Overview
overview
7Static
static
323c707f9cc...1N.exe
windows7-x64
723c707f9cc...1N.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/VVSNInst.exe
windows7-x64
7$TEMP/VVSNInst.exe
windows10-2004-x64
7$WINDIR/Sy...ms.dll
windows7-x64
3$WINDIR/Sy...ms.dll
windows10-2004-x64
3$WINDIR/Sy...ax.dll
windows7-x64
3$WINDIR/Sy...ax.dll
windows10-2004-x64
3Arcade!.exe
windows7-x64
3Arcade!.exe
windows10-2004-x64
3uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2024, 23:55
Static task
static1
Behavioral task
behavioral1
Sample
23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$TEMP/VVSNInst.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral8
Sample
$TEMP/VVSNInst.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$WINDIR/System32/dsaoms.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
$WINDIR/System32/dsaoms.dll
Resource
win10v2004-20240910-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$WINDIR/System32/wkcajax.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
$WINDIR/System32/wkcajax.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Arcade!.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
Arcade!.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
uninst.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
uninst.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe
-
Size
732KB
-
MD5
eef803f8f59092866375b3807108e4f0
-
SHA1
9f8b3145b8088c43db180b9d8c62ad2cf46a4055
-
SHA256
23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851
-
SHA512
e19a4272662e09a81eac403df1ce58dbe2105b703b50884f18dcacf7d29e1e6c85bc273f4713ee9bd29c03ac32a3f339d2e2f1b37ff433d632c4435c3310901f
-
SSDEEP
12288:UDCxGuO8ODZ+1JbpyMpq65OxDub4hkWGzCeVIOqjcqjdOYmSaarVaEoVN4r:UUMZe1pyM1OxDG4hkkOq4SOYmS5Z+Vqr
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
pid Process 2728 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe 2728 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe 2728 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\wkcajax.dll 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe File opened for modification C:\Windows\SysWOW64\dsaoms.dll 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe File created C:\Windows\SysWOW64\dsaoms.dll 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe File opened for modification C:\Windows\SysWOW64\wkcajax.dll 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\InprocServer32\ThreadingModel = "Apartment" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8}\1.0\FLAGS 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8}\1.0\FLAGS\ = "0" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\TypeLib 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489}\TypeLib 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CB98AF7-2312-47FF-9E56-917F92C14195}\ = "wkajaxc.clsdll" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\ProgID 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CB98AF7-2312-47FF-9E56-917F92C14195}\TypeLib\ = "{8196B6CB-44E3-45B3-90D6-8541816E7E74}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8196B6CB-44E3-45B3-90D6-8541816E7E74}\1.0\FLAGS\ = "0" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8196B6CB-44E3-45B3-90D6-8541816E7E74}\1.0\HELPDIR\ = "C:\\Windows\\System32" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CB98AF7-2312-47FF-9E56-917F92C14195}\TypeLib 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8}\1.0\0\win32 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\dsaoms.dll" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6} 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\ = "ISimpleShlExt" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489}\TypeLib\ = "{8196B6CB-44E3-45B3-90D6-8541816E7E74}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\VersionIndependentProgID\ = "AnswerWorks.AnswerWorksExt" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\ProgID\ = "AnswerWorks.AnswerWorksExt.1" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8}\1.0 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8196B6CB-44E3-45B3-90D6-8541816E7E74}\1.0\0\win32 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489}\ProxyStubClsid32 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CB98AF7-2312-47FF-9E56-917F92C14195}\ProgID 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\InprocServer32 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\ShellEx 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\ShellEx\ContextMenuHandlers 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8}\1.0\ = "AnswerWorksExtExt 1.0 Type Library" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8196B6CB-44E3-45B3-90D6-8541816E7E74} 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8196B6CB-44E3-45B3-90D6-8541816E7E74}\1.0\ = "wkajaxc" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CB98AF7-2312-47FF-9E56-917F92C14195} 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\TypeLib\ = "{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AnswerWorks.AnswerWorksExt.1\CLSID 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AnswerWorks.AnswerWorksExt\CLSID\ = "{0C50F454-9710-4949-A68E-3AF0738CC121}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8}\1.0\HELPDIR\ = "C:\\Windows\\SysWow64\\" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489}\TypeLib\ = "{8196B6CB-44E3-45B3-90D6-8541816E7E74}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489} 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CB98AF7-2312-47FF-9E56-917F92C14195}\InprocServer32\ThreadingModel = "Apartment" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AnswerWorks.AnswerWorksExt\ = "AnswerWorksExt Class" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AnswerWorks.AnswerWorksExt\CurVer 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\TypeLib 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\ProxyStubClsid32 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\TypeLib 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8196B6CB-44E3-45B3-90D6-8541816E7E74}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\wkcajax.dll" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CB98AF7-2312-47FF-9E56-917F92C14195}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AnswerWorks.AnswerWorksExt.1 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\TypeLib\Version = "1.0" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\ = "ISimpleShlExt" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489}\ProxyStubClsid32 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489}\TypeLib\Version = "1.0" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\VersionIndependentProgID 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\TypeLib\Version = "1.0" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6} 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\wkajaxc.clsdll\Clsid\ = "{2CB98AF7-2312-47FF-9E56-917F92C14195}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\InprocServer32\ = "C:\\Windows\\SysWow64\\dsaoms.dll" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\TypeLib\ = "{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8}" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C50F454-9710-4949-A68E-3AF0738CC121}\Programmable 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E657594E-2F36-4A78-9DC9-687D9F9858B6}\ProxyStubClsid32 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{058A54C7-EAFF-488D-95CA-8A248141C489}\TypeLib\Version = "1.0" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CB98AF7-2312-47FF-9E56-917F92C14195}\VERSION\ = "1.0" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\wkajaxc.clsdll\ = "wkajaxc.clsdll" 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CB98AF7-2312-47FF-9E56-917F92C14195}\Implemented Categories 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E0D28399-E9B8-48A5-BEC7-4DC1BD6CDAF8} 23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe"C:\Users\Admin\AppData\Local\Temp\23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5f407939127208a009b9a825cb77ed3c7
SHA1051d7fccf3fb544acaa8ab6be590bb4bc79cef82
SHA256191fab998e58b66a2416873b06062166b547eb3ba06b1326a4a785a566aaf76d
SHA512d45d08823ac7667f071b21d238b7fda43115db3195a442cb17d880d147e8a930374403c970afc31f676f01a83fb9c63e3be047de7e16718a08a1fdbe4b690901
-
Filesize
730B
MD5d18996f1539cea1af4c0709595e4ed03
SHA1e7a6be994540f7e8193761e6babd88c2a2dc72b5
SHA256aeb39dff5518ed297f8380d187b5178f8e2372751dbd0f26fd570e06115d6170
SHA51261631e501fc0d13c85a6b7307cdc3afe162fe959888ca15288512adc1ff25332ca23257fd0d3a262f4afc9776097eead8d598a9809911981e7db765023d2b189
-
Filesize
92KB
MD5a27e788246ebb3fb59173594d314fd33
SHA18081d0f8cb50ebec461427d132c1d6af0c1a734b
SHA256c89a745ab8482e9871d1f86d0c73d30e651189769614c80a972b5e76aba28165
SHA5123ae147466c0d15887db70f2f8aed92126e7c0e670444ec76d24f50c4beb67c6745edd87778a70581d9cc5b6ea7a0bfc6a4c20a8aa5ffe590a64eb40f3bd7bba2
-
Filesize
232KB
MD521e5ab0214714983584031e78c763aae
SHA167d96799572b2d847561d1dc5c5db639c3abb085
SHA2562dd855c3a2d5acec7cf1daf44284576e3d97ae8891bdf15480ed530c0863855f
SHA5122807cd740c1d50de1f6e26c869c466a503181f276832c1057c8269d50abaa3a7fc0769479d3357962dd63bcd57541ccf9a3fb31314d874365143e0442f7114cf