banload | 7e68c0229a74265baeb5104c54c9c0a0690dad7b108bf569a6705a0bba433afc

Analysis

max time kernel
148s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
28/02/2025, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ez_cd_audio_converter_setup_x64.exe
Size

43.0MB
MD5

ba00fdb5d0a8fdec748833043daae5ed
SHA1

f9ec9d235266519fe802bb7c820eb9510c81e6da
SHA256

7e68c0229a74265baeb5104c54c9c0a0690dad7b108bf569a6705a0bba433afc
SHA512

c9ef7fecc95f24f8c517bc7529bb70d41f1c1ea75c4e25a1e86c22888a3117923a979eecefe927599a7776a562a06dfc96e0642358f34ed80396a87deb6849d3
SSDEEP

786432:nxy8LH4TmjWNY2Iha+fNuJsNCHYlvSkaU7VZFCUA9tzHhe8xMlOStDJUJh:nQMHUml2DqNuJsdlKSpPlAT7he8xMbta

Score

10^/10

banload defense_evasion discovery downloader dropper persistence privilege_escalation trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ezcd.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ezcd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	ezcd.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	ezcd.exe
File opened (read-only)	\??\D:	ezcd.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\EZ CD Audio Converter\dec_opus.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_aaac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\met_aiff.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-2-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_raw.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\dec_aac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\deviceio.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\mp4v2.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-environment-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\debug.log	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\bulgarian.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\met_dsf.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_dtsmka.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_xheaacf.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.scale-150.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\decm_dff.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_ac3.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_wavacm.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-40.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-64_altform-unplated.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\croatian.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\decm_opus.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_flac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\met_ffmpeg.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_au.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_aacf.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\concrt140.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\russian.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-math-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\storelogo.scale-150.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\avutil-59.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-crt-multibyte-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\serbian.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\decm_aac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\dec_wav.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\ezcd.exe	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_xheaac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_dts.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\ezcdshell.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\japanese.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\decm_ape.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\decm_wma.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_aiff.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_m4a.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_ac3m4a.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_w64.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\hungarian.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_aaac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\Square44x44Logo.targetsize-32.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\czech.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\encm_ape.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\metm_ffmpeg.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\msvcp140_1.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\vccorlib140.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\api-ms-win-core-timezone-l1-1-0.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\portugues (portugal).uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\swresample-5.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_wma.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Assets\storelogo.scale-200.png	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\Language\greek.uni	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\enc_alac.dll	ez_cd_audio_converter_setup_x64.exe
File created	C:\Program Files\EZ CD Audio Converter\metm_wav.dll	ez_cd_audio_converter_setup_x64.exe

Executes dropped EXE 2 IoCs

pid	Process
2348	register64.exe
2740	ezcd.exe

Loads dropped DLL 64 IoCs

pid	Process
2928	ez_cd_audio_converter_setup_x64.exe
2928	ez_cd_audio_converter_setup_x64.exe
2928	ez_cd_audio_converter_setup_x64.exe
2928	ez_cd_audio_converter_setup_x64.exe
2348	register64.exe
2928	ez_cd_audio_converter_setup_x64.exe
2928	ez_cd_audio_converter_setup_x64.exe
2928	ez_cd_audio_converter_setup_x64.exe
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe
2740	ezcd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ez_cd_audio_converter_setup_x64.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F91}"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR\ = "C:\\Program Files\\EZ CD Audio Converter"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD	ez_cd_audio_converter_setup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CLSID	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\HELPDIR	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InProcServer32\ThreadingModel = "Both"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\ = "EzCd Class"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ = "EzCd Class"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID\ = "EzCd.EzCd.1"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd\CurVer\ = "EzCd.EzCd.1"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\ = "EZ CD Audio Converter"	ez_cd_audio_converter_setup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\ = "Rip audio CD"	ez_cd_audio_converter_setup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\" -nn"	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\EmptyCD\command	ez_cd_audio_converter_setup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\ = "Device Center Print Status Extension"	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EzCd	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\Programmable	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\FLAGS\ = "0"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\0\win64\ = "C:\\Program Files\\EZ CD Audio Converter\\ezcd64.dll"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ProxyStubClsid32	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InProcServer32	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\ = "EzCd Class"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\ProgID	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD\command	ez_cd_audio_converter_setup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\VersionIndependentProgID\ = "EzCd.EzCd"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\TypeLib	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCd\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0\ = "EzCd Type Library"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}	ezcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}\1.0	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\ = "{E46D6DC6-9707-43A9-BDBB-0BDBDD096F91}"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\TypeLib\Version = "1.0"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon	ez_cd_audio_converter_setup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\DefaultIcon\ = "\"C:\\Program Files\\EZ CD Audio Converter\\ezcd.exe\",0"	ez_cd_audio_converter_setup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\VersionIndependentProgID	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ezcd.AutoPlay\shell\AudioCD	ez_cd_audio_converter_setup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5EB55958-633B-B502-6AF3-56089298885B}\InProcServer32\ = "%SystemRoot%\\system32\\fdprint.dll"	ezcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}\InprocServer32\ThreadingModel = "Apartment"	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzCd.EzCd.1\CLSID\ = "{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90}"	register64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}	register64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46D6DC6-9707-43A9-BDBB-0BDBDD096F92}\ = "IEzCd"	register64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2740	ezcd.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2740	ezcd.exe
Token: SeIncBasePriorityPrivilege	2740	ezcd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2740	ezcd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2348	2928	ez_cd_audio_converter_setup_x64.exe	31
PID 2928 wrote to memory of 2348	2928	ez_cd_audio_converter_setup_x64.exe	31
PID 2928 wrote to memory of 2348	2928	ez_cd_audio_converter_setup_x64.exe	31
PID 2928 wrote to memory of 2348	2928	ez_cd_audio_converter_setup_x64.exe	31
PID 2928 wrote to memory of 2740	2928	ez_cd_audio_converter_setup_x64.exe	32
PID 2928 wrote to memory of 2740	2928	ez_cd_audio_converter_setup_x64.exe	32
PID 2928 wrote to memory of 2740	2928	ez_cd_audio_converter_setup_x64.exe	32
PID 2928 wrote to memory of 2740	2928	ez_cd_audio_converter_setup_x64.exe	32

C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe
"C:\Users\Admin\AppData\Local\Temp\ez_cd_audio_converter_setup_x64.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files\EZ CD Audio Converter\register64.exe
  "C:\Program Files\EZ CD Audio Converter\register64.exe" register
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:2348
- C:\Program Files\EZ CD Audio Converter\ezcd.exe
  "C:\Program Files\EZ CD Audio Converter\ezcd.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Enumerates connected drives
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\EZ CD Audio Converter\register64.exe

Filesize
148KB

MD5
5872f17645e7ae8436d7607bbbf16cd2

SHA1
767b605431383444afc4d3ca714cc1a9e57f75ff

SHA256
d536a588a513c62145a7f4c1541ae64ddb8495049ceeb4204575266181c91e0d

SHA512
dffb23a467d4eeb19bc4fa3d89337b490bc33522d8d4b74dd82919103d7b44d1912bd11008368649321b12278b50cc9f036d9a195d792774610c93b037440326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\Local\EZ CD Audio Converter\converter_normal.txt

Filesize
682B

MD5
5fe1e6f8fb8ac21f63049cf39089f53a

SHA1
3176505294c2b2022fbcd227a2493b2a20fb2533

SHA256
b4e717f9ef7af9ba991f9c36b56cb9b4f51fe3b8f29b738496f3af4dcb48d47e

SHA512
a9668866637c6f5e22ea0bcaf2fa56d81beb78540b419ef8ce41118d0cf7cbf766f38b8c0d6ab72839f2874075aa1e8526a815d95d9f05e4a2a59d00e9640ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar177E.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\modern-wizard.bmp

Filesize
150KB

MD5
5dc251b994c2499628eaca24b0ec587f

SHA1
6904b12c39e4765414a4502ca59bd6405e39b364

SHA256
22727d9d1e3e0fe0df182c23b15d6a126ed19c2d1781af8d56e43f87e6506ac1

SHA512
ffba72a87ba1462e62fbaa19015a1a443423ff807483f5e2dafeeae9be3e40505769bda5a1b88eedc8e67b92900961e0d30f9e714e5a96a9b2f1d4a3f6150ad1

Download Submit
\Program Files\EZ CD Audio Converter\acdbase.dll

Filesize
4.9MB

MD5
518475fd02ba061f30ac7419c63ec0ec

SHA1
5826f8e6c7486c4893ab3dc8294236f358d49ab0

SHA256
f05d78b97d6c9f68b8f5966930a376ced87244c1b031492eb3d8c10dbc7b63c1

SHA512
08c2110aaf5b1a5ea342c48602149190e915103580f6998bb95a9963ee1ea0c89dd7d201de36b3b7c985391274f670e54fbb45c9152d6b3fb31c615db3119006

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-core-fibers-l1-1-1.dll

Filesize
21KB

MD5
ad951158527940bac000e0baf0c73d63

SHA1
6b6ee384a4d7df4eb8e9ab60dfea1d4b62bea922

SHA256
0456c30ee2124ebe7788cd7c41a96a8ce8f5c18e4f28c782e1be4b9852c5b0b0

SHA512
56104592b857df6c07e673136f762a56faa4f9e93702411a8ab2109f739a0605c36f1d298c6047a8860ab130a6ec2231c52cb8a9ea8ce5462c98991029a7699f

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
b0a23a59470d0d05f65e68b34cc3151d

SHA1
fb847743919b14904144b463cba1700d14d60b8c

SHA256
b2c7cb7d8cc4d78d3aeaa33be5f37fa72c8dacdafb9259e2ab9c633eb4523221

SHA512
91a4743187b8fe97d3a72ab132b0f995529ff490919ddb779df2e5f700e72c32d6de3ec574d6a4f02531252731790b720af3c27eee6889c397933c9b3de8f164

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
9ae6d3043815d2cad7f1aeb38c6d82ef

SHA1
d57d80b9377fc522e326b4c8a3b819fba3d6396d

SHA256
cf9bbd97661a1bafe171e5f9fc1edf7f172da0bc6424e1b68550455196a0a049

SHA512
a2229f677b9db677a5f336d500022a083d319add8d3016ed0e0ba3c9dc026b25069b0b1ca01d101ff4a5410101bb1fc167f289000200f5970b747fa4d01ee515

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-core-kernel32-legacy-l1-1-1.dll

Filesize
21KB

MD5
ec9ea954d82514e4a1df8a2825d7ae94

SHA1
0f43a140ac8b95a061c30c0698328f8888e5447c

SHA256
d3667ed353e1548c8833280e50834b634b9775d15d25ce0511d2b385d7a607a8

SHA512
47d7fd7207822324bbf4f2ca6e321451137a584e735c02640ec63ed32275a26ee0312409c77433491c0f900667d36bea4d987f8509301987129cb6ccaa132b4e

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
776fb42f857d54989b2697b34ccc6e03

SHA1
abdb792e85a0f29b9a2dec0b56e32aa023c363ad

SHA256
058a3bcb3c1e463bce5c1990c369600dcca924f1b0aac87dde15f10c00fb4aaf

SHA512
1ed6bc1a9bb046339f5c04a46a7f0778a27bddfe0aea924c80b298cfb10f8bcd9e1fba82a4535b9f90acb516bc92a1475047f858f3bf474b5225ea257bb44918

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
b7a16442965c65d7d75ff8e2b61c2f79

SHA1
e03e80eac8c6c1dfe47a909d3568768b4e71c4e9

SHA256
0203d7ebe58d19216f53812a8944044c663df83ad118fc3e308dfe8a694774fe

SHA512
9e88bd48a54d461593b3d925c954bc93d49f960f21cd251906140deae72d8642e2ca0dc461b880f24cce96eb897e9e7d22ef02ef017f12044316a650964c9b11

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
d9a8a89d917760865d76766eb737c4a7

SHA1
6fe438d4718762b039042d6d061a88b09ba8d265

SHA256
7bd60aee2db91901c5804c6c69f9d877727bd8cddec30bcd047bc3afec5d8852

SHA512
514e6450eaebf38879da0f83632700473f6a34ffe8e872e2549105d2c989764f57a9208aee77b1701206891c3e397d91fefbe7836e6240af5781c5f7c4e70218

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-core-sysinfo-l1-2-0.dll

Filesize
21KB

MD5
c04a8cd941b3d85c19ed30d3f99b6c83

SHA1
d07029d9b05eb89c9e3b12215f64d5d7e811eb0d

SHA256
f03792b75b79cd3ed91953c2960019e5b5d331dd5bad713b617cd3ec8d3150fb

SHA512
a88674e11fe827f2da8845b6f1255703cf8de80e6103cca70365efbc8c9e5298cc59e1ee534e0335693feac2127c1137531a7c6656ebef577f695f2f7b3d9418

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
c0246065b2a0ae2d49b2907aef284db8

SHA1
5dfdce8c77dee9755a67d25c1b58583333a93475

SHA256
ef80d454da25256a4c5af5322ced313867576978e8201ec0946eac21d44fe637

SHA512
299e54b4c6a9ab8d29de7310e9023f74e6fde748b30cd7476f8d8ed77a2d8867c46fc3252665f02807df92f774c67fbfdbd56e7969a780ff25d57bbf8566ef78

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
10586394ea9480d896dc90cb41fbb349

SHA1
b7572485a312ba7a228d0a3c1ad118a6187f88e6

SHA256
81f4b3cd11611aeaa94171ebc1079e501ec247e8da6c113e6c81a3877acca15d

SHA512
45824a49a13bec16961ff56a402b5cbbbfda4639a15fb48061f86d16995fa49ff7901e9e339a873135822756a7a1b7a69b2f0499e4568cb334bcac04a425a3ec

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
4b2639aa215141a968dddefb30e5e21d

SHA1
10680e48e128b348bcf22ec87de68acb36749def

SHA256
1884872dbbe89023100d7f15e7b3a3eac16c3c8e3c103016c87c223bdc60ba7a

SHA512
5c66fa31a7959581cb7967a33627de42c88e919ce6ac2ab56b74e8cc81c9e082fd407cdd08fd235f5c29cffd15b4fa07531e0f8456925b8293de39b713a1c3d8

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
011cf908bfb96ebe4f6dae19820b1c9f

SHA1
266511422f8d52a6fee8d40c7e9436ce2bebbde8

SHA256
0d69f5d5720655dd15172949e379dce5dc364e1920f6fcab8f809aed7ed2ce9c

SHA512
c299cdd3bfc892f8348b811d2c25a6d9d74b42b4d3f5eace7c947ea3c5a34f1aab786d9b7a041aa97a6c0e03117540378c9ada51118912194ef17ac52274c0f9

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
7307d9479d874ec7df299f497c0b03f3

SHA1
ade7ffa3482e68127d1d8494e11337088a0616e4

SHA256
09b320d575b456b1199e4e2b09d34d4200fb8146b297ca78d06d80e9158a45e0

SHA512
f945ac79a99c72e4a26461e19aba66adbfc31b60a26b6d9338f6667a3795bafb4941a7b446a67a433308254fb112242886be34dea466c639bf5dcbc075a88d4f

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
a3ac58404a0ceed624f9a18d0a65852b

SHA1
c77396fc5c699c2fd22e586e28a99e2cacbf0bed

SHA256
4e72f645f47abae98427b4ce8c510f96112c16e640721ce3f82d3619eb3961a8

SHA512
73663e1f7af32b806189a8b3feac672344cbc2cd383f26eb59d911f03491a8e3aa3c2c14801e6bc99888d1b45fa171e2dac574c6c901ff37d16cfd674db4d7a9

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
38f92437d012a0f6ad6e435dfaed6cea

SHA1
b361369f57086675d5481a93dfde65c971aafa13

SHA256
265c87b9a63420de788ba7855e847b4eb794c4256080eeacf64b81e70af889cd

SHA512
36f71ebcefba9a762c0773c89f2dc674cc7d5ecfd6156f882e646554a68cc6a6ebf8d28554b66fa8f7b57ab6be29b06a42cfddbb7847bbc42bb7de09851a79a3

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
d709d32a2744df53af5fb8a50c85a32f

SHA1
a326f3ce8542f65e58b1c154af9bc5ba232a26fb

SHA256
ac90c44b194135bf555ac7df2405d443da87e1374e5b5bb408a2761a9bc63e3d

SHA512
ca973ab3d503bd818448fa874ba9640299e0d0d7b8b2e82a801ab39d961c22f9bff4def1eaff4d7fc5052af27a1fbfa6d52706311e21da37f8a8df3db2838bdd

Download Submit
\Program Files\EZ CD Audio Converter\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
cc741d481aea80559546da3464b01ce0

SHA1
a8dbc99d525b71ca53860991fba3fe10f67343de

SHA256
3fc3564e2276e8149856e74f59f594549d017a3a967ea66450e1c04af8768bc8

SHA512
600afbc7ff488291ff06c677dfba3db96d65b43d1c3f834e94bf1de225a940f8c8049cedb082d665758f22aacf2808d2915c18793bf11fd0d17cdff8150880e3

Download Submit
\Program Files\EZ CD Audio Converter\ezcd.exe

Filesize
8.9MB

MD5
9d261d76035282c574e39f8cab1dcae1

SHA1
9086ade86ad5db6fa13d5717e6457f4eee99bbfb

SHA256
f6998659dd559974c4216e861740ab5cc6ad0eb4874c46f082dde25dcf5662aa

SHA512
5135ff62ffbf44ba434fdba394fb94b79bc2fb15e0728e32ebf33b997564eada2d6c17b96a625decc08b73eec6cbdd64038b594aaa0228bf579b36ff9f2132c6

Download Submit
\Program Files\EZ CD Audio Converter\ezcd64.dll

Filesize
692KB

MD5
af4b35101d3f77fae67f9a0fdcc62559

SHA1
3b94904a6565bf46e47baecb5e1ee5d1701a19a6

SHA256
cd1728e4cb3eff23d5d9c85c36037f84370dbc7625fae7fad5e49887ea392455

SHA512
3c18e16556b0a922f8cc0aa22206cf053d3ca54acdb6de980f2073fb26097a6db951f24d1c22d8a03c4b9d3344030be921913e77cb8c69b9cbe7399f798b9c15

Download Submit
\Program Files\EZ CD Audio Converter\jiso.dll

Filesize
80KB

MD5
f5afc2baff5e79bc0ac8cb54773573a5

SHA1
3911e55d07b83ce3ee4676fd6e3008705128a079

SHA256
47a447af287fc4018ea03cb9e6d91ebbfc4ccf2d2a5155de9b429c899e1139c4

SHA512
4c20672a8b07955f38241f14a057806a3b35349a8dee36933ac4ffb41e69d88a8047d02ec4561b4faa4b3216d09044212490e4050a38eca9ff47d6f6ce42e50d

Download Submit
\Program Files\EZ CD Audio Converter\libmmd.dll

Filesize
3.9MB

MD5
14d1c437d435367d79d9242ab63e4612

SHA1
203b36a74933fcc82bdadae426348c1f6c43f7aa

SHA256
e2b0066f3f4479439d5f008c74482b78ed13203d62c2ecb480cc12b4d78a01fa

SHA512
fa578f55975e0566fdcb03185e4ecf95d3affb27ce3dc34b56fcbc3c50e6f1ee6010dbe3fdee2f6cd043181cb8eb18c4ed69d84ef1c94325e212cf18bd4d6f63

Download Submit
\Program Files\EZ CD Audio Converter\msvcp140.dll

Filesize
562KB

MD5
7acbc57d268a691247b4a94fecfa42b4

SHA1
67bd76111b4ab8f4c0692919153dde2e7c8070f1

SHA256
b99eb28a471311113f5c4109cb3c463f39cfd9bdb3b07f706204dedddb4516a1

SHA512
b08140ce86ea78b481b78644f086359326616a56fb3a3953da16a7fc2bd15a493652f22d4d2fcba3675c668b9832fdb7d5f17a8aa6ccdb74e7b746a79df60b88

Download Submit
\Program Files\EZ CD Audio Converter\svml_dispmd.dll

Filesize
17.4MB

MD5
ffe3e9d3164c6bf14d9eacb31f13fe9b

SHA1
8fb1513242d736160ce3e1749833544fc2c61e4a

SHA256
415dbc87ff6328fa45b69ca25a5861e5e25f50b348df67590abb99839efb9a90

SHA512
78eb072f05bc0280b05ddf4ebb2a9d34cda0caeb4064600cda865fee87ff6783fa8fdaa8aed46c2a8b95125b8163beffb22f397e3a5a4cc256e7614f109e260b

Download Submit
\Program Files\EZ CD Audio Converter\ucrtbase.dll

Filesize
1.3MB

MD5
04e1eb90abb78c5fa6b440a6f17ddddb

SHA1
aef1c0b9fdf7aaa115e3c0a285c8ca8603f3852d

SHA256
3088326cb0fe5b5646e02c7b2de71ae363fcd26a0000cf32209c8bed05a7a866

SHA512
d9ba76a2bec20eba80481ecdb5616061a45f689d41cfdd8957287675a30a60ca3e997589d4312aba7c148735477a0b432f42fe7f7b8d2f7c2cb1d3aea8f56d86

Download Submit
\Program Files\EZ CD Audio Converter\vcruntime140.dll

Filesize
117KB

MD5
32da96115c9d783a0769312c0482a62d

SHA1
2ea840a5faa87a2fe8d7e5cb4367f2418077d66b

SHA256
052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4

SHA512
616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

Download Submit
\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\LangDLL.dll

Filesize
5KB

MD5
08de81a4584f5201086f57a7a93ed83b

SHA1
266a6ecc8fb7dca115e6915cd75e2595816841a8

SHA256
4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6

SHA512
b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

Download Submit
\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\System.dll

Filesize
12KB

MD5
6e55a6e7c3fdbd244042eb15cb1ec739

SHA1
070ea80e2192abc42f358d47b276990b5fa285a9

SHA256
acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506

SHA512
2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

Download Submit
\Users\Admin\AppData\Local\Temp\nsy7B87.tmp\nsDialogs.dll

Filesize
9KB

MD5
ca5bb0ee2b698869c41c087c9854487c

SHA1
4a8abbb2544f1a9555e57a142a147dfeb40c4ca4

SHA256
c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324

SHA512
363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

Download Submit
memory/2740-430-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-373-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-377-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-376-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-375-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-431-0x0000000003D50000-0x0000000003F38000-memory.dmp

Filesize
1.9MB

Download
memory/2740-380-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-429-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-435-0x0000000003D50000-0x0000000003F38000-memory.dmp

Filesize
1.9MB

Download
memory/2740-436-0x0000000003D50000-0x0000000003F38000-memory.dmp

Filesize
1.9MB

Download
memory/2740-362-0x0000000003D50000-0x0000000003F38000-memory.dmp

Filesize
1.9MB

Download
memory/2740-378-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-371-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-501-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-505-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-510-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-514-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-520-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-523-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-531-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-537-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-540-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-546-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download
memory/2740-550-0x0000000000400000-0x0000000001D86000-memory.dmp

Filesize
25.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads