Meljappg.exeC:\Windows\system32\Meljappg.exe113⤵
-
C:\Windows\SysWOW64\Moeoje32.exeC:\Windows\system32\Moeoje32.exe114⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mgpcohcb.exeC:\Windows\system32\Mgpcohcb.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Maehlqch.exeC:\Windows\system32\Maehlqch.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nmlhaa32.exeC:\Windows\system32\Nmlhaa32.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ngemjg32.exeC:\Windows\system32\Ngemjg32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Nggjog32.exeC:\Windows\system32\Nggjog32.exe119⤵
-
C:\Windows\SysWOW64\Namnmp32.exeC:\Windows\system32\Namnmp32.exe120⤵
-
C:\Windows\SysWOW64\Nkebee32.exeC:\Windows\system32\Nkebee32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-