resource	yara_rule
behavioral2/memory/836-200-0x0000000003160000-0x000000000317F000-memory.dmp	family_redline
behavioral2/memory/836-201-0x00000000033F0000-0x000000000340D000-memory.dmp	family_redline

resource	yara_rule
behavioral2/files/0x0003000000013113-110.dat	family_socelars
behavioral2/files/0x0003000000013113-161.dat	family_socelars
behavioral2/files/0x0003000000013113-129.dat	family_socelars

resource	yara_rule
behavioral2/files/0x00030000000130e8-76.dat	aspack_v212_v242
behavioral2/files/0x00030000000130e8-77.dat	aspack_v212_v242
behavioral2/files/0x00030000000130e7-78.dat	aspack_v212_v242
behavioral2/files/0x00030000000130e7-79.dat	aspack_v212_v242
behavioral2/files/0x00030000000130ea-82.dat	aspack_v212_v242
behavioral2/files/0x00030000000130ea-83.dat	aspack_v212_v242

pid	Process
1712	setup_installer.exe
1172	setup_install.exe
1724	Sun152bab5a2de.exe
1848	Sun15dbd675f871ca.exe
1660	Sun1577c3e159a3e3815.exe
1748	Sun159ff1acacf.exe
748	Sun15901f2f025e.exe
2000	Sun15f67075f27a2b5b.exe
836	Sun15f1b1f8c669.exe
1988	Sun158d8ef840.exe
1816	Sun1507db358fce61c0b.exe
1028	wmiprvse.exe

pid	Process
1624	setup_x86_x64_install.exe
1712	setup_installer.exe
1712	setup_installer.exe
1712	setup_installer.exe
1712	setup_installer.exe
1712	setup_installer.exe
1712	setup_installer.exe
1172	setup_install.exe
1172	setup_install.exe
1172	setup_install.exe
1172	setup_install.exe
1172	setup_install.exe
1172	setup_install.exe
1172	setup_install.exe
1172	setup_install.exe
1788	cmd.exe
1724	Sun152bab5a2de.exe
1724	Sun152bab5a2de.exe
1308	cmd.exe
1012	cmd.exe
964	cmd.exe
964	cmd.exe
824	cmd.exe
1580	cmd.exe
1580	cmd.exe
1848	Sun15dbd675f871ca.exe
1848	Sun15dbd675f871ca.exe
1660	Sun1577c3e159a3e3815.exe
1660	Sun1577c3e159a3e3815.exe
1484	cmd.exe
1484	cmd.exe
836	Sun15f1b1f8c669.exe
836	Sun15f1b1f8c669.exe
1272	cmd.exe
1676	urdrwdv
1676	urdrwdv
1784	cmd.exe
1988	Sun158d8ef840.exe
1988	Sun158d8ef840.exe
748	Sun15901f2f025e.exe
748	Sun15901f2f025e.exe

pid	pid_target	Process	procid_target
3108	1848	WerFault.exe	54
1576	2428	WerFault.exe	61
3668	2988	WerFault.exe	94

pid	Process
2628	taskkill.exe
2440	taskkill.exe
3640	taskkill.exe
2616	taskkill.exe

description	pid	Process
Token: SeDebugPrivilege	2000	Sun15f67075f27a2b5b.exe
Token: SeDebugPrivilege	1028	wmiprvse.exe
Token: SeCreateTokenPrivilege	748	Sun15901f2f025e.exe
Token: SeAssignPrimaryTokenPrivilege	748	Sun15901f2f025e.exe
Token: SeLockMemoryPrivilege	748	Sun15901f2f025e.exe
Token: SeIncreaseQuotaPrivilege	748	Sun15901f2f025e.exe
Token: SeMachineAccountPrivilege	748	Sun15901f2f025e.exe
Token: SeTcbPrivilege	748	Sun15901f2f025e.exe
Token: SeSecurityPrivilege	748	Sun15901f2f025e.exe
Token: SeTakeOwnershipPrivilege	748	Sun15901f2f025e.exe
Token: SeLoadDriverPrivilege	748	Sun15901f2f025e.exe
Token: SeSystemProfilePrivilege	748	Sun15901f2f025e.exe
Token: SeSystemtimePrivilege	748	Sun15901f2f025e.exe
Token: SeProfSingleProcessPrivilege	748	Sun15901f2f025e.exe
Token: SeIncBasePriorityPrivilege	748	Sun15901f2f025e.exe
Token: SeCreatePagefilePrivilege	748	Sun15901f2f025e.exe
Token: SeCreatePermanentPrivilege	748	Sun15901f2f025e.exe
Token: SeBackupPrivilege	748	Sun15901f2f025e.exe
Token: SeRestorePrivilege	748	Sun15901f2f025e.exe
Token: SeShutdownPrivilege	748	Sun15901f2f025e.exe
Token: SeDebugPrivilege	748	Sun15901f2f025e.exe
Token: SeAuditPrivilege	748	Sun15901f2f025e.exe
Token: SeSystemEnvironmentPrivilege	748	Sun15901f2f025e.exe
Token: SeChangeNotifyPrivilege	748	Sun15901f2f025e.exe
Token: SeRemoteShutdownPrivilege	748	Sun15901f2f025e.exe
Token: SeUndockPrivilege	748	Sun15901f2f025e.exe
Token: SeSyncAgentPrivilege	748	Sun15901f2f025e.exe
Token: SeEnableDelegationPrivilege	748	Sun15901f2f025e.exe
Token: SeManageVolumePrivilege	748	Sun15901f2f025e.exe
Token: SeImpersonatePrivilege	748	Sun15901f2f025e.exe
Token: SeCreateGlobalPrivilege	748	Sun15901f2f025e.exe
Token: 31	748	Sun15901f2f025e.exe
Token: 32	748	Sun15901f2f025e.exe
Token: 33	748	Sun15901f2f025e.exe
Token: 34	748	Sun15901f2f025e.exe
Token: 35	748	Sun15901f2f025e.exe

description	pid	Process	procid_target
PID 1624 wrote to memory of 1712	1624	setup_x86_x64_install.exe	27
PID 1624 wrote to memory of 1712	1624	setup_x86_x64_install.exe	27
PID 1624 wrote to memory of 1712	1624	setup_x86_x64_install.exe	27
PID 1624 wrote to memory of 1712	1624	setup_x86_x64_install.exe	27
PID 1624 wrote to memory of 1712	1624	setup_x86_x64_install.exe	27
PID 1624 wrote to memory of 1712	1624	setup_x86_x64_install.exe	27
PID 1624 wrote to memory of 1712	1624	setup_x86_x64_install.exe	27
PID 1712 wrote to memory of 1172	1712	setup_installer.exe	28
PID 1712 wrote to memory of 1172	1712	setup_installer.exe	28
PID 1712 wrote to memory of 1172	1712	setup_installer.exe	28
PID 1712 wrote to memory of 1172	1712	setup_installer.exe	28
PID 1712 wrote to memory of 1172	1712	setup_installer.exe	28
PID 1712 wrote to memory of 1172	1712	setup_installer.exe	28
PID 1712 wrote to memory of 1172	1712	setup_installer.exe	28
PID 1172 wrote to memory of 1080	1172	setup_install.exe	30
PID 1172 wrote to memory of 1080	1172	setup_install.exe	30
PID 1172 wrote to memory of 1080	1172	setup_install.exe	30
PID 1172 wrote to memory of 1080	1172	setup_install.exe	30
PID 1172 wrote to memory of 1080	1172	setup_install.exe	30
PID 1172 wrote to memory of 1080	1172	setup_install.exe	30
PID 1172 wrote to memory of 1080	1172	setup_install.exe	30
PID 1172 wrote to memory of 1788	1172	setup_install.exe	31
PID 1172 wrote to memory of 1788	1172	setup_install.exe	31
PID 1172 wrote to memory of 1788	1172	setup_install.exe	31
PID 1172 wrote to memory of 1788	1172	setup_install.exe	31
PID 1172 wrote to memory of 1788	1172	setup_install.exe	31
PID 1172 wrote to memory of 1788	1172	setup_install.exe	31
PID 1172 wrote to memory of 1788	1172	setup_install.exe	31
PID 1172 wrote to memory of 1012	1172	setup_install.exe	32
PID 1172 wrote to memory of 1012	1172	setup_install.exe	32
PID 1172 wrote to memory of 1012	1172	setup_install.exe	32
PID 1172 wrote to memory of 1012	1172	setup_install.exe	32
PID 1172 wrote to memory of 1012	1172	setup_install.exe	32
PID 1172 wrote to memory of 1012	1172	setup_install.exe	32
PID 1172 wrote to memory of 1012	1172	setup_install.exe	32
PID 1172 wrote to memory of 1308	1172	setup_install.exe	33
PID 1172 wrote to memory of 1308	1172	setup_install.exe	33
PID 1172 wrote to memory of 1308	1172	setup_install.exe	33
PID 1172 wrote to memory of 1308	1172	setup_install.exe	33
PID 1172 wrote to memory of 1308	1172	setup_install.exe	33
PID 1172 wrote to memory of 1308	1172	setup_install.exe	33
PID 1172 wrote to memory of 1308	1172	setup_install.exe	33
PID 1172 wrote to memory of 824	1172	setup_install.exe	34
PID 1172 wrote to memory of 824	1172	setup_install.exe	34
PID 1172 wrote to memory of 824	1172	setup_install.exe	34
PID 1172 wrote to memory of 824	1172	setup_install.exe	34
PID 1172 wrote to memory of 824	1172	setup_install.exe	34
PID 1172 wrote to memory of 824	1172	setup_install.exe	34
PID 1172 wrote to memory of 824	1172	setup_install.exe	34
PID 1788 wrote to memory of 1724	1788	cmd.exe	38
PID 1788 wrote to memory of 1724	1788	cmd.exe	38
PID 1788 wrote to memory of 1724	1788	cmd.exe	38
PID 1788 wrote to memory of 1724	1788	cmd.exe	38
PID 1788 wrote to memory of 1724	1788	cmd.exe	38
PID 1788 wrote to memory of 1724	1788	cmd.exe	38
PID 1788 wrote to memory of 1724	1788	cmd.exe	38
PID 1080 wrote to memory of 856	1080	cmd.exe	35
PID 1080 wrote to memory of 856	1080	cmd.exe	35
PID 1080 wrote to memory of 856	1080	cmd.exe	35
PID 1080 wrote to memory of 856	1080	cmd.exe	35
PID 1080 wrote to memory of 856	1080	cmd.exe	35
PID 1080 wrote to memory of 856	1080	cmd.exe	35
PID 1080 wrote to memory of 856	1080	cmd.exe	35
PID 1172 wrote to memory of 964	1172	setup_install.exe	36

flow	ioc
44	ipinfo.io
58	ip-api.com
43	ipinfo.io

pid	Process
2308	schtasks.exe
3412	schtasks.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads