c78468e0c0080700cb378ddb67268ebaa0d5a036f192a70e604a5076682474f9

Submit
Reports

Overview

overview

Static

static

f5068e95e1...T1.exe

windows10-2004_x64

f5068e95e1...dH.exe

windows10-2004_x64

f5068e95e1...ty.ps1

windows10-2004_x64

f5068e95e1...st.exe

windows10-2004_x64

f5068e95e1...cb.exe

windows10-2004_x64

f5068e95e1...ry.ps1

windows10-2004_x64

f5068e95e1...ue.ps1

windows10-2004_x64

f5068e95e1...me.ps1

windows10-2004_x64

f5068e95e1...ry.ps1

windows10-2004_x64

f5068e95e1...ue.ps1

windows10-2004_x64

f5068e95e1...ry.ps1

windows10-2004_x64

f5068e95e1...me.ps1

windows10-2004_x64

f5068e95e1...ue.ps1

windows10-2004_x64

f5068e95e1...UI.exe

windows10-2004_x64

f5068e95e1...nl.ps1

windows10-2004_x64

f5068e95e1...wp.exe

windows10-2004_x64

f5068e95e1...zg.exe

windows10-2004_x64

f5068e95e1...st.exe

windows10-2004_x64

f5068e95e1...tb.exe

windows10-2004_x64

f5068e95e1...ar.exe

windows10-2004_x64

Analysis

max time kernel
98s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
17-06-2022 21:38

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/A8O1E003-R4Q1-P8Q3-X4A6-Y2R2V7W0G8T1.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/BIozhqydH.exe

Resource

win10v2004-20220414-en

xpertrat evasion persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/CL_Utility.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/DismHost.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/IoJbxlqcb.exe

Resource

win10v2004-20220414-en

evasion trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/RS_AdminDiagnosticHistory.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/RS_MachineWERQueue.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/RS_SyncSystemTime.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/RS_UserDiagnosticHistory.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/RS_UserWERQueue.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/TS_DiagnosticHistory.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/TS_InaccurateSystemTime.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/TS_WERQueue.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/Video.UI.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/__PSScriptPolicyTest_eg4nc2yx.0nl.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/aspnet_wp.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/esfctKdzg.exe

Resource

win10v2004-20220414-en

evasion trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/smsvchost.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/w..orIFtb.exe

Resource

win10v2004-20220414-en

xpertrat evasion persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/xpertwar.exe

Resource

win10v2004-20220414-en

warzonerat infostealer rat

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/smsvchost.exe
Size

135KB
MD5

a35d38a33a4de8ea83fbd73524daa0d2
SHA1

e53c001aa497552dddf5915ddcb23b550b06aae6
SHA256

092705c17d057e86ea25b269819ccffd21a2f72a8563cfbe2941a38559e13620
SHA512

73ef7125658691a92dd8632cba20708502efcbf7d9b02a005a08748a33aea91d1e703fa7c6d60a39d1291197a8bd9f45433fc3f010149628789210780040d09c

Score

1^/10

Malware Config

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\smsvchost.exe
"C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\smsvchost.exe"
1⤵
PID:3888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3888-130-0x00000204C09B0000-0x00000204C09D4000-memory.dmp

Filesize
144KB

Download
memory/3888-131-0x00000204C0D20000-0x00000204C0D5C000-memory.dmp

Filesize
240KB

Download
memory/3888-132-0x00007FFF9A210000-0x00007FFF9ACD1000-memory.dmp

Filesize
10.8MB

Download
memory/3888-133-0x00007FFF9A210000-0x00007FFF9ACD1000-memory.dmp

Filesize
10.8MB

Download