8dd5df1ce192b6101814de114129b653f7179714ff4ccd3654769f45ba237bc6

Analysis

max time kernel
150s
max time network
40s
platform
windows7_x64
resource
win7v20210410
submitted
18-06-2021 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

consignment details.exe
Size

174KB
MD5

d8a960f613e009eef9f81887a39e7cd0
SHA1

52e658fc0d3d436594c06d1b9a75d2c065622d9f
SHA256

7598d6cadbbded8074763a1e8b0e8c24f125c0ceaf194c9f386acf9e8a811a28
SHA512

441abf3939ada9b4e33f1c6452715295bc375559fb96ff39d15975417eaac78832d97b9b6dcbc67629de5803995a541ca90129fd1c7dae13320c107e8fc9e8ea

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 64 IoCs

Processes:

pid	process
1036	consignment details.exe
1036	consignment details.exe
1652	consignment details.exe
1652	consignment details.exe
332	consignment details.exe
332	consignment details.exe
1608	consignment details.exe
1608	consignment details.exe
1060	consignment details.exe
1060	consignment details.exe
1172	consignment details.exe
1172	consignment details.exe
1336	consignment details.exe
1336	consignment details.exe
1972	consignment details.exe
1972	consignment details.exe
1160	consignment details.exe
1160	consignment details.exe
1612	consignment details.exe
1612	consignment details.exe
904	consignment details.exe
904	consignment details.exe
1652	consignment details.exe
1652	consignment details.exe
1528	consignment details.exe
1528	consignment details.exe
2036	consignment details.exe
2036	consignment details.exe
780	consignment details.exe
780	consignment details.exe
1060	consignment details.exe
1060	consignment details.exe
560	consignment details.exe
560	consignment details.exe
932	consignment details.exe
932	consignment details.exe
752	consignment details.exe
752	consignment details.exe
2028	consignment details.exe
2028	consignment details.exe
112	consignment details.exe
112	consignment details.exe
1352	consignment details.exe
1352	consignment details.exe
1500	consignment details.exe
1500	consignment details.exe
572	consignment details.exe
572	consignment details.exe
1072	consignment details.exe
1072	consignment details.exe
1904	consignment details.exe
1904	consignment details.exe
1516	consignment details.exe
1516	consignment details.exe
2012	consignment details.exe
2012	consignment details.exe
1220	consignment details.exe
1220	consignment details.exe
540	consignment details.exe
540	consignment details.exe
1572	consignment details.exe
1572	consignment details.exe
996	consignment details.exe
996	consignment details.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

pid	process
1036	consignment details.exe
1036	consignment details.exe
1036	consignment details.exe
1036	consignment details.exe
1652	consignment details.exe
1652	consignment details.exe
1652	consignment details.exe
1652	consignment details.exe
332	consignment details.exe
332	consignment details.exe
332	consignment details.exe
332	consignment details.exe
1608	consignment details.exe
1608	consignment details.exe
1608	consignment details.exe
1608	consignment details.exe
1060	consignment details.exe
1060	consignment details.exe
1060	consignment details.exe
1060	consignment details.exe
1172	consignment details.exe
1172	consignment details.exe
1172	consignment details.exe
1172	consignment details.exe
1336	consignment details.exe
1336	consignment details.exe
1336	consignment details.exe
1336	consignment details.exe
1972	consignment details.exe
1972	consignment details.exe
1972	consignment details.exe
1972	consignment details.exe
1160	consignment details.exe
1160	consignment details.exe
1160	consignment details.exe
1160	consignment details.exe
1612	consignment details.exe
1612	consignment details.exe
1612	consignment details.exe
1612	consignment details.exe
904	consignment details.exe
904	consignment details.exe
904	consignment details.exe
904	consignment details.exe
1652	consignment details.exe
1652	consignment details.exe
1652	consignment details.exe
1652	consignment details.exe
1528	consignment details.exe
1528	consignment details.exe
1528	consignment details.exe
1528	consignment details.exe
2036	consignment details.exe
2036	consignment details.exe
2036	consignment details.exe
2036	consignment details.exe
780	consignment details.exe
780	consignment details.exe
780	consignment details.exe
780	consignment details.exe
1060	consignment details.exe
1060	consignment details.exe
1060	consignment details.exe
1060	consignment details.exe

