description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	904	2700	rundll32.exe	69
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1608	2700	rundll32.exe	69

resource	yara_rule
behavioral3/files/0x00030000000130cf-76.dat	aspack_v212_v242
behavioral3/files/0x00030000000130cf-77.dat	aspack_v212_v242
behavioral3/files/0x00040000000130ca-78.dat	aspack_v212_v242
behavioral3/files/0x00040000000130ca-79.dat	aspack_v212_v242
behavioral3/files/0x00030000000130d1-82.dat	aspack_v212_v242
behavioral3/files/0x00030000000130d1-83.dat	aspack_v212_v242

pid	Process
1496	setup_x86_x64_install.exe
1376	setup_installer.exe
1376	setup_installer.exe
1376	setup_installer.exe
1376	setup_installer.exe
1376	setup_installer.exe
1376	setup_installer.exe
572	setup_install.exe
572	setup_install.exe
572	setup_install.exe
572	setup_install.exe
572	setup_install.exe
572	setup_install.exe
572	setup_install.exe
572	setup_install.exe
112	cmd.exe
112	cmd.exe
1816	cmd.exe
944	cmd.exe
944	cmd.exe
1520	cmd.exe

resource	yara_rule
behavioral3/memory/2472-224-0x0000000000370000-0x0000000000371000-memory.dmp	themida
behavioral3/memory/2836-232-0x0000000001030000-0x0000000001031000-memory.dmp	themida

pid	pid_target	Process	procid_target
3032	2604	WerFault.exe	70
2260	788	WerFault.exe	43
2380	2928	WerFault.exe	76
3236	2016	WerFault.exe	141

description	pid	Process	procid_target
PID 1496 wrote to memory of 1376	1496	setup_x86_x64_install.exe	26
PID 1496 wrote to memory of 1376	1496	setup_x86_x64_install.exe	26
PID 1496 wrote to memory of 1376	1496	setup_x86_x64_install.exe	26
PID 1496 wrote to memory of 1376	1496	setup_x86_x64_install.exe	26
PID 1496 wrote to memory of 1376	1496	setup_x86_x64_install.exe	26
PID 1496 wrote to memory of 1376	1496	setup_x86_x64_install.exe	26
PID 1496 wrote to memory of 1376	1496	setup_x86_x64_install.exe	26
PID 1376 wrote to memory of 572	1376	setup_installer.exe	28
PID 1376 wrote to memory of 572	1376	setup_installer.exe	28
PID 1376 wrote to memory of 572	1376	setup_installer.exe	28
PID 1376 wrote to memory of 572	1376	setup_installer.exe	28
PID 1376 wrote to memory of 572	1376	setup_installer.exe	28
PID 1376 wrote to memory of 572	1376	setup_installer.exe	28
PID 1376 wrote to memory of 572	1376	setup_installer.exe	28
PID 572 wrote to memory of 928	572	setup_install.exe	32
PID 572 wrote to memory of 928	572	setup_install.exe	32
PID 572 wrote to memory of 928	572	setup_install.exe	32
PID 572 wrote to memory of 928	572	setup_install.exe	32
PID 572 wrote to memory of 928	572	setup_install.exe	32
PID 572 wrote to memory of 928	572	setup_install.exe	32
PID 572 wrote to memory of 928	572	setup_install.exe	32
PID 572 wrote to memory of 1816	572	setup_install.exe	33
PID 572 wrote to memory of 1816	572	setup_install.exe	33
PID 572 wrote to memory of 1816	572	setup_install.exe	33
PID 572 wrote to memory of 1816	572	setup_install.exe	33
PID 572 wrote to memory of 1816	572	setup_install.exe	33
PID 572 wrote to memory of 1816	572	setup_install.exe	33
PID 572 wrote to memory of 1816	572	setup_install.exe	33
PID 572 wrote to memory of 112	572	setup_install.exe	34
PID 572 wrote to memory of 112	572	setup_install.exe	34
PID 572 wrote to memory of 112	572	setup_install.exe	34
PID 572 wrote to memory of 112	572	setup_install.exe	34
PID 572 wrote to memory of 112	572	setup_install.exe	34
PID 572 wrote to memory of 112	572	setup_install.exe	34
PID 572 wrote to memory of 112	572	setup_install.exe	34
PID 572 wrote to memory of 1020	572	setup_install.exe	35
PID 572 wrote to memory of 1020	572	setup_install.exe	35
PID 572 wrote to memory of 1020	572	setup_install.exe	35
PID 572 wrote to memory of 1020	572	setup_install.exe	35
PID 572 wrote to memory of 1020	572	setup_install.exe	35
PID 572 wrote to memory of 1020	572	setup_install.exe	35
PID 572 wrote to memory of 1020	572	setup_install.exe	35
PID 572 wrote to memory of 944	572	setup_install.exe	36
PID 572 wrote to memory of 944	572	setup_install.exe	36
PID 572 wrote to memory of 944	572	setup_install.exe	36
PID 572 wrote to memory of 944	572	setup_install.exe	36
PID 572 wrote to memory of 944	572	setup_install.exe	36
PID 572 wrote to memory of 944	572	setup_install.exe	36
PID 572 wrote to memory of 944	572	setup_install.exe	36
PID 572 wrote to memory of 1092	572	setup_install.exe	37
PID 572 wrote to memory of 1092	572	setup_install.exe	37
PID 572 wrote to memory of 1092	572	setup_install.exe	37
PID 572 wrote to memory of 1092	572	setup_install.exe	37
PID 572 wrote to memory of 1092	572	setup_install.exe	37
PID 572 wrote to memory of 1092	572	setup_install.exe	37
PID 572 wrote to memory of 1092	572	setup_install.exe	37
PID 572 wrote to memory of 620	572	setup_install.exe	38
PID 572 wrote to memory of 620	572	setup_install.exe	38
PID 572 wrote to memory of 620	572	setup_install.exe	38
PID 572 wrote to memory of 620	572	setup_install.exe	38
PID 572 wrote to memory of 620	572	setup_install.exe	38
PID 572 wrote to memory of 620	572	setup_install.exe	38
PID 572 wrote to memory of 620	572	setup_install.exe	38
PID 572 wrote to memory of 1520	572	setup_install.exe	39

flow	ioc
10	ip-api.com
116	api.2ip.ua
118	api.2ip.ua
135	api.2ip.ua

pid	Process
2112	schtasks.exe
3004	schtasks.exe

pid	Process
2440	taskkill.exe
868	taskkill.exe
1736	taskkill.exe

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads