Sample File:

	MD5 hash:
		3e6672a68447e4e7c297e4dd7171b906

	SHA1 hash:
		72a1af262187ac809a3c6395e5f3f3f5804e51e3

	SHA256 hash:
		98f260b52586edd447eaab38f113fc98b9ff6014e291c59c9cd639df48556e12

	SSDEEP hash:
		3072:ksmXOzmGeqemo4K/eGemvUu7i35UUuEx3E13ZLjfWvM5ANom/OU1gidk3sspswF+:oGeJ3eGVOSUuEx3ExlA3/2L3hTFzgPf

	Filename(s):
		$RJD3Z6K.TMP.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		- None -


Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Microsoft\Command Processor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar


Domain IOCs:

		- None -


IP IOCs:

		- None -


URL IOCs:

		- None -


File IOCs:

	Filenames:

		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\$RJD3Z6K.TMP.exe
		C:\Windows\SysWOW64\ntdll.dll
		C:\Windows\system32\mspaint.exe
		C:\Windows\system32sppsvc.exe
		C:\Windows\syswow64\USER32.dll
		C:\Windows\syswow64\kernel32.dll
		schtasks.exe
		vssadmin.exe

	MD5 hashes:

		3e6672a68447e4e7c297e4dd7171b906

	SHA1 hashes:

		72a1af262187ac809a3c6395e5f3f3f5804e51e3

	SHA256 hashes:

		98f260b52586edd447eaab38f113fc98b9ff6014e291c59c9cd639df48556e12

	SSDEEP hashes:

		3072:ksmXOzmGeqemo4K/eGemvUu7i35UUuEx3E13ZLjfWvM5ANom/OU1gidk3sspswF+:oGeJ3eGVOSUuEx3ExlA3/2L3hTFzgPf