Suspicious behavior: MapViewOfSection 54 IoCs

Processes:

consignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.exe

pid	process
1036	consignment details.exe
1652	consignment details.exe
332	consignment details.exe
1608	consignment details.exe
1060	consignment details.exe
1172	consignment details.exe
1336	consignment details.exe
1972	consignment details.exe
1160	consignment details.exe
1612	consignment details.exe
904	consignment details.exe
1652	consignment details.exe
1652	consignment details.exe
1528	consignment details.exe
2036	consignment details.exe
780	consignment details.exe
780	consignment details.exe
1060	consignment details.exe
1060	consignment details.exe
560	consignment details.exe
932	consignment details.exe
752	consignment details.exe
2028	consignment details.exe
112	consignment details.exe
1352	consignment details.exe
1500	consignment details.exe
572	consignment details.exe
1072	consignment details.exe
1904	consignment details.exe
1516	consignment details.exe
2012	consignment details.exe
1220	consignment details.exe
540	consignment details.exe
540	consignment details.exe
1572	consignment details.exe
996	consignment details.exe
996	consignment details.exe
1832	consignment details.exe
1376	consignment details.exe
1764	consignment details.exe
1428	consignment details.exe
1324	consignment details.exe
1284	consignment details.exe
112	consignment details.exe
672	consignment details.exe
976	consignment details.exe
472	consignment details.exe
1868	consignment details.exe
1584	consignment details.exe
972	consignment details.exe
972	consignment details.exe
1400	consignment details.exe
1988	consignment details.exe
1988	consignment details.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

consignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.execonsignment details.exe

description	pid	process	target process
PID 1036 wrote to memory of 1356	1036	consignment details.exe	MSBuild.exe
PID 1036 wrote to memory of 1356	1036	consignment details.exe	MSBuild.exe
PID 1036 wrote to memory of 1356	1036	consignment details.exe	MSBuild.exe
PID 1036 wrote to memory of 1356	1036	consignment details.exe	MSBuild.exe
PID 1036 wrote to memory of 1356	1036	consignment details.exe	MSBuild.exe
PID 1036 wrote to memory of 1652	1036	consignment details.exe	consignment details.exe
PID 1036 wrote to memory of 1652	1036	consignment details.exe	consignment details.exe
PID 1036 wrote to memory of 1652	1036	consignment details.exe	consignment details.exe
PID 1036 wrote to memory of 1652	1036	consignment details.exe	consignment details.exe
PID 1652 wrote to memory of 524	1652	consignment details.exe	MSBuild.exe
PID 1652 wrote to memory of 524	1652	consignment details.exe	MSBuild.exe
PID 1652 wrote to memory of 524	1652	consignment details.exe	MSBuild.exe
PID 1652 wrote to memory of 524	1652	consignment details.exe	MSBuild.exe
PID 1652 wrote to memory of 524	1652	consignment details.exe	MSBuild.exe
PID 1652 wrote to memory of 332	1652	consignment details.exe	consignment details.exe
PID 1652 wrote to memory of 332	1652	consignment details.exe	consignment details.exe
PID 1652 wrote to memory of 332	1652	consignment details.exe	consignment details.exe
PID 1652 wrote to memory of 332	1652	consignment details.exe	consignment details.exe
PID 332 wrote to memory of 896	332	consignment details.exe	MSBuild.exe
PID 332 wrote to memory of 896	332	consignment details.exe	MSBuild.exe
PID 332 wrote to memory of 896	332	consignment details.exe	MSBuild.exe
PID 332 wrote to memory of 896	332	consignment details.exe	MSBuild.exe
PID 332 wrote to memory of 896	332	consignment details.exe	MSBuild.exe
PID 332 wrote to memory of 1608	332	consignment details.exe	consignment details.exe
PID 332 wrote to memory of 1608	332	consignment details.exe	consignment details.exe
PID 332 wrote to memory of 1608	332	consignment details.exe	consignment details.exe
PID 332 wrote to memory of 1608	332	consignment details.exe	consignment details.exe
PID 1608 wrote to memory of 1880	1608	consignment details.exe	MSBuild.exe
PID 1608 wrote to memory of 1880	1608	consignment details.exe	MSBuild.exe
PID 1608 wrote to memory of 1880	1608	consignment details.exe	MSBuild.exe
PID 1608 wrote to memory of 1880	1608	consignment details.exe	MSBuild.exe
PID 1608 wrote to memory of 1880	1608	consignment details.exe	MSBuild.exe
PID 1608 wrote to memory of 1060	1608	consignment details.exe	consignment details.exe
PID 1608 wrote to memory of 1060	1608	consignment details.exe	consignment details.exe
PID 1608 wrote to memory of 1060	1608	consignment details.exe	consignment details.exe
PID 1608 wrote to memory of 1060	1608	consignment details.exe	consignment details.exe
PID 1060 wrote to memory of 1016	1060	consignment details.exe	MSBuild.exe
PID 1060 wrote to memory of 1016	1060	consignment details.exe	MSBuild.exe
PID 1060 wrote to memory of 1016	1060	consignment details.exe	MSBuild.exe
PID 1060 wrote to memory of 1016	1060	consignment details.exe	MSBuild.exe
PID 1060 wrote to memory of 1016	1060	consignment details.exe	MSBuild.exe
PID 1060 wrote to memory of 1172	1060	consignment details.exe	consignment details.exe
PID 1060 wrote to memory of 1172	1060	consignment details.exe	consignment details.exe
PID 1060 wrote to memory of 1172	1060	consignment details.exe	consignment details.exe
PID 1060 wrote to memory of 1172	1060	consignment details.exe	consignment details.exe
PID 1172 wrote to memory of 540	1172	consignment details.exe	MSBuild.exe
PID 1172 wrote to memory of 540	1172	consignment details.exe	MSBuild.exe
PID 1172 wrote to memory of 540	1172	consignment details.exe	MSBuild.exe
PID 1172 wrote to memory of 540	1172	consignment details.exe	MSBuild.exe
PID 1172 wrote to memory of 540	1172	consignment details.exe	MSBuild.exe
PID 1172 wrote to memory of 1336	1172	consignment details.exe	consignment details.exe
PID 1172 wrote to memory of 1336	1172	consignment details.exe	consignment details.exe
PID 1172 wrote to memory of 1336	1172	consignment details.exe	consignment details.exe
PID 1172 wrote to memory of 1336	1172	consignment details.exe	consignment details.exe
PID 1336 wrote to memory of 1816	1336	consignment details.exe	MSBuild.exe
PID 1336 wrote to memory of 1816	1336	consignment details.exe	MSBuild.exe
PID 1336 wrote to memory of 1816	1336	consignment details.exe	MSBuild.exe
PID 1336 wrote to memory of 1816	1336	consignment details.exe	MSBuild.exe
PID 1336 wrote to memory of 1816	1336	consignment details.exe	MSBuild.exe
PID 1336 wrote to memory of 1972	1336	consignment details.exe	consignment details.exe
PID 1336 wrote to memory of 1972	1336	consignment details.exe	consignment details.exe
PID 1336 wrote to memory of 1972	1336	consignment details.exe	consignment details.exe
PID 1336 wrote to memory of 1972	1336	consignment details.exe	consignment details.exe
PID 1972 wrote to memory of 752	1972	consignment details.exe	MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1036

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
2⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1652

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
3⤵
PID:524

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
3⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
4⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
4⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
5⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
5⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
6⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
6⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
7⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
7⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1336

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
8⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
8⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
9⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
9⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1160

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
10⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
10⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1612

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
11⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
11⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
12⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
12⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1652

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
13⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
13⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
14⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
14⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2036

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
15⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
15⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
16⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
16⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
17⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
17⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:560

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
18⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
18⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
19⤵
PID:276

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
19⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
20⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
20⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:2028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
21⤵
PID:1156

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
21⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:112

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
22⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
22⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:1352

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
23⤵
PID:964

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
23⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:1500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
24⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
24⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
25⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
25⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:1072

