329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd

Analysis

max time kernel
22s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe
Size

170KB
MD5

1a6ca4180e666a9a719d1eec5a92c680
SHA1

36694db512b155e7938f58c9c191cdf77f9a82e1
SHA256

329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd
SHA512

227ef195f5a7bcb8625841450261747c85a0199288fd0b03d5682417cb5a5ddf3d685016b1cc82559bc42a50c7404b715491b0df80f2fd6d9eb51523174296cb
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBe:PqFF2Ie+eFC2fqFF2Ie+eFC2V

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (117) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Executes dropped EXE 2 IoCs

Processes:

_Performance Monitor.lnk.exeZombie.exe

pid process

1320 _Performance Monitor.lnk.exe
2556 Zombie.exe

pid	process
1320	_Performance Monitor.lnk.exe
2556	Zombie.exe

Loads dropped DLL 4 IoCs

Processes:

329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe

pid	process
1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe
1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe
1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe
1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe

Drops file in System32 directory 2 IoCs

Processes:

329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Zombie.exe	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe

Drops file in Program Files directory 60 IoCs

Processes:

_Performance Monitor.lnk.exeZombie.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	_Performance Monitor.lnk.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	_Performance Monitor.lnk.exe
File opened for modification	C:\Program Files\7-Zip\History.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	_Performance Monitor.lnk.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe

description	pid	process	target process
PID 1932 wrote to memory of 1320	1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe	_Performance Monitor.lnk.exe
PID 1932 wrote to memory of 1320	1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe	_Performance Monitor.lnk.exe
PID 1932 wrote to memory of 1320	1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe	_Performance Monitor.lnk.exe
PID 1932 wrote to memory of 1320	1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe	_Performance Monitor.lnk.exe
PID 1932 wrote to memory of 2556	1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe	Zombie.exe
PID 1932 wrote to memory of 2556	1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe	Zombie.exe
PID 1932 wrote to memory of 2556	1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe	Zombie.exe
PID 1932 wrote to memory of 2556	1932	329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe	Zombie.exe

C:\Users\Admin\AppData\Local\Temp\329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\329e6c49ca9a46386f07832dd6f8f33da57033c6d3ec47028868fdf7cafa06dd_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1932

C:\Users\Admin\AppData\Local\Temp\_Performance Monitor.lnk.exe
"_Performance Monitor.lnk.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1320

C:\Windows\SysWOW64\Zombie.exe
"C:\Windows\system32\Zombie.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2556

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.exe
Filesize
86KB

MD5
2c61ec40d78b0c2dcbcbd852b7a82329

SHA1
851ad954344044277d6587f84a6be95cc948d0fa

SHA256
24c1988675962b16eb0f3a95fbabe4e533eae665093828ea5a65bed0d9cba9f7

SHA512
132f8a0857cdbfbbd987354d2821a7e377a346620ce526f6ddfbce578ee1a3fdf909b0d4b682767b620b43de63f40d56de31b76bc29d32299f767ce22f75839e

Download Submit
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.exe.tmp
Filesize
171KB

MD5
480a3deca4e5b4df631f0d401cb1358f

SHA1
d6334fadec0b224f37f5392f113264b2c4ac1a75

SHA256
cc6a5990fd9527df520534d8dd21471d77f55be4badc85e9a5eb2285b9206c3f

SHA512
9f3782f69273a77c1cb4c86d7ce5895b6c095e3cc3af5351eeb068b813599540a60bab386644d0f58918d034f03c3978fa04795b381d07306d097c3820b73c8c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp
Filesize
20.9MB

MD5
39e5445d1765f5c51d57a68ca0ddc402

SHA1
cf993996a7669500976ed639f195da4b9c17a61a

SHA256
3bc8162cfc86ccd004474559643ccd7b291f93561d1f625676671c2c27157646

SHA512
747f2dc5d762997033630744e0adb539c94de1fc6b81d01c3fd1046af1c5665060eb473e35af481b45399710508bb293b82db0951ca99581221ba6775e94376b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp
Filesize
3.0MB

MD5
c3ba48568c2c1d384d0f3dd254ad0ccb

SHA1
dbbf52c2d668053b24cfc4f7ce5e6c7b8de18326

SHA256
b03cbdfe1ea3553d038a54438638a0cf64986f1ed13ff561c36c1e7b4f7c1d06

SHA512
2d2715ce51fd5f684f705007d6785a2368b3399b21401a96fdcfc901e6e66c418a88960ebebe18b691492822519ffd73539b78854f734809e3fbdbf5ef5ff42d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp
Filesize
1.3MB

MD5
7573fe5882431a58a8ef76da1391f87f

SHA1
d4a3024bc98ee9d96d78b5e85c43bdbd561bc105

SHA256
c496ed376af07c314546d6414954d70ff30f1aa092078ebb0611e11aa5e8e51e

SHA512
aa3ed54f23faf8a519938e97c30739b4bc7b4cffe7606946bb0b842ac6d23ef1bf00e3a24d3d61f4c69b80be7c70b0b51e724d6ce1b0cee28c633702bf8e30cb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp
Filesize
22.1MB

MD5
ab2bc221c0b30926ad67c7247cd0fd3e

SHA1
cf763ff6bd9fd1b1a84cc4a848b24b921163a6f4

SHA256
a56a66bf57b67949adf36bb3b8688c189babecd7defe3f58ed6ff9df80125687

SHA512
ae53f70c8800fc36f37fdc6bf878cf104f4ddc7ed305be92841e05377051472964b7f664e6c775b1968bebf6f6694a7b8a64fc0efa79405d5bfef06a0786638c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp
Filesize
21.9MB

MD5
f7041b3fdbf8387af4f0af788cc133a0

SHA1
43f5567c69c3ac91a2918ee8a398b5964d6cd78e

SHA256
2419a3451226f6d6a977bba3bc2a2730e6839461a14f76e6c8c3eace911f76a8

SHA512
7c80d89681167c64005268f1cc1a1b97c03c571fbe37c3c53bb847e18f6f902475e60d6df776ffbf5609a382ce111f835a90a37c80f4bdb31c556b2d579db8c7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe.tmp
Filesize
232KB

MD5
0b7fb84a67471187f34a80afa7474e39

SHA1
13fd25d5452ed7c12e4b3d3408154cbb7ee4d4bc

SHA256
c53104c9fb81c2a5cb669b9983fc914424c0ea5ec86f39ddf66bce94461ec49f

SHA512
0117dc33f8b0551dea4cd39fed8409affd38db84fae81b6172b8e3dea43174e118864252cae3f58574b24defbee6d2d1cb33be3367a259c6152b2a416390f21a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp
Filesize
5.6MB

MD5
f904f22d45c5bf96d25236bdba31b594

SHA1
a01dc157b8a12d529b5b498e0541567ee9dd8bd9

SHA256
e4d74a2725c4a48c58325efa5bbc045a8722703490185dfc92d51655bd832b4b

SHA512
541a825c90ccdeb01bbcc2112619898208e5139c17e61c4ec2c3923b1826a439f6350cde1fa62744ed03705a58c92b0a355cafd2a53b573d54925175fc23595a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp
Filesize
785KB

MD5
e382731458a2b1247b20d834ec13e196

SHA1
3d7dc110ca0ac13f7ee33576f4f3045b90a736d7

SHA256
a71f651983362f72018c3f5f1501217d9bb20bc64310bdb2fadab321d08e765f

SHA512
cbfb39d75b05109d18dd9c0cd594e2538437eb2fff31b37672c1be7c637d4c2b8f86fc6bf2797974f20b4db3c6198cf0e38b5d27c01579ab66a4df2879e3584b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
Filesize
1.1MB

MD5
2894752d44ad3bf96de94581f6114672

SHA1
5980d171eb6844311b83f35e0f60e2f8507fd4a7

SHA256
d65820af30e12ed9883c1b052d8c0d68e2654ccfe1ee8c190d3515bd4ee5d7ff

SHA512
c8551e31f41fce186b3d5024103bb2795b17e913859b47341b4e53230195985bf8668a6947454795a431ecb013cc94fef93f4dc0a72030f99cc317e8e282feb1

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp
Filesize
16.2MB

MD5
d35926f3f9dc6b83cd1efd9b48a9f784

SHA1
521946fa9082a34ca881273e3505b4a7d44f2dd2

SHA256
ca3f065ed99057b583cb8e35a0c3350698da5cdff8ed2bc4db15042ee69e2e14

SHA512
9702b16b46a615a2a29d51481bfdbf97bcbe1403aa54f7156e6763c9e26cb3818de92faeaec62074e119a0a8c7a533819032f73e377295c0a3ac50a811639885

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp
Filesize
1.8MB

MD5
511995c98b2d9f2a5933cb0292e804a4

SHA1
5b1c469051ec66185db8535084a925ce75bcb1bb

SHA256
b4e82c0672583f6cf1bf6be2a7962cea4211d66bd39db1e6c9ae89a00aa5847f

SHA512
7a00386f328a31478f5c2277b57a9ebe98069968697314d6779af8aa966e9d4e95124213ce618267e4483029aa2a23cdb7e5a905bb8235ae6a1eaf8c987e8598

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp
Filesize
9.6MB

MD5
ea743f980b158d35b8d502a13d41254a

SHA1
90be9f8cc208663e138f6461f2f93631c403bca5

SHA256
aa63e78daaaa7e37a629d46bfcc25e10726c08a839e9b900bf1a919e9f2e3554

SHA512
0f8182ff60d671204e0295e5d17dcc794c0099177343238b7347cd5c3a7b4f8a96996d6b0e0d4ced806abdbe47df034d093e403566189bc84a0ddd338fd1a679

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp
Filesize
1.8MB

MD5
b49a69f6578072ab5b307818d64c996f

SHA1
de73b72b98b39701ab978e2bb0ce320b491307d7

SHA256
714f6f4212f716fff218e79b272a535e177073eaeb20ae766fa120b097e04ab7

SHA512
fe7afba543e07759eec405c2df92619162430d8c8a03abdde3dcd45b58116914bb646c7576a52bfc384bf1195612c9c62f08c3c51a1246741700fb63fafd5a4f

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.tmp
Filesize
87KB

MD5
42a45fa716a27a5277974c6422ce4030

SHA1
5d75378deb815e1a236e3ad47e4e98822d7df532

SHA256
1cfb8aa52f982ac2accac74a4beb4b70d3b02a114aa4949fd45436b6d0401cb8

SHA512
00fbb8f4e1d2725d2b2b07f97ecf4cfe35e0fb90e019f8f69ade51bd11d1e8bc5b4037982d3cb0a8c09e67f9243caefc4a6a70a499727e2d73e0ea3ba90eb497

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp
Filesize
14.2MB

MD5
ab8d5bfb366695b86a85bd629138a4c4

SHA1
e58b91bd916819b12761d8dce950dab59459e7eb

SHA256
f51a9c21f5cbc0fbc036b04901d2109e8fcaf78cd8eec152ae57bac067fddc46

SHA512
45216d3025cf1df34b5a7d1eeee87dd7502ad386a5f728e2e81afb15f251cf50d850fed4d7a349fdaa47dd641cffb66fdc050136430fd1308f1815b9b9dadeda

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.tmp
Filesize
2.1MB

MD5
8e76e2d2c7716b2688c5cda98d40f5a7

SHA1
b947e9e69814c008d41c1e62f536c70fed7da05e

SHA256
758d61e4e1b22e8f4f7d5b35762ee8150aa388acdecf4184b609322d10e8d4ed

SHA512
da045bde143846833f3f3464785b08e1a92330a46d0b5694a6ee435f8dde29a7c7dd2aa38f6461557834c35cdc630be917e9ea9d2555c5b1b2bb877ac54cec47

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe
Filesize
91KB

MD5
378f88501373a77624338ef2622eeff1

SHA1
0dd33da3f90433597a4a6cf8fc146ada81053b39

SHA256
4359b08263a7e6ec58ddc4572970d9b1ceda4eff17d08ef283157814c8a1a176

SHA512
7976222730120b87d7f4b0fe9641d6d5b98ea78798949f22e254d02a538bd7760377106e7eea315f839bb3f5b76b0bbbef03ab2df673464ec4499ac5e00948db

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp
Filesize
1.8MB

MD5
24d3d22eef94ec94c2081e08c068a4d5

SHA1
009073a5c23f5241e38576de4a11b865ca16adf1

SHA256
8a3550d90ff512270433a80d3f54779e9eabbe80c807580ac0c5cbd4a6bb9e27

SHA512
962385648fc6fd63ffa06e66326c8b1f08f9632eccc75391b03709a95d85557f78730f66c68b3f08b942b29163b10a7938c91c8c31a4095b0d63dafa845759fe

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp
Filesize
10.5MB

MD5
588c92c70f37d8713d4f89355d8d3d49

SHA1
866a10c0a7a3fc076eed0a1eeb8b58a5bb4da1ca

SHA256
a8e3d211388d2bd287488e1aada475f5bf978d5f5c392aeab34d3a314fa1c2ed

SHA512
d6d942aa05a96f038cc650ef0eeb4b79d6e8d8204c98691e13e526e5eba55412c7432e252d5f213e5887f4f8424703f2b10e52e968705689b4902d88b5b9c81a

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp
Filesize
12.7MB

MD5
5bf8b0c79746f94f2b6858e152f0ef3b

SHA1
5dfef0ea44149f210a116ed1782dfc004a52553e

SHA256
5d05868c16f9b846b588058b0de998b49be88b322c1fc6f41ebb22e79d3fd3ea

SHA512
3eb41fc222eec06b5e55f101545f660bd91cd9b8db47e0bc3bb9d016edeb93cd0afd165bab88c8c78229ed627bcfa96392b457d81325e9540a7eaad409d41e68

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp
Filesize
734KB

MD5
5b1d04d51672f16fed3607922253e7d3

SHA1
df0c1c1334026300b634fe04edb73778f7510b25

SHA256
36b7441affc8bd973e62e47a9e3c264934e598eb0787aa255fcc9e61b74a3f48

SHA512
e0d6e6da6ac5c2c91129f0fe810ed4c04c97877cd19801573d30b0dc2776d7bf38d293476148d1be9a2be40818e2476ea17c7540017f43ad1b99d5077e8fa62b

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp
Filesize
19.6MB

MD5
e3052bb5c5c70b44e2c2dbaf2276b91f

SHA1
2f538a57429edb382a6aa6dc97eff7b85edee362

SHA256
ea5233c04afe642c3419a21bececc869cad6361469f64748da77a5b7c2e16b40

SHA512
b0bb0c1ad5f01eaeef6c8483863a977037a4f805c972ea86ee6c13da5fca91d062e657b910e30f99c59cc8c6b972cbd8d0a9a8b9f97c2b9601ca81bc3df32554

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp
Filesize
738KB

MD5
25b31a16ce1f5defc0ab2b0f31580586

SHA1
eaa17ac363ba9da78417836330d94d28e3a9c8ab

SHA256
4672fe5503ef8c6c5679a01734485262b847ffa8d7a418e279b1c54522d39bd2

SHA512
9cc57b844917d5d00069d202384c54720e7693fd09cabcf0c1e4fcd68c3e3d3c3a54de19efd692a8824a82bc3948ea427602ab2892ed7540df2514449af8462a

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.tmp
Filesize
92KB

MD5
4689a778bebc9e6f5415ddf17c7745bc

SHA1
28fe5c0e558eaa5156ae9a7ebc55207f50c58efe

SHA256
945a81d8799594c23029a9dfcfa1557c54a6368097808a6534c05968b216a820

SHA512
914092ebca9966f2a202aa4be55a8edc3f0aca0050127beac3060ac8050c439a74b322d5c47c17988d83a424bbc780b5e2e4c0845370dac5833f7ed01c1c4c20

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp
Filesize
2.4MB

MD5
e57c6701f1ee1e8e4de14871f46e22ba

SHA1
b70ccc7bc945b3a4e1ff6a3012e7544c1c2f9b43

SHA256
791839e7d4c42335a11ff9b58b8459673490e7f5932ea98013c192136433d653

SHA512
216369432eea065b559f593ca2b3724b029dc94adb03ea9ac382e5c73cb602f6e4a098eed8bc44a48757cf4d36898edf5cdf815d8999c53747031513323e8a76

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp
Filesize
1.8MB

MD5
ce98da7a691da101007c686087930b0b

SHA1
931147368c351cc3ca03f2e02d77f67c53acf736

SHA256
8eeace8e895b1513f02851f158298a070b9435cdf90402269bc6f98b4ffee742

SHA512
ace927fee0c5ccf7c970c6f265ba68a7a97f39b24a8d185f65516be98f76cd2408c26abf3eb9d1335549b2bfd833620058b7ca1eee72065b158d1c8c1ff67e07

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp
Filesize
16.7MB

MD5
2db52264accdd635b8a46d2a3c9c2d43

SHA1
a3404ca7e4aaa33643a9b190fab2b33da1a25cea

SHA256
c43c4b81bba7124ed8981a272d12e132562d4c35b977ce601b7672f922da0c4b

SHA512
4e63382ac0bef9b00a792769197c13764c5ba53fa14d8a54741e2f96b870b168b23b2277c360aad9e7aa9c8405b9f1e0f55660fbe59efaa2d266c7420719d4d8

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp
Filesize
4.0MB

MD5
bf2d85b63493906cec926babcb6c6070

SHA1
1c91511b8cc695c2d7fc47802bd0fc164ade31d6

SHA256
a0c0bca454b7f8747acb5fe6e0e29ddab4862c970911e33d6ca3404dbbef02b4

SHA512
56ab6022e2f7d3dea97ebc756c05c80d7e6bf5ef2c2af50cf716ca5b6301a83c68e92358032f522f48235a6785ddfa63267cdbcfc813f3fb21e5baf92c8428ca

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp
Filesize
1.8MB

MD5
3a0eccc54aeddc2866f780e307d7cae8

SHA1
9d6271021f0926692482a5e743b9773a971c5395

SHA256
04bd5af1d6eccc2315e864e59979de07a0af59614f2e884c7cd138d09f0fec7b

SHA512
be35d07317d43101bb27b4560dd1cae5373d2cf396874193f7786a8f54c6f92d242293f54221bf323259a7c7f5469224caabbf64fa93c37d48f9f2c5a468b642

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml.tmp
Filesize
88KB

MD5
8d4e6366bb45d39407b55c02ada9f2b4

SHA1
075df3548eafd3bd433ed4902e137383684340c3

SHA256
fbb0071287d02048e3b2c1947a8f079afcade24d37df6d003c23663a50767686

SHA512
ef5326fd567aca54adeeca7464baa9ab52fccf5d27f5fff319d518abd2305506991306fac509c8064254b941ae1103c7817144ceeb069a7a57fda27dedf01bf6

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.tmp
Filesize
191KB

MD5
f445215191a906a1e62cc6ca71eff2c2

SHA1
dade46be6693ff94d66b13b1cdbd9be9a1ea577a

SHA256
ede9a0aa75a7b08c2b7a4657bb84b0c0ee6db1059220f1d38e4959299b48acce

SHA512
461b64f324bb3d8f484812ca6fc630bb7d51c88b83fca9d221dd230e3b0304dee04c53b8375b40d9dffd5d648343ed7338e5e28edbb6ae9167a4e67e590f2ef2

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp
Filesize
905KB

MD5
df5bb20dd3532bdb3e96140392eb5e13

SHA1
63063af15e409a4c13bca1b2025a0ea17bac8d64

SHA256
f602d7f7d8b16a6d301eb5df4cc6449eabd78a61a0f6904857d6ca1005061cc5

SHA512
76fe50c025e29b033a09883e7dea81cae68b053344697beefe2bb2b144ddb83a29f1399f432fc87547e47526a1f1fb3deb02ef7b6aec54e4eb211e11ecb53c90

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp
Filesize
13.7MB

MD5
26e9ab5ed1d65f241f903f1e558dedb5

SHA1
fac6eddbac03a0b8086e631787adc4d3070a94f5

SHA256
cc243825c86bc6dcda9c88a92191cb93fb24e7b254031fb17ef81714bf85f2e9

SHA512
8c7c636d49e3c34f134dedadf4a700adf4d15caf742ef1c66ada7f7b77adfa995af33db6f5da703e876b9b15bead43263d04d4b4afd065074c73d332cf70ca41

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp
Filesize
2.8MB

MD5
28847546623d05394df48add82b62156

SHA1
b7b9c98ecabc28e77ab337d6687cdfa920ce0107

SHA256
0dcf52594e4b6b9ddf5b7c201a27550bd5db626c8fc2b29e11dee487a4de8d4c

SHA512
36b2b4b0d815d7f7b7286fa542b2f004d31855a82e3827a12d97e22f8443425b362da65eb4419c910cc62238879ed35a2c01c8a46747dd6a7bd1ce298c2ed55c

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.tmp
Filesize
721KB

MD5
c55c29a6f76e6972871696f558683a45

SHA1
47fdf06c39cab31415feaf392f9b9f9394099148

SHA256
5a5cbea817aaadd7dfdd94b835b041a6638e56e0fbb6a9f02be243037026bd8d

SHA512
b83665125986566e2dccde65873a8ceb160e1487bea614392b20247af884f989a283f745e37c0142392a79b7604608bcaef9d10c83bcf6e872c4ba72f97466f5

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.tmp
Filesize
721KB

MD5
460ecbbdd0e7b557ef6987d7f876ccf1

SHA1
fbe573c1368c5b08f2245e13ac7f26adcb54e919

SHA256
816f2df62b292444688b1ee32da744bd3b1b1b7d0942745f4f844ca94a0678b6

SHA512
694efcc1c5ec7302bf5c53a809a562455e7987daded4bf72691ddb5d8723d8646b950bea423d21b9ba1fadf18eed90f478ac3506b1fff569472b265963890bb0

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml.tmp
Filesize
88KB

MD5
6de20601d143d7b485c4694e5ca5c383

SHA1
4884f91df2b052cdd8990157c733f0116a607c46

SHA256
1b75eb1e33de6ec7660e6f5a214c666949957bbf40b1f8def755ab302b156fb8

SHA512
a943ed1943ce27bfbdf69620b133a7508c174af122e651821ee289956c91faf761df7ad440a568c5f075887bd0f13fdd76f92c286acd6825f6e004c5fa54eae7

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.tmp
Filesize
95KB

MD5
b93f8229845e3cd2b4c6753b065a3784

SHA1
be97377cfde32cfa702ec864511118379d627081

SHA256
463a4992bddaf73cce5b82e255bd23e5ce18d665fe38fc1b59ada68507f3c946

SHA512
e15fa6cb923ac2e99de6605a83973f3bfa2e0b28593dc174130aaba563ff12586bfdc7aec281000526a5ff5b4afcb45eb513e2e0386ac387d56a1d882bd8921d

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.tmp
Filesize
91KB

MD5
5770df50038795b2a2cbdd75523d4edc

SHA1
f3ccbd3e2513d8ed7bbac1470a67e06b2ba37ded

SHA256
5ce308a5240cc4edb8ef7f09b38550664a8ebcbff0731804b1e0189e487b0531

SHA512
ddbdc964d162348364fb5e843953ce134f0d4fc548d95ad37f7165cd3179a3a38bf35697cfeeb5e893020ebb777e1285a85ea3164657bae1261e34030319cb60

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp
Filesize
600KB

MD5
737500b999c4fdb3e57a7d34e7be23bc

SHA1
06d2697d1e43ba58010b56c63b6cec317cab13a5

SHA256
04b9d091141737f4e643b6f0e135b6a8b7b1daff3e58c1793137d84c52498d4e

SHA512
14dc12a4f9a7e3a857e75a40b26d7d2e9f2eeabb2d48c184e7b33acb9a131a77e2921b8bef697ae514754d064948c6328025a765bd0a52649c3908c44ebf3780

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp
Filesize
593KB

MD5
c0cb8348305faa50f11eb9a756ad2849

SHA1
e596fdceeb38f113f79068c1c29109ed87bfa171

SHA256
568c1e1e45a2daae1b5711aca7ec750798813ed63f0c95607a353cec559e27f6

SHA512
de7dbe98c1c8c9e8233af1183fcdbaf3d8068114d304e7401867147f17eb1d4e1d9f93b146e44016a01eb3954703385f392c28ebf8a678b3a6d79c7a091fa8e1

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp
Filesize
727KB

MD5
b198c132a9964c60a8edb4a88ec1d1c4

SHA1
56bd58539dce3ff3bc1fb8a38a4ac63815f1700d

SHA256
7fb0758291a083a9176c276800f73942f5da238dfb137c7e57576db9d5771108

SHA512
b8a1cc171be11167f34c8294707448e55148f27a0d78c600ba1c1400f5be9b90810e87c09a3c7adf8c355b2d1ab13494e9d051cd7f04429e5254709107a9ba61

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.tmp
Filesize
273KB

MD5
6018c63a8f57aa1dba99a1665c805f3d

SHA1
39106cbf3c6350e5f23b53f9956ecbd3645c7ff8

SHA256
3faa5027fdce55b193b41483cf5b8f24fe494442125762706d201f20510da897

SHA512
7847abeb69a9092516cb0cd3170c68ed1b5aefe3a081319a60a29fc84b741ec07531d5b19a2c8b91dbb04c778d62b792c626d25c25138d4ae832d726005979fe

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.tmp
Filesize
113KB

MD5
ddcd466e91b51723f79ba26454658c9e

SHA1
12183cf8c93af3b940f9f04f82f881dcf8cbfdab

SHA256
5144b386af5f17743af5f36a4088ba99789978086a9f0cdc067b4f8d9a2d360f

SHA512
51252e5fe57b4bc969b418f4b0fe7f410cc9f1f05fb78652989addede671ba9d46a2e498aa4fcb6aa813d2117f51fde10115308a1f8036c6dea1d8224872a2a0

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml.tmp
Filesize
88KB

MD5
e0e05d44fd9db087660f79cda3930a42

SHA1
d71033707e0a1a83b7753537e0e7d070b75e3585

SHA256
6f3d92d6c39a0346cf1281e41fd2cdbaa57c9168e4b79d7d192fa460162bdc0a

SHA512
27489a64657968d792ac1bc3720f1a85563f5fe7579d8fcb835dfc07670045acd289d1369cf0f2abb2e932313bd0dc5851ee37d2a6ac4507f3691d10e6c930a1

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Setup.xml.tmp
Filesize
91KB

MD5
f2ac3cc9b115610707035dda9bf9715a

SHA1
ed3a77d04725d078f17aae8524191084b48b508e

SHA256
c7e29e2c74fea2f586ee8ed390939c6ede8d3587348e1ce1583de7cb89c16c6f

SHA512
63949958310030300a895935d6ebbb8b3a086fe744e304ea8fce0263f2a85b52c79cd851d020e811d21a629ae5929148c2b6276f8b581fcd961f2b1e528b2980

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.tmp
Filesize
1.8MB

MD5
34790a6155a5044a4101342383a830a1

SHA1
fc2fa1c00b56c297cc0995eef80b30f77fcd73c0

SHA256
aef3291bf3ff85148837bf613d9f2e39a85aebc3b6a95cbd0749758806afec32

SHA512
76de1d569087e3c81e35d1f99fb84768c0a401f42fff4fb5c4b190ad28bae31fb72b36f2c742970b0ea4aa332e9901e8468849fd3ef7ca69c4dd2117a0f7c1a0

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp
Filesize
652KB

MD5
01654efa1df4be4161aa3ddefc72ed8e

SHA1
6618fd03fcf0f094b9b932a80bc6d938edae2166

SHA256
80d29c4bcac1632510532ec98f8b1520ec70df6e7f7eb2769597780c509e5642

SHA512
44e5753645d071f9b48874ab9b5db2146ef7c01400527dec36380f5aa3e1abe800122a020f3524f42ab50c5048650d9d12d124deed5ffa2a50ef86f5dc9f6799

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Performance Monitor.lnk.exe
Filesize
86KB

MD5
fc29d7966a7e65bfb32e45a854502e7c

SHA1
84153cfe5aed9d02efc69793ebe556d5683fd564

SHA256
b3fb1088ff8a671c4b3dab49394bde1f67c361872524d0505970cb1fdeb919b7

SHA512
80d7f17a9d826dae8dedb598bc78091d9cba7644876e69b0a02116da103b7f9a8512de8f304e2a11ab94ab2f7e58319ee793a402ad74d977bf79ffbd587c3436

Download Submit
C:\Windows\SysWOW64\Zombie.exe
Filesize
84KB

MD5
a7e8b26e4d2d61e6d77fbc87a745b37a

SHA1
8bab47d32307a77b7b5fbe03c406987026316bce

SHA256
0877d5445dfa0effa128367d7179371047c2622d3d649e7456720e9c539c049f

SHA512
9d6792fd21a7a55f947305c1f55d1a67d7a6b708aad073466c770a6b87b5f160eee33b5b5fc97f21810c6af4f6a1af986a2a070d5faea295dbad54e41c9aecdc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads