Analysis
-
max time kernel
53s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-01-2021 01:02
General
-
Target
decrypted_bot_e2043c53a5f8383d9b640c101eb3ad1f.bin.dll
-
Size
656KB
-
MD5
e2043c53a5f8383d9b640c101eb3ad1f
-
SHA1
ad8eb04e9c6eed46a66edf2f41b42e2699d2fd01
-
SHA256
b3182eb3fd2cb783925e57f6b8db3c5f720c872961c4c08af23fbe9fe13be8cb
-
SHA512
e47a0a4f6f65e219a56455452de2be4b46d7e7486153e45eb672d8d1a563fcabba1dab1d243656f28ae98ca2a0b2a7408609e8e18d58faafc448680aa8f4af9c
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 2 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Modifies Installed Components in the registry 2 TTPs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 10 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks SCSI registry key(s) 3 TTPs 120 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 20 IoCs
-
Modifies Control Panel 50 IoCs
-
Modifies registry class 264 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 392 IoCs
-
Suspicious use of FindShellTrayWindow 471 IoCs
-
Suspicious use of SendNotifyMessage 253 IoCs
-
Suspicious use of SetWindowsHookEx 30 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\decrypted_bot_e2043c53a5f8383d9b640c101eb3ad1f.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\decrypted_bot_e2043c53a5f8383d9b640c101eb3ad1f.bin.dll,#12⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Control Panel
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Enumerates system info in registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Control Panel
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Enumerates system info in registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Enumerates system info in registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Control Panel
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Enumerates system info in registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Modifies Control Panel
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Enumerates system info in registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Enumerates system info in registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Control Panel
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Enumerates system info in registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Control Panel
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Enumerates system info in registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Control Panel
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Modifies registry class
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates system info in registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Enumerates system info in registry
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SIE944HI\microsoft.windows[1].xmlMD5
a7eeedd26e6214c5b1a5685f7d27c642
SHA1e1111dd363201dc0131a24b9d5d89bec6ddd86c5
SHA256f7a295c96b6f589406c5032d32cdfd3ec21932d59e35c3bd93a4ef981e3ab666
SHA51208fed55a79c0fd044a13568f4b7b02fd7b54dab76b9fa195e36b283017655a3334bdd2918ea261e2380d8e05fde17ae82627d9a9193311bb94fdc75445264880
-
memory/816-4-0x00000000743A0000-0x000000007440B000-memory.dmpFilesize
428KB
-
memory/816-3-0x00000000743A0000-0x0000000074447000-memory.dmpFilesize
668KB
-
memory/816-2-0x0000000000000000-mapping.dmp
-
memory/816-5-0x0000000002880000-0x0000000002886000-memory.dmpFilesize
24KB