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
26⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
26⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:1904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
27⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
27⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:1516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
28⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
28⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:2012

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
29⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
29⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:1220

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
30⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
30⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
31⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
31⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
32⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
32⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
PID:996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
33⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
33⤵
- Suspicious behavior: MapViewOfSection
PID:1832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
34⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
34⤵
- Suspicious behavior: MapViewOfSection
PID:1376

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
35⤵
PID:1156

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
35⤵
- Suspicious behavior: MapViewOfSection
PID:1764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
36⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
36⤵
- Suspicious behavior: MapViewOfSection
PID:1428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
37⤵
PID:1380

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
37⤵
- Suspicious behavior: MapViewOfSection
PID:1324

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
38⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
38⤵
- Suspicious behavior: MapViewOfSection
PID:1284

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
39⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
39⤵
- Suspicious behavior: MapViewOfSection
PID:112

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
40⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
40⤵
- Suspicious behavior: MapViewOfSection
PID:672

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
41⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
41⤵
- Suspicious behavior: MapViewOfSection
PID:976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
42⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
42⤵
- Suspicious behavior: MapViewOfSection
PID:472

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
43⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
43⤵
- Suspicious behavior: MapViewOfSection
PID:1868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
44⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
44⤵
- Suspicious behavior: MapViewOfSection
PID:1584

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
45⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
45⤵
- Suspicious behavior: MapViewOfSection
PID:972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
46⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
46⤵
- Suspicious behavior: MapViewOfSection
PID:1400

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
47⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\consignment details.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
47⤵
- Suspicious behavior: MapViewOfSection
PID:1988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\consignment details.exe"
48⤵
PID:1220

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
1a71bf87e3499992a9175dcf48f4e1de

SHA1
8f73020f6c65a95a2bc7bdbe2772ccd86ace8f9c

SHA256
4621be3118a1192dcf044506c987d0afe0599da72a80f1d33dea4b369e160889

SHA512
0eb6bbe818cd229ecfef1d5e0aaec0dbaebd036712cf43ce5f6ebe5f2dee5422965aa0045b6618fc500275d7f03100c357391c875094ef9c6a1ce88dd22c6e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
1a71bf87e3499992a9175dcf48f4e1de

SHA1
8f73020f6c65a95a2bc7bdbe2772ccd86ace8f9c

SHA256
4621be3118a1192dcf044506c987d0afe0599da72a80f1d33dea4b369e160889

SHA512
0eb6bbe818cd229ecfef1d5e0aaec0dbaebd036712cf43ce5f6ebe5f2dee5422965aa0045b6618fc500275d7f03100c357391c875094ef9c6a1ce88dd22c6e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
1a71bf87e3499992a9175dcf48f4e1de

SHA1
8f73020f6c65a95a2bc7bdbe2772ccd86ace8f9c

SHA256
4621be3118a1192dcf044506c987d0afe0599da72a80f1d33dea4b369e160889

SHA512
0eb6bbe818cd229ecfef1d5e0aaec0dbaebd036712cf43ce5f6ebe5f2dee5422965aa0045b6618fc500275d7f03100c357391c875094ef9c6a1ce88dd22c6e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
0d1de6767d2ced9566b6d05b07a2b064

SHA1
b092863ccc02210ff31518de8568d4bdb11e9b7b

SHA256
58e0de28455f0f135d9d6e6898c9e2a70512fa743c7e9e511613b3d1323f217d

SHA512
92900521a426b833f7e1e8508e9f83298d2fb59cb54c899800a27cb2f40f87aaaa504a1a1006413cd27262370901f5e5a22305190f82088eb3067295104519de

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
1a71bf87e3499992a9175dcf48f4e1de

SHA1
8f73020f6c65a95a2bc7bdbe2772ccd86ace8f9c

SHA256
4621be3118a1192dcf044506c987d0afe0599da72a80f1d33dea4b369e160889

SHA512
0eb6bbe818cd229ecfef1d5e0aaec0dbaebd036712cf43ce5f6ebe5f2dee5422965aa0045b6618fc500275d7f03100c357391c875094ef9c6a1ce88dd22c6e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
1a71bf87e3499992a9175dcf48f4e1de

