Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
07-08-2024 06:38
General
-
Target
7d51b4f38755e9410863da07f09238b0N.exe
-
Size
124KB
-
MD5
7d51b4f38755e9410863da07f09238b0
-
SHA1
356954263923a4eda8d6946727e8d71b3fb034a7
-
SHA256
ca0845ccae1315ae2e32d78cd34541aced3f7fb17524e5122d27117cc6cf28ec
-
SHA512
cfda8f92ccc6c61e6c63d72c3398afba8dd4b4f87874ff92edc55f342eaf4d6e5df1cce5e548f7afec587d4f222d2f2ac86fb26ca27de36c1947185c5aa620bb
-
SSDEEP
1536:3xszP5YYzmhRO/N69BH3OoGa+FL9jKceRgrkjSo:BGxYYKhkFoN3Oo1+F92S
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 36 IoCs
-
Executes dropped EXE 36 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 36 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 37 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious use of SetWindowsHookEx 37 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d51b4f38755e9410863da07f09238b0N.exe"C:\Users\Admin\AppData\Local\Temp\7d51b4f38755e9410863da07f09238b0N.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\seujee.exe"C:\Users\Admin\seujee.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\jugoj.exe"C:\Users\Admin\jugoj.exe"3⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\raowe.exe"C:\Users\Admin\raowe.exe"4⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\diupeug.exe"C:\Users\Admin\diupeug.exe"5⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\jwcoul.exe"C:\Users\Admin\jwcoul.exe"6⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\hqquh.exe"C:\Users\Admin\hqquh.exe"7⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\pieil.exe"C:\Users\Admin\pieil.exe"8⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\rvsuon.exe"C:\Users\Admin\rvsuon.exe"9⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\tuazei.exe"C:\Users\Admin\tuazei.exe"10⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\gooogat.exe"C:\Users\Admin\gooogat.exe"11⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\seivut.exe"C:\Users\Admin\seivut.exe"12⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\jeojo.exe"C:\Users\Admin\jeojo.exe"13⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\coayeud.exe"C:\Users\Admin\coayeud.exe"14⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\btduq.exe"C:\Users\Admin\btduq.exe"15⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\suduk.exe"C:\Users\Admin\suduk.exe"16⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\taooh.exe"C:\Users\Admin\taooh.exe"17⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\cmvuaf.exe"C:\Users\Admin\cmvuaf.exe"18⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\gueey.exe"C:\Users\Admin\gueey.exe"19⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\bzheel.exe"C:\Users\Admin\bzheel.exe"20⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\tuivom.exe"C:\Users\Admin\tuivom.exe"21⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\tgnoem.exe"C:\Users\Admin\tgnoem.exe"22⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\quuega.exe"C:\Users\Admin\quuega.exe"23⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\woualo.exe"C:\Users\Admin\woualo.exe"24⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\keaveeb.exe"C:\Users\Admin\keaveeb.exe"25⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\zbgog.exe"C:\Users\Admin\zbgog.exe"26⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\fonat.exe"C:\Users\Admin\fonat.exe"27⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\miusoi.exe"C:\Users\Admin\miusoi.exe"28⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\wuuef.exe"C:\Users\Admin\wuuef.exe"29⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\vieriim.exe"C:\Users\Admin\vieriim.exe"30⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\taipov.exe"C:\Users\Admin\taipov.exe"31⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\lealait.exe"C:\Users\Admin\lealait.exe"32⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\xaaat.exe"C:\Users\Admin\xaaat.exe"33⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\maowar.exe"C:\Users\Admin\maowar.exe"34⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\bieneaq.exe"C:\Users\Admin\bieneaq.exe"35⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\biaoj.exe"C:\Users\Admin\biaoj.exe"36⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\viaifuy.exe"C:\Users\Admin\viaifuy.exe"37⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD5e0ec4777b23379dc6ac594760c37e083
SHA145ea2c0a5326e60a9b1a35b1ca84d81e04cf78fa
SHA25696b17b9dd3000090597615284d9e4c8202d95c9d5468e48561df1ccffe524eb0
SHA512c50490f48c4610ca43115530f6ded344e4cd8b9a7f401b417d046bdd281e100c839f3f38308259d805c0c37264964b25aa8e8c4a799a3b20cc632db623b4928d
-
Filesize
124KB
MD5bd1759d5c948b4323424b3fb054009b2
SHA112c889986c732a4bd8ca306ea07849f21ce8a892
SHA2562b0394cdcb079bae320f52b15b2c1b4311d741f2d37a1c940616456428d953ba
SHA51255ebef5fe2f9cc69869c51df1b13fb36eeb4b09e533ca11b760ad494fe1187f532ff632323d0f40cec34a6d7e8da3a7e535029a6f675df7bbc75ae604258d845
-
Filesize
124KB
MD5a5c5ebf65b99a454ce9747633d2c15e3
SHA1c8a51b72959f3e9b96e5c0bcc28042d84d59aad4
SHA256aeac76ef680132967cec194190d468d8a1d6fe7722d12571399752fb1d59f0d3
SHA512e391246c2e0e8cffc0f41890a99211c2ce71a2ba0fad78e34171e25a7eacc98d189be8f9827960205392dd008a57d5fd0467ec1d037ebfcfc2ea19238e9044d0
-
Filesize
124KB
MD51cc46cb05291cbef6c3aa4a09532850c
SHA14dca7d76f160c7e380da969317913560ffdee204
SHA256118d7136a6111923d5e8c60c2c5b904dd84ca55267b4f7196c1067e3242c0765
SHA51226d0c80dc3c192b5cd51c5d497609c37ca1d7aa8c53b7c39bf9e4d2f851707d2caa47e5f9f9440e39887a73fb6444d5847a0a052c1222dc1b8c83ee2cf6f9a6a
-
Filesize
124KB
MD51217a7aa8fe65829fc85f83110bc78b0
SHA17348aba0ee3bb25abbcc45d4d9f4e5c34d720d0b
SHA2567211f1aadb738afe1871b7e21c2be3da262189cc8695112169324fd859df64f7
SHA512dc52fb6e343727d281739057978bc322f2f63b7570dad7060fd2224cd19cc958b97581b1bfbbd1c9894a34b9a8f05c5d9a9d28b6923c8351ffdc81a8288eb4b2
-
Filesize
124KB
MD5849fdf017729b726783b4f4df010c508
SHA11e5e88dfb5c44dca30b86918a6270cb0571d157a
SHA256e93a32df6e2d00f5077983b255227e7fbf533da372a307c30ec06256b0518ae2
SHA512bccd6685e559eb5f3008f85129cd711e2fd9e1c7c0d8847a70a077e7326b3e386db653411c493657b87c86f7becead9c49346c4f118a93af78d338ae5c6e7e2a
-
Filesize
124KB
MD57755955ae25e50d0bf8ce08cffbf9f3b
SHA192190c61aa41c44ecdb94728f405b39075286224
SHA2563029d9773b5d618419617130e865d6f45ea583647afc120113eaf6aa50e4329f
SHA512c07fb42799eb59af89bf204624004c30f0fd003e6242cf0a6f2750c1a330646caf3ae51245906b412429d0d45d98c52a70d342410bcdcc8c9c55d2fc21ef60ff
-
Filesize
124KB
MD56ac46d914e76b2cfe74dcc4dd4e7c303
SHA1fa7dcfc52ab9041983090a9b44ff063b56ddd152
SHA25698483d7ef3ff55a85d8e60116320f321deadbcfda1b94b9029c1b1b8a8ddca60
SHA512f11722fac35f580751b605e1738551c87418bc8ad32cf8c95011b8e6316fdf01df5fb97b0a70e3d5f979b36f7395532758736e65dcb6592c5d06868cb5d20ec1
-
Filesize
124KB
MD57d7f0c3921e4473a53d42e7bbf3aad0c
SHA1bb7e0189630a45aa24af3d3c33e8dd2f016125ab
SHA2569a29225ac3e9a724dbfcdbebb52b61ff4737eb6c648807b74780cde821e0be70
SHA5129277a6d0d4ebbe24a06e09785c3103a01fc23d0a9c1db276562f9ef8df13ca750863e065d81b4efb73cfb07047c0c2c9fb69f215ae33012239693e5efd7d636c
-
Filesize
124KB
MD52d8bc82f0409c9e947615deb750e8c37
SHA1563305066290dac0def5072cd040cc7d4ead95cc
SHA256b779f0812c3c194790481072786799588da959b8f3a00893971ed3a4def87aea
SHA51204d7da0d5a061f04dcb97798e904c26bb4354132b3b150728c75bc67b399a4a0ccc2a5c083db65a9b046b29c3d518c19ba16eba22434e09455042a22237c7ee2
-
Filesize
124KB
MD5b7b00715f718a821fec0aaa008fee7b2
SHA1b5b23e8be45f957c852f8c6a9593eb8d1a228e75
SHA256ff619adafb3c9cac1629f0416982204c9af447f5a24cd281e6f87a5696b6d7d8
SHA5123323aaaa9f69c860b8d0504a9ba4e37b46303ff7945197db706d90e3d06241e4f7dfc915e9af857065b2e4393eabda997377b05daf440f066c59432a16edf470
-
Filesize
124KB
MD52da5f3a0e317a389fbf0ec79d0ef5336
SHA171a10214aeaa220bbb68ab26f6d96260e6857191
SHA256b53051b8febeb22a0a1638b74e7b2b526c02d6f790a05d7734ada9af1d345082
SHA5122889574b2d68d2d92c186cdfd13b11fe24d50cd1932ec23880f49c5b066132c5731864104dd0f52e2465c153603e9a7c62dc3eb628893db0e08d11541ef59680
-
Filesize
124KB
MD587d9d69a0061cf4f399a581ff6dbbf11
SHA10b8c46ddf7b83d7280f055bb6911c4f0fc9315a3
SHA256cdc10cd8cf5cd344d7b8ebef61062806da6cf695094d3e244b1a804a9ef1437c
SHA5123b2b2185ab765b93686ac64f3b857a87de6e8180026585898a7efc559ed969c42a84ffbb73e20a9c70aebf6c00d8ef216c827b75380ddeb4031a92b07f741b9e
-
Filesize
124KB
MD58c2dfce9ec85f00248868066d5cbc706
SHA163f2384a55ef99eff1924781683de3377449abb4
SHA25698261a4d8b0d75758d3d0ff454910fa07bf1cfe648fde0f4ca7dfe806ebce3e2
SHA512dc44c8ba5d77922fc7823708e7c38b0cd02dd457b43934da43c45a5af80698633cfe11b755abc15aa7a457dd1df94aab07101f4a5f0ce16f18c818f04dcf68b6
-
Filesize
124KB
MD5853f59f5e76609348f405874245c05cf
SHA138304f8f209ff6952b537ad23f8a7026b2f2e420
SHA2564ee750e0fa9105b75e5b40cf867cf998749a8a5b9f566d74f3d2915276c8d3f4
SHA5121655782d170ebdb194999e8e3975c4403325ae405005e1dccf5f786e1859072792f82e66a71f97cfd3e2ea6603642819c5c0e5a03444a0d5e98b7da62935da87
-
Filesize
124KB
MD53cd54170671da9e2332a1dc65e2fdc1e
SHA1b8a2efc42a2a5d31bd0b01962c2bf811a7c95cbc
SHA256d5b531d73826ddfb2c165db74b421a1aefc117cd5dead8f8d4e30b6c8d072cc4
SHA512e09c0a5e92207fe8e70a387de756b5305a757b8c028b66488d8e2346470cf72c7c69a25aaf8162606f151da22e729be377aa4e5d554c02ef359d31d617ee83e3