36cae8a8dee66f72ec06e9d8934605c51818fd06c766b4a79924a4e910cb0e8a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
Size

379KB
MD5

926a01696875d72ecaab7ff449d7ede5
SHA1

28bd9c751335fe2829e91282367ece400e2d6d64
SHA256

6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5
SHA512

fb3b544a7f4943530ce0f77568a23c14e0bb84f883e6c52307053c7518cc6a92d9efb4c6146ce217badf23a643326f344b74ecb546731c0163e1633b645ea689
SSDEEP

3072:mYjW/6oSC5wztj5xiE1QM07ucjnDc/yd4eRYZ4StVAO8q+ysAg0AxB/GTGKLmKnc:fj2jwzt+sQM07LbSt7n2A4B/OfrC9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1792-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x0007000000018b68-6.dat	upx
behavioral1/memory/1792-3664-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1792-3668-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\efsui.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\ntprint.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\replace.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\cttune.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\openfiles.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\upnpcont.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\tracerpt.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\com\MigRegDB.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\ctfmon.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\runas.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\mountvol.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\more.com-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\certreq.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\choice.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\fc.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\RMActivate.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\SetIEInstalledDate.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\wecutil.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\cmdl32.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\NAPSTAT.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\regedit.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\TCPSVCS.EXE-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPMGR.EXE-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\makecab.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\notepad.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\SyncHost.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\DeviceProperties.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\efsui.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\help.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\ieUnatt.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\mspaint.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\wextract.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\dccw.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\icacls.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\mtstocom.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\wiaacmgr.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\SyncHost.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\wiaacmgr.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\winrshost.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\clip.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\runas.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\isoburn.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\iscsicpl.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\bthudtask.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\certutil.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\comp.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\doskey.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Google\Update\Install\{0AC99519-0FE0-4797-A0D6-2C21B93D4350}\chrome_installer.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Windows Media Player\wmplayer.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Windows Mail\wabmig.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\misc.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\7-Zip\7z.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Google\Update\Install\{0AC99519-0FE0-4797-A0D6-2C21B93D4350}\chrome_installer.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\SvcIni.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.1.7600.16385_none_2b7ff0845918e12f\snmptrap.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_a0cf62efee3228a3\wab.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6\write.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.1.7600.16385_none_e63ed98817cf16b1\Eap3Host.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.2.9600.16428_none_dea50217efd0356b\msfeedssync.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_052696aea98bcefc\PING.EXE-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_6.1.7600.16385_none_8c6823f855ef04a5\SystemPropertiesComputerName.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_a3c349b4bdac0898\RegAsm.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_wpf-presentationhostexe_31bf3856ad364e35_6.2.7601.17514_none_96490604d588c19b\PresentationHost.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.1.7601.17514_none_c0f01f501d19ea73\ehexthost.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01\rdrleakdiag.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.1.7600.16385_none_6a5b38699f97e38d\imjppdmg.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..restartup-baaupdate_31bf3856ad364e35_6.1.7600.16385_none_9243b833ecd918df\baaupdate.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728\printui.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_6d1a8c84bedf66a4\cleanmgr.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_975df0a6f5a54628\gpupdate.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_6.1.7601.17514_none_7920b60d569a4a1e\wmlaunch.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sethc_31bf3856ad364e35_6.1.7601.17514_none_c0e644688bbad892\sethc.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\msil_narrator_31bf3856ad364e35_6.1.7601.17514_none_e18f9f5aaa2eda72\Narrator.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_247621f7aa7542ff\ImagingDevices.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_02aa6dd4294b8d5f\shutdown.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_wpf-terminalserverwpfwrapperexe_31bf3856ad364e35_6.1.7600.16385_none_243595ae2cf3193f\TsWpfWrp.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-anytime-upgradeui_31bf3856ad364e35_6.1.7600.16385_none_4aadf3be188c056d\WindowsAnytimeUpgradeui.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\resmon.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_fb26c75d92790b8f\setupSNK.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17514_none_ed7ce39bb395c4e0\DataSvcUtil.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_443a636317ca9b75\fontview.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\ehome\mcspad.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_6.1.7600.16385_none_244ae8599e6d81bb\hh.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_8094bd7b62d2b435\ImagingDevices.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpconfig.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mountvol_31bf3856ad364e35_6.1.7600.16385_none_0e4e6b146b2452a9\mountvol.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_ed4e6c0f14dce27e\aspnet_compiler.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-autofmt_31bf3856ad364e35_6.1.7601.17514_none_e7fba6c91d7030e3\autofmt.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.1.7600.16385_none_7351a917d91c961e\expand.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.1.7600.16385_none_6f1d25ec0a04d811\rasphone.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_2df6395b9cf7e9a5\AdapterTroubleshooter.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_04d9defd57c1f6bf\rrinstaller.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.1.7600.16385_none_800bbdee85723191\RmClient.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\ehome\ehvid.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\fsquirt.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7600.16385_none_696bcc240bce3ca9\odbcconf.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_6.1.7600.16385_none_33f05b889d506d0a\wbemtest.exe-	6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe

C:\Users\Admin\AppData\Local\Temp\6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe
"C:\Users\Admin\AppData\Local\Temp\6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
1.3MB

MD5
a3402bdbb63867a32394cca7f1870859

SHA1
9495c3732caaa645f66241e440c3887aea965152

SHA256
39b59beea11a98649c182dd73d530f393c4fae5e27fbcde45bc8434ceef62799

SHA512
ca1f0600cd9d66387e2da14041ad6ffb14f77a440b7ab40e5d462b29c7f0c64fda846a6a9ea8940b5fd9deb9bda68a1d2231d2cedc55a256f783ff98e2b5e138

Download Submit
memory/1792-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1792-3664-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1792-3668-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download