SHA1
8f73020f6c65a95a2bc7bdbe2772ccd86ace8f9c

SHA256
4621be3118a1192dcf044506c987d0afe0599da72a80f1d33dea4b369e160889

SHA512
0eb6bbe818cd229ecfef1d5e0aaec0dbaebd036712cf43ce5f6ebe5f2dee5422965aa0045b6618fc500275d7f03100c357391c875094ef9c6a1ce88dd22c6e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
1a71bf87e3499992a9175dcf48f4e1de

SHA1
8f73020f6c65a95a2bc7bdbe2772ccd86ace8f9c

SHA256
4621be3118a1192dcf044506c987d0afe0599da72a80f1d33dea4b369e160889

SHA512
0eb6bbe818cd229ecfef1d5e0aaec0dbaebd036712cf43ce5f6ebe5f2dee5422965aa0045b6618fc500275d7f03100c357391c875094ef9c6a1ce88dd22c6e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
1a71bf87e3499992a9175dcf48f4e1de

SHA1
8f73020f6c65a95a2bc7bdbe2772ccd86ace8f9c

SHA256
4621be3118a1192dcf044506c987d0afe0599da72a80f1d33dea4b369e160889

SHA512
0eb6bbe818cd229ecfef1d5e0aaec0dbaebd036712cf43ce5f6ebe5f2dee5422965aa0045b6618fc500275d7f03100c357391c875094ef9c6a1ce88dd22c6e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
deaa9515ec838513f7b87dd16aa3f27f

SHA1
8cdab4b042f11476f9e2bfaaa516f5a52a612fb7

SHA256
331f8c2fd6ff518a2b07e8c2690834598ebef43684ab40184f67a8303de23019

SHA512
52383c6aa17f75fcf4800b1696ac45495b470c89e95de59e39ddd52c13dd0ae3b8cd6cb6fbb69d329e932fdf5004ef387f79f42b32acdd809b2b9113d8580c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
1a71bf87e3499992a9175dcf48f4e1de

SHA1
8f73020f6c65a95a2bc7bdbe2772ccd86ace8f9c

SHA256
4621be3118a1192dcf044506c987d0afe0599da72a80f1d33dea4b369e160889

SHA512
0eb6bbe818cd229ecfef1d5e0aaec0dbaebd036712cf43ce5f6ebe5f2dee5422965aa0045b6618fc500275d7f03100c357391c875094ef9c6a1ce88dd22c6e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\hfhdns
MD5
0d1de6767d2ced9566b6d05b07a2b064

SHA1
b092863ccc02210ff31518de8568d4bdb11e9b7b

SHA256
58e0de28455f0f135d9d6e6898c9e2a70512fa743c7e9e511613b3d1323f217d

SHA512
92900521a426b833f7e1e8508e9f83298d2fb59cb54c899800a27cb2f40f87aaaa504a1a1006413cd27262370901f5e5a22305190f82088eb3067295104519de

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
e97a2f9cdb03ac22178fcba4ce2cea4c

SHA1
78ae1d5f21176c123203f2a4acb2b7378887c45d

SHA256
e7ce730b32843a577a558c37120a8d33f8a31eadca0f7b7d4b04e6aaad4947ad

SHA512
80b64eac23b17a020ff2f5372f7cafd1117cff70fafcd578f3d3efb66399f2a869fdb40cb51840410a7423c4bf7579a9c8a68a2d87cf778f239778545468b831

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
41e2715e0f302368bb0a63a0e042ff98

SHA1
3bab4027d2374439aa03ccb18276a20b001cb028

SHA256
4b4761c837cee708b707dec2da7f5fcbed4c10e43276ef8f8464a1e942c0f955

SHA512
ef697b916c44c6a1346b9913e91942f4171b9d97eaf0651366cfbfd7adccc451054cd206cf206b9dccddeaf424d073b3eef32229038790f9e286ad583725e355

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yd1k4s1u1zlrpalviu1w
MD5
27d494e757f1de3f023ae416e82a1edc

SHA1
1ee2ef98816a422a6536bacfc3f5bc80f082f90d

SHA256
aba87f744dfe65daf567829b29044d2874d49df2914188c8aa8bab14ab983890

SHA512
d5fae46a37dc66555b3fdacb72127f859aaf5e7625f836ad261cf26bec43b091a5a590a8b5467bce9f5899ef220bfc91e97ee2360daf93f50fcc2fd41f2d82ba

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1334.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1334.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsdBA8A.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsdBA8A.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD3D4.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD3D4.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsdE0A0.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsdE0A0.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsi45E7.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsi45E7.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsi9493.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsi9493.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsiADDD.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsiADDD.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsn1FF0.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsn1FF0.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsnA130.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsnA130.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nss3959.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nss3959.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nssF9F9.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nssF9F9.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsx873A.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsx873A.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsxC736.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsxC736.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsxED4C.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsxED4C.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2CAD.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2CAD.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy697.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy697.tmp\System.dll
MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
memory/112-162-0x0000000000000000-mapping.dmp

Download
memory/112-198-0x0000000000000000-mapping.dmp

Download
memory/332-68-0x0000000000000000-mapping.dmp

Download
memory/472-204-0x0000000000000000-mapping.dmp

Download
memory/540-180-0x0000000000000000-mapping.dmp

Download
memory/560-152-0x0000000000000000-mapping.dmp

Download
memory/572-168-0x0000000000000000-mapping.dmp

Download
memory/672-200-0x0000000000000000-mapping.dmp

Download
memory/752-158-0x0000000000000000-mapping.dmp

Download
memory/780-140-0x0000000000000000-mapping.dmp

Download
memory/904-116-0x0000000000000000-mapping.dmp

Download
memory/932-156-0x0000000000000000-mapping.dmp

Download
memory/972-210-0x0000000000000000-mapping.dmp

Download
memory/976-202-0x0000000000000000-mapping.dmp

Download
memory/996-184-0x0000000000000000-mapping.dmp

Download
memory/1036-59-0x0000000075721000-0x0000000075723000-memory.dmp

Filesize
8KB

Download
memory/1060-80-0x0000000000000000-mapping.dmp

Download
memory/1060-146-0x0000000000000000-mapping.dmp

Download
memory/1072-170-0x0000000000000000-mapping.dmp

Download
memory/1160-104-0x0000000000000000-mapping.dmp

Download
memory/1172-86-0x0000000000000000-mapping.dmp

Download
memory/1220-178-0x0000000000000000-mapping.dmp

Download
memory/1284-196-0x0000000000000000-mapping.dmp

Download
memory/1324-194-0x0000000000000000-mapping.dmp

Download
memory/1336-92-0x0000000000000000-mapping.dmp

Download
memory/1352-164-0x0000000000000000-mapping.dmp

Download
memory/1376-188-0x0000000000000000-mapping.dmp

Download
memory/1400-212-0x0000000000000000-mapping.dmp

Download
memory/1428-192-0x0000000000000000-mapping.dmp

Download
memory/1500-166-0x0000000000000000-mapping.dmp

Download
memory/1516-174-0x0000000000000000-mapping.dmp

Download
memory/1528-128-0x0000000000000000-mapping.dmp

Download
memory/1572-182-0x0000000000000000-mapping.dmp

Download
memory/1584-208-0x0000000000000000-mapping.dmp

Download
memory/1608-74-0x0000000000000000-mapping.dmp

Download
memory/1612-110-0x0000000000000000-mapping.dmp

Download
memory/1652-62-0x0000000000000000-mapping.dmp

Download
memory/1652-122-0x0000000000000000-mapping.dmp

Download
memory/1764-190-0x0000000000000000-mapping.dmp

Download
memory/1832-186-0x0000000000000000-mapping.dmp

Download
memory/1868-206-0x0000000000000000-mapping.dmp

Download
memory/1904-172-0x0000000000000000-mapping.dmp

Download
memory/1972-98-0x0000000000000000-mapping.dmp

Download
memory/1988-214-0x0000000000000000-mapping.dmp

Download
memory/2012-176-0x0000000000000000-mapping.dmp

Download
memory/2028-160-0x0000000000000000-mapping.dmp

Download
memory/2036-134-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads