Analysis
-
max time kernel
95s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 01:44
General
-
Target
8adb21b7278373c617c757996852a7bc8ea0dc05c16048751ef79f32a855cc77.exe
-
Size
377KB
-
MD5
c452d23a980e5d08989a3fd04d38eda0
-
SHA1
562a0475acc18162f807bd30dd6af7495a855701
-
SHA256
8adb21b7278373c617c757996852a7bc8ea0dc05c16048751ef79f32a855cc77
-
SHA512
0d183390fd4d4ad38a4f74c9b96878da0c954e89a4dab0b8907cd6af192dcac161e8cb61c34549820b53ac49c3dd4633e58e8a3f4f75bcff2ebdc4cda3028acb
-
SSDEEP
6144:fP+nPldUSCNaGSgnohijgAUv5fKx/SgnohignC5V:foPlOdMTv5i1dayV
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8adb21b7278373c617c757996852a7bc8ea0dc05c16048751ef79f32a855cc77.exe"C:\Users\Admin\AppData\Local\Temp\8adb21b7278373c617c757996852a7bc8ea0dc05c16048751ef79f32a855cc77.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lfhnaa32.exeC:\Windows\system32\Lfhnaa32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lldfjh32.exeC:\Windows\system32\Lldfjh32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lppbkgcj.exeC:\Windows\system32\Lppbkgcj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Locbfd32.exeC:\Windows\system32\Locbfd32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lfjjga32.exeC:\Windows\system32\Lfjjga32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lemkcnaa.exeC:\Windows\system32\Lemkcnaa.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lihfcm32.exeC:\Windows\system32\Lihfcm32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lhkgoiqe.exeC:\Windows\system32\Lhkgoiqe.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Llgcph32.exeC:\Windows\system32\Llgcph32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lpbopfag.exeC:\Windows\system32\Lpbopfag.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lbqklb32.exeC:\Windows\system32\Lbqklb32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lflgmqhd.exeC:\Windows\system32\Lflgmqhd.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Leoghn32.exeC:\Windows\system32\Leoghn32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Likcilhh.exeC:\Windows\system32\Likcilhh.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lhncdi32.exeC:\Windows\system32\Lhncdi32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Llipehgk.exeC:\Windows\system32\Llipehgk.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lpekef32.exeC:\Windows\system32\Lpekef32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Loglacfo.exeC:\Windows\system32\Loglacfo.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lbchba32.exeC:\Windows\system32\Lbchba32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Leadnm32.exeC:\Windows\system32\Leadnm32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mimpolee.exeC:\Windows\system32\Mimpolee.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mhppji32.exeC:\Windows\system32\Mhppji32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mojhgbdl.exeC:\Windows\system32\Mojhgbdl.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mojhgbdl.exeC:\Windows\system32\Mojhgbdl.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mbedga32.exeC:\Windows\system32\Mbedga32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mfaqhp32.exeC:\Windows\system32\Mfaqhp32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Medqcmki.exeC:\Windows\system32\Medqcmki.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Miomdk32.exeC:\Windows\system32\Miomdk32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mhbmphjm.exeC:\Windows\system32\Mhbmphjm.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mlnipg32.exeC:\Windows\system32\Mlnipg32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpieqeko.exeC:\Windows\system32\Mpieqeko.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Molelb32.exeC:\Windows\system32\Molelb32.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mbhamajc.exeC:\Windows\system32\Mbhamajc.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mfcmmp32.exeC:\Windows\system32\Mfcmmp32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mefmimif.exeC:\Windows\system32\Mefmimif.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mhdjehhj.exeC:\Windows\system32\Mhdjehhj.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mlpeff32.exeC:\Windows\system32\Mlpeff32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mplafeil.exeC:\Windows\system32\Mplafeil.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Moobbb32.exeC:\Windows\system32\Moobbb32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mbjnbqhp.exeC:\Windows\system32\Mbjnbqhp.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mffjcopi.exeC:\Windows\system32\Mffjcopi.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mehjol32.exeC:\Windows\system32\Mehjol32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Midfokpm.exeC:\Windows\system32\Midfokpm.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mhgfkg32.exeC:\Windows\system32\Mhgfkg32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mlbbkfoq.exeC:\Windows\system32\Mlbbkfoq.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpnnle32.exeC:\Windows\system32\Mpnnle32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Moaogand.exeC:\Windows\system32\Moaogand.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mblkhq32.exeC:\Windows\system32\Mblkhq32.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mekgdl32.exeC:\Windows\system32\Mekgdl32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mifcejnj.exeC:\Windows\system32\Mifcejnj.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mhicpg32.exeC:\Windows\system32\Mhicpg32.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mleoafmn.exeC:\Windows\system32\Mleoafmn.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpqkad32.exeC:\Windows\system32\Mpqkad32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mockmala.exeC:\Windows\system32\Mockmala.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mfjcnold.exeC:\Windows\system32\Mfjcnold.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nemcjk32.exeC:\Windows\system32\Nemcjk32.exe57⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Niipjj32.exeC:\Windows\system32\Niipjj32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhlpfgbb.exeC:\Windows\system32\Nhlpfgbb.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nlglfe32.exeC:\Windows\system32\Nlglfe32.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Npchgdcd.exeC:\Windows\system32\Npchgdcd.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Nbadcpbh.exeC:\Windows\system32\Nbadcpbh.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngmpcn32.exeC:\Windows\system32\Ngmpcn32.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Neppokal.exeC:\Windows\system32\Neppokal.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Niklpj32.exeC:\Windows\system32\Niklpj32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhnlkfpp.exeC:\Windows\system32\Nhnlkfpp.exe66⤵
-
C:\Windows\SysWOW64\Nlihle32.exeC:\Windows\system32\Nlihle32.exe67⤵
-
C:\Windows\SysWOW64\Nohehq32.exeC:\Windows\system32\Nohehq32.exe68⤵
-
C:\Windows\SysWOW64\Nbcqiope.exeC:\Windows\system32\Nbcqiope.exe69⤵
-
C:\Windows\SysWOW64\Ngomin32.exeC:\Windows\system32\Ngomin32.exe70⤵
-
C:\Windows\SysWOW64\Nebmekoi.exeC:\Windows\system32\Nebmekoi.exe71⤵
-
C:\Windows\SysWOW64\Niniei32.exeC:\Windows\system32\Niniei32.exe72⤵
-
C:\Windows\SysWOW64\Nlleaeff.exeC:\Windows\system32\Nlleaeff.exe73⤵
-
C:\Windows\SysWOW64\Npgabc32.exeC:\Windows\system32\Npgabc32.exe74⤵
-
C:\Windows\SysWOW64\Nojanpej.exeC:\Windows\system32\Nojanpej.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ncfmno32.exeC:\Windows\system32\Ncfmno32.exe76⤵
-
C:\Windows\SysWOW64\Nedjjj32.exeC:\Windows\system32\Nedjjj32.exe77⤵
-
C:\Windows\SysWOW64\Nipekiep.exeC:\Windows\system32\Nipekiep.exe78⤵
-
C:\Windows\SysWOW64\Nhbfff32.exeC:\Windows\system32\Nhbfff32.exe79⤵
-
C:\Windows\SysWOW64\Nlnbgddc.exeC:\Windows\system32\Nlnbgddc.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nomncpcg.exeC:\Windows\system32\Nomncpcg.exe81⤵
-
C:\Windows\SysWOW64\Nchjdo32.exeC:\Windows\system32\Nchjdo32.exe82⤵
-
C:\Windows\SysWOW64\Ngdfdmdi.exeC:\Windows\system32\Ngdfdmdi.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Neffpj32.exeC:\Windows\system32\Neffpj32.exe84⤵
-
C:\Windows\SysWOW64\Nibbqicm.exeC:\Windows\system32\Nibbqicm.exe85⤵
-
C:\Windows\SysWOW64\Nheble32.exeC:\Windows\system32\Nheble32.exe86⤵
-
C:\Windows\SysWOW64\Nplkmckj.exeC:\Windows\system32\Nplkmckj.exe87⤵
-
C:\Windows\SysWOW64\Nookip32.exeC:\Windows\system32\Nookip32.exe88⤵
-
C:\Windows\SysWOW64\Ncjginjn.exeC:\Windows\system32\Ncjginjn.exe89⤵
-
C:\Windows\SysWOW64\Ogfcjm32.exeC:\Windows\system32\Ogfcjm32.exe90⤵
-
C:\Windows\SysWOW64\Oeicejia.exeC:\Windows\system32\Oeicejia.exe91⤵
-
C:\Windows\SysWOW64\Ohgoaehe.exeC:\Windows\system32\Ohgoaehe.exe92⤵
-
C:\Windows\SysWOW64\Olckbd32.exeC:\Windows\system32\Olckbd32.exe93⤵
-
C:\Windows\SysWOW64\Opogbbig.exeC:\Windows\system32\Opogbbig.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ooagno32.exeC:\Windows\system32\Ooagno32.exe95⤵
-
C:\Windows\SysWOW64\Ocmconhk.exeC:\Windows\system32\Ocmconhk.exe96⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Oigllh32.exeC:\Windows\system32\Oigllh32.exe97⤵
-
C:\Windows\SysWOW64\Pgbbek32.exeC:\Windows\system32\Pgbbek32.exe98⤵
-
C:\Windows\SysWOW64\Phcomcng.exeC:\Windows\system32\Phcomcng.exe99⤵
-
C:\Windows\SysWOW64\Ppopjp32.exeC:\Windows\system32\Ppopjp32.exe100⤵
-
C:\Windows\SysWOW64\Poaqemao.exeC:\Windows\system32\Poaqemao.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pflibgil.exeC:\Windows\system32\Pflibgil.exe102⤵
-
C:\Windows\SysWOW64\Pleaoa32.exeC:\Windows\system32\Pleaoa32.exe103⤵
-
C:\Windows\SysWOW64\Pcpikkge.exeC:\Windows\system32\Pcpikkge.exe104⤵
-
C:\Windows\SysWOW64\Pjjahe32.exeC:\Windows\system32\Pjjahe32.exe105⤵
-
C:\Windows\SysWOW64\Pofjpl32.exeC:\Windows\system32\Pofjpl32.exe106⤵
-
C:\Windows\SysWOW64\Qjlnnemp.exeC:\Windows\system32\Qjlnnemp.exe107⤵
-
C:\Windows\SysWOW64\Qljjjqlc.exeC:\Windows\system32\Qljjjqlc.exe108⤵
-
C:\Windows\SysWOW64\Qoifflkg.exeC:\Windows\system32\Qoifflkg.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qfbobf32.exeC:\Windows\system32\Qfbobf32.exe110⤵
-
C:\Windows\SysWOW64\Amaqjp32.exeC:\Windows\system32\Amaqjp32.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ajeadd32.exeC:\Windows\system32\Ajeadd32.exe112⤵
-
C:\Windows\SysWOW64\Aqoiqn32.exeC:\Windows\system32\Aqoiqn32.exe113⤵
-
C:\Windows\SysWOW64\Aobilkcl.exeC:\Windows\system32\Aobilkcl.exe114⤵
-
C:\Windows\SysWOW64\Agiamhdo.exeC:\Windows\system32\Agiamhdo.exe115⤵
-
C:\Windows\SysWOW64\Aqaffn32.exeC:\Windows\system32\Aqaffn32.exe116⤵
-
C:\Windows\SysWOW64\Aimkjp32.exeC:\Windows\system32\Aimkjp32.exe117⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bqdblmhl.exeC:\Windows\system32\Bqdblmhl.exe118⤵
-
C:\Windows\SysWOW64\Bgnkhg32.exeC:\Windows\system32\Bgnkhg32.exe119⤵
-
C:\Windows\SysWOW64\Bjlgdc32.exeC:\Windows\system32\Bjlgdc32.exe120⤵
-
C:\Windows\SysWOW64\Bqfoamfj.exeC:\Windows\system32\Bqfoamfj.exe121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-