description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	564	3064	rundll32.exe	88
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3192	1016	rundll32.exe	122

resource	yara_rule
behavioral2/memory/968-280-0x0000000000418D2E-mapping.dmp	family_redline
behavioral2/memory/2460-291-0x0000000000418542-mapping.dmp	family_redline

resource	yara_rule
behavioral2/files/0x0006000000012239-71.dat	aspack_v212_v242
behavioral2/files/0x0006000000012239-72.dat	aspack_v212_v242
behavioral2/files/0x0006000000012235-73.dat	aspack_v212_v242
behavioral2/files/0x0006000000012235-74.dat	aspack_v212_v242
behavioral2/files/0x0006000000012241-77.dat	aspack_v212_v242
behavioral2/files/0x0006000000012241-78.dat	aspack_v212_v242

pid	Process
1208	setup_installer.exe
768	setup_install.exe
1768	Tue0985edbf92e08954.exe
776	Tue0978af55b9.exe
1968	Tue097328c1b990.exe
1464	Tue091e2054cef7.exe
1576	Tue0947ef38552fc.exe
1960	Tue09a30919dc5f00.exe
1368	Tue09c1731fe55c7.exe
1316	Tue09792fda06e.exe
1108	Tue09c6db969ab9.exe
868	Tue09c257807a702a4.exe
1144	Tue09786995c7f02a923.exe
1604	Tue093cbcf0222440.exe
1392	8211480.exe
852	Tue0956c36b51.exe
1944	Tue0971aafeebb6f.exe
1460	Tue093cbcf0222440.exe
992	Tue0990c8b597f.tmp

pid	Process
320	setup_x86_x64_install.exe
1208	setup_installer.exe
1208	setup_installer.exe
1208	setup_installer.exe
1208	setup_installer.exe
1208	setup_installer.exe
1208	setup_installer.exe
768	setup_install.exe
768	setup_install.exe
768	setup_install.exe
768	setup_install.exe
768	setup_install.exe
768	setup_install.exe
768	setup_install.exe
768	setup_install.exe
1180	cmd.exe
1724	cmd.exe
1060	cmd.exe
1940	cmd.exe
1896	cmd.exe
460	cmd.exe
1880	6386173.exe
1924	cmd.exe
1060	cmd.exe
732	cmd.exe
1388	Process not Found
820	cmd.exe
1880	6386173.exe
732	cmd.exe
1940	cmd.exe
1408	cmd.exe
676	cmd.exe
1224	MSBuild.exe
1224	MSBuild.exe
1144	Tue09786995c7f02a923.exe
1576	Tue0947ef38552fc.exe
1960	Tue09a30919dc5f00.exe
868	Tue09c257807a702a4.exe
1316	Tue09792fda06e.exe
1368	Tue09c1731fe55c7.exe
1108	Tue09c6db969ab9.exe
1576	Tue0947ef38552fc.exe
1144	Tue09786995c7f02a923.exe
1960	Tue09a30919dc5f00.exe
1616	cmd.exe
1316	Tue09792fda06e.exe
1108	Tue09c6db969ab9.exe
868	Tue09c257807a702a4.exe
1368	Tue09c1731fe55c7.exe
852	Tue0956c36b51.exe
852	Tue0956c36b51.exe
1604	Tue093cbcf0222440.exe
1604	Tue093cbcf0222440.exe
1392	8211480.exe
1392	8211480.exe
1604	Tue093cbcf0222440.exe
1392	8211480.exe
992	Tue0990c8b597f.tmp
992	Tue0990c8b597f.tmp
1944	Tue0971aafeebb6f.exe
1944	Tue0971aafeebb6f.exe
1460	Tue093cbcf0222440.exe
1460	Tue093cbcf0222440.exe
992	Tue0990c8b597f.tmp

flow	ioc
6	ip-api.com
53	ipinfo.io
54	ipinfo.io
75	freegeoip.app
77	freegeoip.app
78	freegeoip.app
80	freegeoip.app

resource	yara_rule
behavioral2/files/0x0006000000012272-134.dat	autoit_exe
behavioral2/files/0x0006000000012272-162.dat	autoit_exe
behavioral2/files/0x0006000000012272-181.dat	autoit_exe

pid	pid_target	Process	procid_target
2456	868	WerFault.exe	53
2208	2988	WerFault.exe	86
3124	1992	WerFault.exe	131
3468	1760	WerFault.exe	140
3564	2332	WerFault.exe	129

pid	Process
2740	taskkill.exe
2860	taskkill.exe
2272	taskkill.exe
3728	taskkill.exe

description	pid	Process
Token: SeCreateTokenPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeAssignPrimaryTokenPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeLockMemoryPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeIncreaseQuotaPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeMachineAccountPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeTcbPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeSecurityPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeTakeOwnershipPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeLoadDriverPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeSystemProfilePrivilege	1944	Tue0971aafeebb6f.exe
Token: SeSystemtimePrivilege	1944	Tue0971aafeebb6f.exe
Token: SeProfSingleProcessPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeIncBasePriorityPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeCreatePagefilePrivilege	1944	Tue0971aafeebb6f.exe
Token: SeCreatePermanentPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeBackupPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeRestorePrivilege	1944	Tue0971aafeebb6f.exe
Token: SeShutdownPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeDebugPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeAuditPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeSystemEnvironmentPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeChangeNotifyPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeRemoteShutdownPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeUndockPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeSyncAgentPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeEnableDelegationPrivilege	1944	Tue0971aafeebb6f.exe
Token: SeManageVolumePrivilege	1944	Tue0971aafeebb6f.exe
Token: SeImpersonatePrivilege	1944	Tue0971aafeebb6f.exe
Token: SeCreateGlobalPrivilege	1944	Tue0971aafeebb6f.exe
Token: 31	1944	Tue0971aafeebb6f.exe
Token: 32	1944	Tue0971aafeebb6f.exe
Token: 33	1944	Tue0971aafeebb6f.exe
Token: 34	1944	Tue0971aafeebb6f.exe
Token: 35	1944	Tue0971aafeebb6f.exe

description	pid	Process	procid_target
PID 320 wrote to memory of 1208	320	setup_x86_x64_install.exe	28
PID 320 wrote to memory of 1208	320	setup_x86_x64_install.exe	28
PID 320 wrote to memory of 1208	320	setup_x86_x64_install.exe	28
PID 320 wrote to memory of 1208	320	setup_x86_x64_install.exe	28
PID 320 wrote to memory of 1208	320	setup_x86_x64_install.exe	28
PID 320 wrote to memory of 1208	320	setup_x86_x64_install.exe	28
PID 320 wrote to memory of 1208	320	setup_x86_x64_install.exe	28
PID 1208 wrote to memory of 768	1208	setup_installer.exe	29
PID 1208 wrote to memory of 768	1208	setup_installer.exe	29
PID 1208 wrote to memory of 768	1208	setup_installer.exe	29
PID 1208 wrote to memory of 768	1208	setup_installer.exe	29
PID 1208 wrote to memory of 768	1208	setup_installer.exe	29
PID 1208 wrote to memory of 768	1208	setup_installer.exe	29
PID 1208 wrote to memory of 768	1208	setup_installer.exe	29
PID 768 wrote to memory of 1684	768	setup_install.exe	31
PID 768 wrote to memory of 1684	768	setup_install.exe	31
PID 768 wrote to memory of 1684	768	setup_install.exe	31
PID 768 wrote to memory of 1684	768	setup_install.exe	31
PID 768 wrote to memory of 1684	768	setup_install.exe	31
PID 768 wrote to memory of 1684	768	setup_install.exe	31
PID 768 wrote to memory of 1684	768	setup_install.exe	31
PID 768 wrote to memory of 1532	768	setup_install.exe	32
PID 768 wrote to memory of 1532	768	setup_install.exe	32
PID 768 wrote to memory of 1532	768	setup_install.exe	32
PID 768 wrote to memory of 1532	768	setup_install.exe	32
PID 768 wrote to memory of 1532	768	setup_install.exe	32
PID 768 wrote to memory of 1532	768	setup_install.exe	32
PID 768 wrote to memory of 1532	768	setup_install.exe	32
PID 768 wrote to memory of 1180	768	setup_install.exe	33
PID 768 wrote to memory of 1180	768	setup_install.exe	33
PID 768 wrote to memory of 1180	768	setup_install.exe	33
PID 768 wrote to memory of 1180	768	setup_install.exe	33
PID 768 wrote to memory of 1180	768	setup_install.exe	33
PID 768 wrote to memory of 1180	768	setup_install.exe	33
PID 768 wrote to memory of 1180	768	setup_install.exe	33
PID 768 wrote to memory of 1924	768	setup_install.exe	34
PID 768 wrote to memory of 1924	768	setup_install.exe	34
PID 768 wrote to memory of 1924	768	setup_install.exe	34
PID 768 wrote to memory of 1924	768	setup_install.exe	34
PID 768 wrote to memory of 1924	768	setup_install.exe	34
PID 768 wrote to memory of 1924	768	setup_install.exe	34
PID 768 wrote to memory of 1924	768	setup_install.exe	34
PID 768 wrote to memory of 1896	768	setup_install.exe	37
PID 768 wrote to memory of 1896	768	setup_install.exe	37
PID 768 wrote to memory of 1896	768	setup_install.exe	37
PID 768 wrote to memory of 1896	768	setup_install.exe	37
PID 768 wrote to memory of 1896	768	setup_install.exe	37
PID 768 wrote to memory of 1896	768	setup_install.exe	37
PID 768 wrote to memory of 1896	768	setup_install.exe	37
PID 768 wrote to memory of 1724	768	setup_install.exe	35
PID 768 wrote to memory of 1724	768	setup_install.exe	35
PID 768 wrote to memory of 1724	768	setup_install.exe	35
PID 768 wrote to memory of 1724	768	setup_install.exe	35
PID 768 wrote to memory of 1724	768	setup_install.exe	35
PID 768 wrote to memory of 1724	768	setup_install.exe	35
PID 768 wrote to memory of 1724	768	setup_install.exe	35
PID 1180 wrote to memory of 1768	1180	cmd.exe	36
PID 1180 wrote to memory of 1768	1180	cmd.exe	36
PID 1180 wrote to memory of 1768	1180	cmd.exe	36
PID 1180 wrote to memory of 1768	1180	cmd.exe	36
PID 768 wrote to memory of 1940	768	setup_install.exe	38
PID 768 wrote to memory of 1940	768	setup_install.exe	38
PID 768 wrote to memory of 1940	768	setup_install.exe	38
PID 768 wrote to memory of 1940	768	setup_install.exe	38

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads