metasploit | 70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4

General

Target

70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Size

4.3MB
MD5

df6ae2867d29e6032cf7514fb264ad25
SHA1

866b087fdb3cfdb0114bb9514c9138b60cc9d3cf
SHA256

70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4
SHA512

57b882d8d9e4832d406de476b1a054aeb1c42bdeccdb6a46631f8feaa66926f86f0452bdcd6cb735826b031b941e55039623947cc151bb11d7100e81aa2d1186

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1552 932 WerFault.exe 70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe

pid	pid_target	process	target process
1552	932	WerFault.exe	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-104 = "Central Brazilian Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2042 = "Eastern Standard Time (Mexico)"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-891 = "Morocco Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-871 = "Pakistan Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-381 = "South Africa Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2632 = "Norfolk Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-792 = "SA Western Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-681 = "E. Australia Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-391 = "Arab Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-352 = "FLE Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2412 = "Marquesas Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1821 = "Russia TZ 1 Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-171 = "Central Daylight Time (Mexico)"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-621 = "Korea Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2182 = "Astrakhan Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-572 = "China Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-411 = "E. Africa Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-232 = "Hawaiian Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-622 = "Korea Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-448 = "Azerbaijan Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2792 = "Novosibirsk Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1042 = "Ulaanbaatar Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2141 = "Transbaikal Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2451 = "Saint Pierre Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1801 = "Line Islands Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-532 = "Sri Lanka Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-691 = "Tasmania Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-201 = "US Mountain Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-492 = "India Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-562 = "SE Asia Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-692 = "Tasmania Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-52 = "Greenland Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1911 = "Russia TZ 10 Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2571 = "Turks and Caicos Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2512 = "Lord Howe Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2321 = "Sakhalin Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-932 = "Coordinated Universal Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-461 = "Afghanistan Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1041 = "Ulaanbaatar Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-432 = "Iran Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1822 = "Russia TZ 1 Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-981 = "Kamchatka Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1472 = "Magadan Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-222 = "Alaskan Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1841 = "Russia TZ 4 Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-731 = "Fiji Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1912 = "Russia TZ 10 Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-751 = "Tonga Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1722 = "Libya Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1721 = "Libya Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1892 = "Russia TZ 3 Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2452 = "Saint Pierre Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-511 = "Central Asia Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-362 = "GTB Standard Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-334 = "Jordan Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2411 = "Marquesas Daylight Time"	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe

pid	process
2524	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
2524	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe

description	pid	process
Token: SeDebugPrivilege	2524	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
Token: SeImpersonatePrivilege	2524	70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe

C:\Users\Admin\AppData\Local\Temp\70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
"C:\Users\Admin\AppData\Local\Temp\70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2524

C:\Users\Admin\AppData\Local\Temp\70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe
"C:\Users\Admin\AppData\Local\Temp\70aed0f648b35cc5ed91c375f98e2c62cbb41777a3c8dc13d6bb05782dcd8fc4.exe"
2⤵
- Modifies data under HKEY_USERS
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 752
3⤵
- Program crash
PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/932-121-0x0000000003E65000-0x0000000004274000-memory.dmp

Filesize
4.1MB

Download
memory/932-122-0x0000000000400000-0x0000000002000000-memory.dmp

Filesize
28.0MB

Download
memory/2524-118-0x0000000003FA6000-0x00000000043B5000-memory.dmp

Filesize
4.1MB

Download
memory/2524-120-0x0000000000400000-0x0000000002000000-memory.dmp

Filesize
28.0MB

Download
memory/2524-119-0x00000000043C0000-0x0000000004C62000-memory.dmp

Filesize
8.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads