metasploit | 118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

Analysis

max time kernel
148s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-06-2022 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
Size

339KB
MD5

7b510ac6a2a91e5ee5ede16619e4f73b
SHA1

04ed62ed049e305459d2ca9626a00e909e5add07
SHA256

118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d
SHA512

cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Executes dropped EXE 14 IoCs

Processes:

igfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

pid	process
1060	igfxdwx32.exe
684	igfxdwx32.exe
1636	igfxdwx32.exe
320	igfxdwx32.exe
1180	igfxdwx32.exe
1100	igfxdwx32.exe
1240	igfxdwx32.exe
1096	igfxdwx32.exe
1536	igfxdwx32.exe
1596	igfxdwx32.exe
1728	igfxdwx32.exe
1932	igfxdwx32.exe
736	igfxdwx32.exe
432	igfxdwx32.exe

Deletes itself 1 IoCs

Processes:

igfxdwx32.exe

pid process

1060 igfxdwx32.exe

Loads dropped DLL 28 IoCs

Processes:

118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

pid	process
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
320	igfxdwx32.exe
320	igfxdwx32.exe
1180	igfxdwx32.exe
1180	igfxdwx32.exe
1100	igfxdwx32.exe
1100	igfxdwx32.exe
1240	igfxdwx32.exe
1240	igfxdwx32.exe
1096	igfxdwx32.exe
1096	igfxdwx32.exe
1536	igfxdwx32.exe
1536	igfxdwx32.exe
1596	igfxdwx32.exe
1596	igfxdwx32.exe
1728	igfxdwx32.exe
1728	igfxdwx32.exe
1932	igfxdwx32.exe
1932	igfxdwx32.exe
736	igfxdwx32.exe
736	igfxdwx32.exe

Maps connected drives based on registry 3 TTPs 30 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

igfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe

Drops file in System32 directory 42 IoCs

Processes:

igfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs

Processes:

pid	process
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1060	igfxdwx32.exe
684	igfxdwx32.exe
1636	igfxdwx32.exe
320	igfxdwx32.exe
1180	igfxdwx32.exe
1100	igfxdwx32.exe
1240	igfxdwx32.exe
1096	igfxdwx32.exe
1536	igfxdwx32.exe
1596	igfxdwx32.exe
1728	igfxdwx32.exe
1932	igfxdwx32.exe
736	igfxdwx32.exe
432	igfxdwx32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

pid	process
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
1060	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
684	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
1636	igfxdwx32.exe
320	igfxdwx32.exe
320	igfxdwx32.exe
320	igfxdwx32.exe
320	igfxdwx32.exe

Suspicious use of WriteProcessMemory 56 IoCs

Processes:

description	pid	process	target process
PID 1100 wrote to memory of 1060	1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe	igfxdwx32.exe
PID 1100 wrote to memory of 1060	1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe	igfxdwx32.exe
PID 1100 wrote to memory of 1060	1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe	igfxdwx32.exe
PID 1100 wrote to memory of 1060	1100	118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe	igfxdwx32.exe
PID 1060 wrote to memory of 684	1060	igfxdwx32.exe	igfxdwx32.exe
PID 1060 wrote to memory of 684	1060	igfxdwx32.exe	igfxdwx32.exe
PID 1060 wrote to memory of 684	1060	igfxdwx32.exe	igfxdwx32.exe
PID 1060 wrote to memory of 684	1060	igfxdwx32.exe	igfxdwx32.exe
PID 684 wrote to memory of 1636	684	igfxdwx32.exe	igfxdwx32.exe
PID 684 wrote to memory of 1636	684	igfxdwx32.exe	igfxdwx32.exe
PID 684 wrote to memory of 1636	684	igfxdwx32.exe	igfxdwx32.exe
PID 684 wrote to memory of 1636	684	igfxdwx32.exe	igfxdwx32.exe
PID 1636 wrote to memory of 320	1636	igfxdwx32.exe	igfxdwx32.exe
PID 1636 wrote to memory of 320	1636	igfxdwx32.exe	igfxdwx32.exe
PID 1636 wrote to memory of 320	1636	igfxdwx32.exe	igfxdwx32.exe
PID 1636 wrote to memory of 320	1636	igfxdwx32.exe	igfxdwx32.exe
PID 320 wrote to memory of 1180	320	igfxdwx32.exe	igfxdwx32.exe
PID 320 wrote to memory of 1180	320	igfxdwx32.exe	igfxdwx32.exe
PID 320 wrote to memory of 1180	320	igfxdwx32.exe	igfxdwx32.exe
PID 320 wrote to memory of 1180	320	igfxdwx32.exe	igfxdwx32.exe
PID 1180 wrote to memory of 1100	1180	igfxdwx32.exe	igfxdwx32.exe
PID 1180 wrote to memory of 1100	1180	igfxdwx32.exe	igfxdwx32.exe
PID 1180 wrote to memory of 1100	1180	igfxdwx32.exe	igfxdwx32.exe
PID 1180 wrote to memory of 1100	1180	igfxdwx32.exe	igfxdwx32.exe
PID 1100 wrote to memory of 1240	1100	igfxdwx32.exe	igfxdwx32.exe
PID 1100 wrote to memory of 1240	1100	igfxdwx32.exe	igfxdwx32.exe
PID 1100 wrote to memory of 1240	1100	igfxdwx32.exe	igfxdwx32.exe
PID 1100 wrote to memory of 1240	1100	igfxdwx32.exe	igfxdwx32.exe
PID 1240 wrote to memory of 1096	1240	igfxdwx32.exe	igfxdwx32.exe
PID 1240 wrote to memory of 1096	1240	igfxdwx32.exe	igfxdwx32.exe
PID 1240 wrote to memory of 1096	1240	igfxdwx32.exe	igfxdwx32.exe
PID 1240 wrote to memory of 1096	1240	igfxdwx32.exe	igfxdwx32.exe
PID 1096 wrote to memory of 1536	1096	igfxdwx32.exe	igfxdwx32.exe
PID 1096 wrote to memory of 1536	1096	igfxdwx32.exe	igfxdwx32.exe
PID 1096 wrote to memory of 1536	1096	igfxdwx32.exe	igfxdwx32.exe
PID 1096 wrote to memory of 1536	1096	igfxdwx32.exe	igfxdwx32.exe
PID 1536 wrote to memory of 1596	1536	igfxdwx32.exe	igfxdwx32.exe
PID 1536 wrote to memory of 1596	1536	igfxdwx32.exe	igfxdwx32.exe
PID 1536 wrote to memory of 1596	1536	igfxdwx32.exe	igfxdwx32.exe
PID 1536 wrote to memory of 1596	1536	igfxdwx32.exe	igfxdwx32.exe
PID 1596 wrote to memory of 1728	1596	igfxdwx32.exe	igfxdwx32.exe
PID 1596 wrote to memory of 1728	1596	igfxdwx32.exe	igfxdwx32.exe
PID 1596 wrote to memory of 1728	1596	igfxdwx32.exe	igfxdwx32.exe
PID 1596 wrote to memory of 1728	1596	igfxdwx32.exe	igfxdwx32.exe
PID 1728 wrote to memory of 1932	1728	igfxdwx32.exe	igfxdwx32.exe
PID 1728 wrote to memory of 1932	1728	igfxdwx32.exe	igfxdwx32.exe
PID 1728 wrote to memory of 1932	1728	igfxdwx32.exe	igfxdwx32.exe
PID 1728 wrote to memory of 1932	1728	igfxdwx32.exe	igfxdwx32.exe
PID 1932 wrote to memory of 736	1932	igfxdwx32.exe	igfxdwx32.exe
PID 1932 wrote to memory of 736	1932	igfxdwx32.exe	igfxdwx32.exe
PID 1932 wrote to memory of 736	1932	igfxdwx32.exe	igfxdwx32.exe
PID 1932 wrote to memory of 736	1932	igfxdwx32.exe	igfxdwx32.exe
PID 736 wrote to memory of 432	736	igfxdwx32.exe	igfxdwx32.exe
PID 736 wrote to memory of 432	736	igfxdwx32.exe	igfxdwx32.exe
PID 736 wrote to memory of 432	736	igfxdwx32.exe	igfxdwx32.exe
PID 736 wrote to memory of 432	736	igfxdwx32.exe	igfxdwx32.exe

C:\Users\Admin\AppData\Local\Temp\118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe
"C:\Users\Admin\AppData\Local\Temp\118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1100

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Users\Admin\AppData\Local\Temp\118BE7~1.EXE
2⤵
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1060

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:684

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1636

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:320

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1180

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1100

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1240

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
9⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1096

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
10⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1536

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
11⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1596

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
12⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1728

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
13⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1932

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
14⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:736

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
15⤵
- Executes dropped EXE
- Maps connected drives based on registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:432

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\??\PIPE\srvsvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\PIPE\srvsvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\PIPE\srvsvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\PIPE\srvsvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\PIPE\srvsvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
\Windows\SysWOW64\igfxdwx32.exe
Filesize
339KB

MD5
7b510ac6a2a91e5ee5ede16619e4f73b

SHA1
04ed62ed049e305459d2ca9626a00e909e5add07

SHA256
118be799dbd2f451b4b84584600de318047f1ae26e6585f146067584e344df5d

SHA512
cb33e7c884c79d593ad5e6ad9324831a39270581d41f7ec8d14eaf04a38796df20f3bcc5caf9ff750cd33588697445c3440828bb269d9e7f8947c39fbcb4105a

Download Submit
memory/320-89-0x0000000000000000-mapping.dmp

Download
memory/320-101-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/320-95-0x00000000002E0000-0x00000000002E4000-memory.dmp

Filesize
16KB

Download
memory/320-94-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/432-185-0x0000000000000000-mapping.dmp

Download
memory/432-191-0x0000000000260000-0x0000000000264000-memory.dmp

Filesize
16KB

Download
memory/432-190-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/684-83-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/684-77-0x0000000000220000-0x0000000000224000-memory.dmp

Filesize
16KB

Download
memory/684-75-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/684-74-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/684-70-0x0000000000000000-mapping.dmp

Download
memory/736-181-0x0000000000360000-0x0000000000364000-memory.dmp

Filesize
16KB

Download
memory/736-180-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/736-187-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/736-175-0x0000000000000000-mapping.dmp

Download
memory/1060-60-0x0000000000000000-mapping.dmp

Download
memory/1060-73-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1060-65-0x0000000000260000-0x0000000000264000-memory.dmp

Filesize
16KB

Download
memory/1060-66-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1096-126-0x0000000000000000-mapping.dmp

Download
memory/1096-139-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1096-132-0x00000000003F0000-0x00000000003F4000-memory.dmp

Filesize
16KB

Download
memory/1096-131-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1100-57-0x00000000002A0000-0x00000000002A4000-memory.dmp

Filesize
16KB

Download
memory/1100-108-0x0000000000000000-mapping.dmp

Download
memory/1100-55-0x0000000074B51000-0x0000000074B53000-memory.dmp

Filesize
8KB

Download
memory/1100-113-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1100-56-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1100-120-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1100-114-0x0000000000260000-0x0000000000264000-memory.dmp

Filesize
16KB

Download
memory/1100-63-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1100-54-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1180-105-0x00000000002A0000-0x00000000002A4000-memory.dmp

Filesize
16KB

Download
memory/1180-99-0x0000000000000000-mapping.dmp

Download
memory/1180-104-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1180-111-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1240-128-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1240-123-0x0000000000220000-0x0000000000224000-memory.dmp

Filesize
16KB

Download
memory/1240-122-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1240-117-0x0000000000000000-mapping.dmp

Download
memory/1536-142-0x00000000002A0000-0x00000000002A4000-memory.dmp

Filesize
16KB

Download
memory/1536-148-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1536-141-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1536-136-0x0000000000000000-mapping.dmp

Download
memory/1596-150-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1596-146-0x0000000000000000-mapping.dmp

Download
memory/1596-152-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1596-153-0x0000000000220000-0x0000000000224000-memory.dmp

Filesize
16KB

Download
memory/1596-159-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1636-80-0x0000000000000000-mapping.dmp

Download
memory/1636-91-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1636-86-0x0000000000220000-0x0000000000224000-memory.dmp

Filesize
16KB

Download
memory/1636-85-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1728-162-0x0000000000320000-0x0000000000324000-memory.dmp

Filesize
16KB

Download
memory/1728-156-0x0000000000000000-mapping.dmp

Download
memory/1728-161-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1728-169-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1932-178-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/1932-172-0x0000000000220000-0x0000000000224000-memory.dmp

Filesize
16KB

Download
memory/1932-166-0x0000000000000000-mapping.dmp

Download
memory/1932-171-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads