Analysis Date2018-06-10 10:16:14
MD57421dccdf2a6d5a3469c55957fd807ae
SHA1e6b8518a14c4bf16fd8ea2e8bfc3b9a2f415812e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhashac1b92fb4259f0be9acb8c8a2fb459f7c4b9e9ab
IMPhash

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\e6b8518a14c4bf16fd8ea2e8bfc3b9a2f415812e.exe

Creates Mutex
Creates FileC:\Windows\SysWOW64\svchost.exe

Process
↳ C:\Windows\SysWOW64\svchost.exe

Creates Mutex
Creates Mutex3770066751
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\e6b8518a14c4bf16fd8ea2e8bfc3b9a2f415812e.exe
Creates FileC:\ProgramData\Local Settings\Temp\mslqooz.com
Creates FileC:\Windows\SysWOW64\svchost.exe
Creates FileC:\ProgramData\Local Settings\Temp\mslqooz.com
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\42815 ➝
C:\PROGRA~3\LOCALS~1\Temp\mslqooz.com

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.189
DNSwww.update.microsoft.com.nsatc.net
Type: A
134.170.58.222
DNSwww.update.microsoft.com
Type: A
DNSmkjjkez-sy.ru
Type: A
Flows TCP192.168.1.1:1031 ➝ 65.55.50.189:80
Flows UDP192.168.1.1:1032 ➝ 8.8.4.4:53

Raw Pcap

Strings
.,.

kernel32.dll
08X.daHtq
23456789'+/
2<8=>>D?J?P?V?\?b?h?n?t?z?
=">(?.?4?:?@?F?L?R?X?^?dH~?p?v?|?
5eZ!&I.5 
66FE<(
6r/tXv~x
91A:P= 
96138.
9#'-G3o
a/4.0>2C
ABCDEFG
af7$RnpK
:)a.T;^
ckC(ou
cubion
DelayEx
*dsbOoa
Dy"	4DJZ
efghijkl
Env&lT
er-:Ag
fC@dU8
f"	PD>4
f	P$>H4
"g;AI7$b
h.dllhpi32hadva
hdll.hsbie
HIJKLMNO`PzSTUV
hsk\ehs\dihviceh\serhlsethntrohntcohurrehem\chsyst
	@l31.5xR
mnopqrst
n!Moz8il
NtDela
nxdMPv
	OO*D5
-P4R>U
p,@4ZA'NW"
"p FHD4 
qemut!
SVW9jdp
!This program cannot be run in DOS mode.
t;vAxGzM|S~Y
u}m2Th
%U+nmF
Uu}F_C
uvwxyz01
VasPbR(
vboxt-
vQoh%T,
wmwat9
WXYZabcd
XO.P<\
Zw=Cl.s