73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574

Analysis

max time kernel
89s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
Size

366KB
MD5

2a3c4a7d14293283d71eb5aa5abba166
SHA1

afb2f358c509b6e5788b5a9f5f07813a6c8a6a47
SHA256

73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574
SHA512

2a88bd9e8ebf76567977065cfbd8b94fd15e657e993ff22a062cf251925c466d6348bb6d9aa0ff9beecdb8eedc4f3d13337e4b18f23dbf26e3dc080dd61048a5
SSDEEP

6144:llrbhp6z9dIcea10yHTRPPYU+1ZPjhnvrLcfFEvmuKOb/l:b/hp6z9qW0OPP7+17zYfFamGR

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\Offline Web Pages\desktop.ini	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Downloaded Program Files\desktop.ini	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe

Drops autorun.inf file 1 TTPs 1 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\WINDOWS\winsxs\x86_microsoft-windows-s..ccessagent-binaries_31bf3856ad364e35_6.1.7600.16385_none_de06b4fbd5b45f78\autorun.inf	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-Graphics-Package~31bf3856ad364e35~amd64~ar-SA~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-Graphics-Package~31bf3856ad364e35~amd64~ro-RO~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Branding-HomePremium-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Help-CoreClientUAPS-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NFS-ClientSKU-Package~31bf3856ad364e35~amd64~it-IT~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PlatformUpdate-Win7-SRV08R2-Package-MiniLP~31bf3856ad364e35~amd64~hi-IN~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TabletPC-OC-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-UIAnimation-WinIP-Package~31bf3856ad364e35~amd64~pt-PT~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Server-Help-Package.ClientEnterprise~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Shell-WinIP-Package~31bf3856ad364e35~amd64~lt-LT~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Windows-WinIP-Package~31bf3856ad364e35~amd64~nl-NL~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Windows-WinIP-Package~31bf3856ad364e35~amd64~sv-SE~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ParentalControls-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Server-Help-Package.ClientUltimate~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-Graphics-Package~31bf3856ad364e35~amd64~de-DE~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Killbits-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-MiscRedirection-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Base-WinIP-Package~31bf3856ad364e35~amd64~tr-TR~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Branding-Ultimate-Client-Package~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Security-SPP-Component-SKU-Professional-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SNMP-Package~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Windows-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-Graphics-Package~31bf3856ad364e35~amd64~et-EE~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~fr-FR~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-SideShow-Package~31bf3856ad364e35~amd64~ja-JP~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoPremiumPackage~31bf3856ad364e35~amd64~ja-JP~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PlatformUpdate-Win7-SRV08R2-Package~31bf3856ad364e35~amd64~pl-PL~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RasRip-Package~31bf3856ad364e35~amd64~ja-JP~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-RemoteApplications-Client-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PlatformUpdate-Win7-SRV08R2-Package~31bf3856ad364e35~amd64~fr-FR~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-CommandLineTools-Package~31bf3856ad364e35~amd64~fr-FR~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Com-WinIP-Package~31bf3856ad364e35~amd64~hi-IN~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoPremiumPackage~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-UsbRedirector-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Windows-WinIP-Package~31bf3856ad364e35~amd64~ro-RO~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-WinIP-Package~31bf3856ad364e35~amd64~ja-JP~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-Publishing-WMIProvider-Package~31bf3856ad364e35~amd64~ja-JP~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot2\edb.log	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~it-IT~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~es-ES~8.0.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Links-Package~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MSMQ-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printer-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-Basic-Package~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PlatformUpdate-Win7-SRV08R2-Package~31bf3856ad364e35~amd64~sl-SI~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Shell-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\SQM\SQMLogger.etl.009	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-XPSServices-Package~31bf3856ad364e35~amd64~fr-FR~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SearchEngine-Client-Package~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-UIAnimation-WinIP-Package~31bf3856ad364e35~amd64~nl-NL~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-VirtualXP-Licensing-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Shell-WinIP-Package~31bf3856ad364e35~amd64~ro-RO~7.1.7601.16492.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Anytime-Upgrade-Results-Package~31bf3856ad364e35~amd64~ja-JP~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayback-OC-Package~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\Documents	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-e..-ehkorime.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5ec5e34432bd31c1.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_c6ff5262e5f5bccc.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-sechost.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c5c21cb412fe6872.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_prnnr004.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_ja-jp_5f3ca57632185e0d.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\msil_microsoft.powershell.security.resources_31bf3856ad364e35_6.1.7600.16385_es-es_40ec66ba6c8141bc.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\msil_system.data.linq.resources_b77a5c561934e089_6.1.7600.16385_de-de_4b5d7fbf7a2edfb4.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-i..oyment-languagepack_31bf3856ad364e35_6.1.7600.16385_fr-fr_3266742fc8b311a6.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-p..sions-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_48452452cb99e1ab.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_wiaep003.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c503c8b906ca5a67.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\wow64_microsoft-windows-i..orer-oob-deployment_31bf3856ad364e35_11.2.9600.16428_none_410c5d17162fbf5c.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-b..smcnative.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_33b1139ec9f8320f.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-m..oyment-languagepack_31bf3856ad364e35_6.1.7601.17514_ja-jp_018c73d2f578603a.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-winhstb.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5d20117e04d515ab.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\msil_microsoft.grouppolicy.mtedit.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_48a1a0db3a2cf16f.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_infocard.resources_b77a5c561934e089_6.1.7600.16385_it-it_d2057157b6cfc267.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-w..cture-bsp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_cc59010f705fcd5b.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\x86_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4a804f73de447d90.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_arcsas.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_510279f9c2c9e226.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4e424acccf0e6229.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-h..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_96a484a84f78da33.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-http.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fb951396ba218adf.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-m..-core-dll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e0184e3b8b1d379f.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_usbport.inf.resources_31bf3856ad364e35_6.1.7601.17514_it-it_d8dd924287a17604.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cdc890961bc0fbb5.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-btpanui-mui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7270bdbdac0d251b.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-help-gamesp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_accbdbbdc6c9ade2.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-help-netvsta.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3fb126deffbf590.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-msidntld.resources_31bf3856ad364e35_6.1.7600.16385_es-es_42235341461a8ebc.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_291fcdc47374947b.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_50b55ae14cadb72f.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-tapiservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e2962c21fb8089b0.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_mstape.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_de-de_dff25c3c6349b2a0.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_netefe3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_36116b6b901641ec.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_prnca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d7fab1a039b9bdf.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-keymgr.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a15f6ee36aeb211e.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_monitor.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_it-it_cac177af22a0dffc.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\wow64_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a64add3cc20684f4.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ec3f1f5c9198800e.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6a51528581d60122.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-g..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cee0dc7e6801b4d2.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dc4b94f4bb5022b9.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_prnlx00b.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_de-de_2dd17868b34b33b2.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-m..cconf-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_68e57da8199bff23.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-twext.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b5cc1998144d889f.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_b35e5a8cb554f3c8.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-xwizards.resources_31bf3856ad364e35_6.1.7600.16385_de-de_993bc9a14d0e69fb.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_prnep00f.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_it-it_e8605a166a647e81.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_server-help-chm.iscsi_init.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0f688b14cad0cdba.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-icsigd.resources_31bf3856ad364e35_6.1.7600.16385_es-es_14256cc5377d4e42.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-efs-service.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4b5ad37c597b9f43.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-s..erbox-isv.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_05b7fa9032648909.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_059f0642d7c8765f.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-console.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7c9946fa4ef9cd36.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_prnle002.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_fr-fr_c48596fe99046941.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.1.7600.16385_es-es_be37c0db50700273.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-security-base-l1-1-0.dll	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-t..er-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4ac16a21a5d19878.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-t..input-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3c1b18d940d45d5d.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-t..tpc-uihub.resources_31bf3856ad364e35_6.1.7600.16385_it-it_48f6cad2db6fb5ec.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3a7cc0feedc7d665.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\wow64_microsoft-windows-i..tptracing.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b524e9dadce1dc4.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-netplwiz.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2f005af71cb5714a.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-x..nrollment.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_efdfcb5915f876ae.manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1308	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
1308	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
1308	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
1308	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
1308	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
1308	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe

C:\Users\Admin\AppData\Local\Temp\73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
"C:\Users\Admin\AppData\Local\Temp\73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe"
1⤵
- Drops desktop.ini file(s)
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads