Analysis
-
max time kernel
275s -
max time network
282s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
18-12-2021 17:08
General
-
Target
https://dropmefiles.com/8khut
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 2 IoCs
-
Themida packer 6 IoCs
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 37 IoCs
-
Suspicious behavior: EnumeratesProcesses 31 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 50 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://dropmefiles.com/8khut1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdfed54f50,0x7ffdfed54f60,0x7ffdfed54f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1500 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1692 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1976 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4104 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5796 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6428 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6420 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5872 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6000 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6004 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6520 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5232 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6504 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1492 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5424 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1800 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6684 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4448 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5184 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1972 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4404 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3552 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=772 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,5707214604194274094,16988351899451172931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:82⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\1.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\1.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\Dunp\Nemesis.exe"C:\Users\Admin\Desktop\Dunp\Nemesis.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\AAA.exe"C:\Users\Admin\Desktop\AAA.exe"1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\AAA.exe"C:\Users\Admin\Desktop\AAA.exe"1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\Dunp\Nemesis.exe"C:\Users\Admin\Desktop\Dunp\Nemesis.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\AAA_dump.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap4109:52:7zEvent845 -ad -saa -- "C:\Users\Admin\Desktop\1"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Nemesis.exe.logMD5
482939905085e4c8bed6f8ba5d60eb4e
SHA1a30c3f714e7bbf8dd0bd397033a15d08ecd059a2
SHA25661678fdbc35aa9dd1071a9ef915503d95761f6fbbf4b9015abc67f33747180b8
SHA51254bd0f9ff32e855c7573a29e23bfad99a82dc5952000bd1c90518bcf2a5464422a42cd8d9caa056559bef5cac32489619991d43fa4a38ee00f19fc2114581685
-
C:\Users\Admin\Desktop\1.7zMD5
2b7d841068200efbf6647f0de56b057b
SHA1efb3f0be9288d2313b13eaf8c690d89cb65f7dd7
SHA256c2f2c727cc47e61498f0319b4b9fb02c3f3a15ac442e06d9b9432e41904a654d
SHA512134c765658357bcb8beb076c0ce7ea80159074a2400e82f8816808307ca9783d77a73deb42806e60851c5bfd03a4c37ac811c027509a2cf054bb799ec4421616
-
C:\Users\Admin\Desktop\AAA.exeMD5
8fbe8e44ef0cd24f09c6d4aa4a4556da
SHA142a8b4a8a9f6892aea1eb1f899af36f68ec8da9b
SHA256ffde65c45bb1a3c2c1724d96ebaa7452cef826dff3f8ea0954e49d1dab256f03
SHA512d841ecc4bbee6ebc7b24de08de9b3cb501836d69a61f859f1ddc14a1c592b3a855bce2e6e09cfb5893f084f2a89db33246323de05c0fa72c5ea5eecdc16e24ff
-
C:\Users\Admin\Desktop\AAA.exeMD5
8fbe8e44ef0cd24f09c6d4aa4a4556da
SHA142a8b4a8a9f6892aea1eb1f899af36f68ec8da9b
SHA256ffde65c45bb1a3c2c1724d96ebaa7452cef826dff3f8ea0954e49d1dab256f03
SHA512d841ecc4bbee6ebc7b24de08de9b3cb501836d69a61f859f1ddc14a1c592b3a855bce2e6e09cfb5893f084f2a89db33246323de05c0fa72c5ea5eecdc16e24ff
-
C:\Users\Admin\Desktop\AAA.exeMD5
8fbe8e44ef0cd24f09c6d4aa4a4556da
SHA142a8b4a8a9f6892aea1eb1f899af36f68ec8da9b
SHA256ffde65c45bb1a3c2c1724d96ebaa7452cef826dff3f8ea0954e49d1dab256f03
SHA512d841ecc4bbee6ebc7b24de08de9b3cb501836d69a61f859f1ddc14a1c592b3a855bce2e6e09cfb5893f084f2a89db33246323de05c0fa72c5ea5eecdc16e24ff
-
C:\Users\Admin\Desktop\AAA_dump.exeMD5
f55bac8863d5269d243be75fe8c6c302
SHA10092970da6e44413ca9c86d627a722037c2830e0
SHA256e5567dc97c559668bb0bc6faf97ea65c35d9b45b03ca117ca09800f9856fad03
SHA512ea77bd1fb4f3b8ac35e61e01bd56549ac5fc9018043de944fd58fce870e14585f108a8524f7088de90ef6abebd9783f57dc63a3da0a188f7d4c03020b2d5c08f
-
C:\Users\Admin\Desktop\Dunp\MetroFramework.Fonts.dllMD5
65ef4b23060128743cef937a43b82aa3
SHA1cc72536b84384ec8479b9734b947dce885ef5d31
SHA256c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26
SHA512d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7
-
C:\Users\Admin\Desktop\Dunp\MetroFramework.dllMD5
34ea7f7d66563f724318e322ff08f4db
SHA1d0aa8038a92eb43def2fffbbf4114b02636117c5
SHA256c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49
SHA512dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148
-
C:\Users\Admin\Desktop\Dunp\Nemesis.dllMD5
cb105d3e5eb5a8f6ecedb6d8f4b757a1
SHA116f7830713eac8874bd04db23bed21c4197613ff
SHA25655db85679a03270f13c82afac7c09d61743b087c7337297ffd77a27d393a5f8e
SHA512d282bbc66eac7102cebf6bdefa1ed44874a3759f234116efb1f9bbaf1eab84f55cbab9b91fe76e64a5b332f5cdcef6658db6626b51a81179d72fc5a650ed9f07
-
C:\Users\Admin\Desktop\Dunp\Nemesis.exeMD5
9635d5391c79b7dd9836211e7782bd95
SHA15b611f7014ec17a2ded672a7c9f9c3cf32ba88cf
SHA256c794abac9761a004f8c2821fa745591d2bd641380fb17d020f6452f0a6b24328
SHA51266ae80c2d89eb8cc865562423f84992d155f8204e19c8b079de4265a1550ad4e857debbb1ef0c32489f0049692a4be649b56291aa2064ab0f312ab5cc373366b
-
C:\Users\Admin\Desktop\Dunp\Nemesis.exeMD5
9635d5391c79b7dd9836211e7782bd95
SHA15b611f7014ec17a2ded672a7c9f9c3cf32ba88cf
SHA256c794abac9761a004f8c2821fa745591d2bd641380fb17d020f6452f0a6b24328
SHA51266ae80c2d89eb8cc865562423f84992d155f8204e19c8b079de4265a1550ad4e857debbb1ef0c32489f0049692a4be649b56291aa2064ab0f312ab5cc373366b
-
C:\Users\Admin\Desktop\Dunp\Nemesis.exeMD5
9635d5391c79b7dd9836211e7782bd95
SHA15b611f7014ec17a2ded672a7c9f9c3cf32ba88cf
SHA256c794abac9761a004f8c2821fa745591d2bd641380fb17d020f6452f0a6b24328
SHA51266ae80c2d89eb8cc865562423f84992d155f8204e19c8b079de4265a1550ad4e857debbb1ef0c32489f0049692a4be649b56291aa2064ab0f312ab5cc373366b
-
C:\Users\Admin\Desktop\Dunp\Nemesis.exe.configMD5
bc1bd48124e30ae229e8e737a4f7255f
SHA1dccc5aa0c30844a71dc58a1d14466cc5c1304685
SHA256bfc4546fb1d03580a6ab7d8e2cd4065fe8d1601e0fea2b0f487b8c5c4e26f70b
SHA512a77e25fa230b5fefe8a1e56edd84c250df2d8255abf6cfa4730e1e839185d590789a5ec19cd995dba7052e64f69a090996e5b740584fd0ab27cbee78f9e7251b
-
C:\Users\Admin\Downloads\1.rarMD5
befa89b2796239638ea2f7c7cae15605
SHA18db31df29f21f8b22561e35403da513ec8abfcc7
SHA256ce2428a7b3305d4bd1404da9039da21e2cd9bcd1f2b033b2f530666ec375288b
SHA512ca61e6a077317a02d9fb0414c1dd211c4620eb2c5e1ac348e244a328872c218d07883568204c54de1dab15ba4d010a7da077f47ae74c5b565190bb02be7d7fad
-
\??\pipe\crashpad_2372_GNCLISBAWDSNVEBAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Users\Admin\Desktop\Dunp\Nemesis.dllMD5
cb105d3e5eb5a8f6ecedb6d8f4b757a1
SHA116f7830713eac8874bd04db23bed21c4197613ff
SHA25655db85679a03270f13c82afac7c09d61743b087c7337297ffd77a27d393a5f8e
SHA512d282bbc66eac7102cebf6bdefa1ed44874a3759f234116efb1f9bbaf1eab84f55cbab9b91fe76e64a5b332f5cdcef6658db6626b51a81179d72fc5a650ed9f07
-
\Users\Admin\Desktop\Dunp\Nemesis.dllMD5
cb105d3e5eb5a8f6ecedb6d8f4b757a1
SHA116f7830713eac8874bd04db23bed21c4197613ff
SHA25655db85679a03270f13c82afac7c09d61743b087c7337297ffd77a27d393a5f8e
SHA512d282bbc66eac7102cebf6bdefa1ed44874a3759f234116efb1f9bbaf1eab84f55cbab9b91fe76e64a5b332f5cdcef6658db6626b51a81179d72fc5a650ed9f07
-
memory/1968-124-0x000002C29EFA0000-0x000002C29EFA1000-memory.dmpFilesize
4KB
-
memory/1968-128-0x000002C29EFE2000-0x000002C29EFE4000-memory.dmpFilesize
8KB
-
memory/1968-130-0x000002C29EFE4000-0x000002C29EFE5000-memory.dmpFilesize
4KB
-
memory/1968-120-0x000002C29D2B0000-0x000002C29D2B1000-memory.dmpFilesize
4KB
-
memory/1968-123-0x000002C29EF10000-0x000002C29EF11000-memory.dmpFilesize
4KB
-
memory/1968-140-0x000002C29EFE9000-0x000002C29EFEF000-memory.dmpFilesize
24KB
-
memory/1968-129-0x000002C29EFE5000-0x000002C29EFE7000-memory.dmpFilesize
8KB
-
memory/1968-126-0x000002C2BAB60000-0x000002C2BAB61000-memory.dmpFilesize
4KB
-
memory/1968-127-0x000002C29EFE0000-0x000002C29EFE2000-memory.dmpFilesize
8KB
-
memory/1968-133-0x000002C29EFE7000-0x000002C29EFE9000-memory.dmpFilesize
8KB
-
memory/2224-142-0x0000000140000000-0x0000000140831000-memory.dmpFilesize
8.2MB
-
memory/2776-139-0x00007FFE0B960000-0x00007FFE0B962000-memory.dmpFilesize
8KB
-
memory/2776-136-0x0000000140000000-0x0000000140831000-memory.dmpFilesize
8.2MB
-
memory/3184-152-0x000002E1FBD40000-0x000002E1FBD42000-memory.dmpFilesize
8KB
-
memory/3184-153-0x000002E1FBD42000-0x000002E1FBD44000-memory.dmpFilesize
8KB
-
memory/3184-154-0x000002E1FBD44000-0x000002E1FBD45000-memory.dmpFilesize
4KB
-
memory/3184-156-0x000002E1FBD45000-0x000002E1FBD47000-memory.dmpFilesize
8KB
-
memory/3184-157-0x000002E1FBD47000-0x000002E1FBD49000-memory.dmpFilesize
8KB