c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
Size

593KB
MD5

dc27c80f682aaba013e8dc2f3e658910
SHA1

29ed6d84974564102b91e2320cf4a08948643c65
SHA256

c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6
SHA512

e3e9066a69697b2098462af9bf2ea33c8762ee60ae18647fc692cb43a3d77c051da4cd811189f61d20807f133546e112097d0c886e21977756e1ada7d2b0a316
SSDEEP

6144:8jMKITkBXkHhIitXSrQeRTTilNeRTTilYeRTTilqvRe/5du4cuTfM7fhHDohnK7S:/IIwQCf2CfnCfjRc5dQuTErhjoxGQR

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\DeviceProperties.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\printui.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\xcopy.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\icardagt.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\PING.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\printui.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\Utilman.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\print.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\userinit.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\comp.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\WerFault.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\mcbuilder.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\mspaint.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\Mystify.scr	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\powercfg.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\reg.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\RmClient.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\ROUTE.EXE	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\setx.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\convert.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\esentutl.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\mspaint.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\SearchIndexer.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\svchost.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\cleanmgr.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\mobsync.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\ntoskrnl.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\RpcPing.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\rundll32.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\runonce.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\vssadmin.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\chcp.com-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\fixmapi.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\lodctr.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\Magnify.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\powercfg.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\cmmon32.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\setup16.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\setupugc.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\bitsadmin.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\dvdupgrd.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\netiougc.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\setupSNK.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\hh.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\SetIEInstalledDate.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\at.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\fsutil.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\gpresult.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\label.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\WerFault.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\autochk.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\autofmt.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\clip.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDCT.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\MergeExit.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\7-Zip\7z.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\7-Zip\7zG.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Windows Media Player\setup_wm.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\7-Zip\7zFM.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_b9e7a42ab571bbb9\slui.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inkwatson_31bf3856ad364e35_6.1.7600.16385_none_644c1a991aac9ffb\InkWatson.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-timeout_31bf3856ad364e35_6.1.7600.16385_none_e8595e67dff5b7f4\timeout.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f\AddInProcess.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-processmodel_31bf3856ad364e35_6.1.7601.17514_none_1f3c3defefc3a10e\w3wp.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_ef38a8d0d05cc2c7\IMJPDADM.EXE-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\splwow64.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-compact_31bf3856ad364e35_6.1.7600.16385_none_55ea2c71cf438ffc\compact.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_83171a284b28fcec\AddInProcess32.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\ehome\WTVConverter.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_f71eddfb459a0155\SystemPropertiesAdvanced.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_6.1.7601.17514_none_f06adab455a2f1e9\WMPDMC.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_9da1b3254ff796e9\sdchange.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\MigAutoPlay.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce\lsm.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-telnet-server_31bf3856ad364e35_6.1.7600.16385_none_eefcce9868c6d4b7\tlntadmn.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_1c140627131a6df3\mcbuilder.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17932_none_d26a33ec18cb49c4\conhost.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835\xpsrchvw.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_da3cb85562df73c9\memtest.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fdddo_31bf3856ad364e35_6.1.7600.16385_none_b0de2afe4ca7a1e2\DeviceDisplayObjectProvider.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_6.1.7600.16385_none_94861149bb66249c\powershell_ise.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_046c078df2caf5d8\ngen.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_6.1.7600.16385_none_316a8a208c030e56\reg.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\SvcIni.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-waitfor_31bf3856ad364e35_6.1.7600.16385_none_b63c0c04dc872e59\waitfor.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.1.7600.16385_none_17330d9420bf24e8\expand.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_5f774c61592c67c3\netsh.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_7288349cbfd37b08\taskmgr.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\SvcIni.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_6.1.7600.16385_none_3e69140a61f1eff5\hdwwiz.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_1660ccbeb66c6cf1\verifier.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\Dxpserver.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.1.7600.16385_none_cd7aeeff1897d018\lodctr.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_ec98071c85cf09eb\DisplaySwitch.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.1.7601.17514_none_e8f86b1cdf02c483\wpnpinst.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-pnputil_31bf3856ad364e35_6.1.7600.16385_none_5958b438d6388d15\PnPutil.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.16428_none_1c0dbd69636d746a\ieUnatt.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf\imjpuexc.exe-	c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe

C:\Users\Admin\AppData\Local\Temp\c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe
"C:\Users\Admin\AppData\Local\Temp\c5d564f330c1551f87dbfcad6617011159e166b85c18a68921788321bb302df6N.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
1.5MB

MD5
0f48eed267747d3708d56524ed315dd8

SHA1
17fa3152749ad4a3dc990a580273a0a405387e2f

SHA256
90f99c0901c159f1bfb3915db4e6210b1045cf3815d875d299c912c5805ad123

SHA512
57c83b0ce84e9e2c00cee66718c91dd9bba9dbc57b4dcbaef58919d100932837505314d2a9af5452e732c863918a5eb8df7e9aae79ceafe9cfcea2f6d9b4b586

Download Submit
memory/1980-865-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1980-1332-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1980-2656-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1980-3674-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1980-3675-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1980-3676-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1980-3680-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads