73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574

Analysis

max time kernel
152s
max time network
2s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
Size

366KB
MD5

2a3c4a7d14293283d71eb5aa5abba166
SHA1

afb2f358c509b6e5788b5a9f5f07813a6c8a6a47
SHA256

73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574
SHA512

2a88bd9e8ebf76567977065cfbd8b94fd15e657e993ff22a062cf251925c466d6348bb6d9aa0ff9beecdb8eedc4f3d13337e4b18f23dbf26e3dc080dd61048a5
SSDEEP

6144:llrbhp6z9dIcea10yHTRPPYU+1ZPjhnvrLcfFEvmuKOb/l:b/hp6z9qW0OPP7+17zYfFamGR

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\prnms001.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\prnms009.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\F12	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\Diagtrack-Listener.etl.002	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\prnms001.Inf	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\MXDW-pipelineconfig.xml	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\SpoolerLogger.etl.002	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-constraints.js	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-pipelineconfig.xml	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem1.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\Configuration	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\DiagSvcs	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\MXDW.gpd	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\SecureBoot	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem0.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\Diagtrack-Listener.etl.007	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\Microsoft-Windows-Rdp-Graphics-RdpIdd-Trace.etl	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\International	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\Diagtrack-Listener.etl.003	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\microsoft-windows-hello-face-migration-package-Wrapper~31bf3856ad364e35~amd64~~10.0.19041.1202.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\SysFxUI.dll	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\WMALFXGFXDSP.dll	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\icuin.dll	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW_devmode_map.xml	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\Diagtrack-Listener.etl.001	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\Recovery	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\MXDW.gpd	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\NtfsLog.etl	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\ConfigCI	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\portcls.sys	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Hello-Face-Migration-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\drmk.sys	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\Scm\SCM.EVM.1	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\CloudExperienceHostOobe.etl.001	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\drmk.sys	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\WMALFXGFXDSP.dll	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\HdAudio.sys	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\prnms001.Inf	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\DeliveryOptimization	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\MXDW-manifest.ini	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\MMAgent	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-constraints.js	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\AppBackgroundTask	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\mxdwdui.dll	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\prnms009.Inf	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\Diagtrack-Listener.etl.004	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\RadioMgr.etl	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SysWOW64\Nui	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\prnms001.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\CloudExperienceHostOobe.etl.002	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\SpoolerLogger.etl.001	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\Wifi.etl	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Hello-Face-Migration-Package~31bf3856ad364e35~amd64~~10.0.19041.1202.cat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-manifest.ini	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\DriverStore\FileRepository\wdmaudio.inf_amd64_cb639d1f182bc449\portcls.sys	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\Scm\SCM.EVM.2	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\system32\LogFiles\WMI\NetCore.etl	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\Web\Wallpaper\Theme2	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Panther\setup.etl	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\PrintDialog	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\Favorites	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceState\EventLog\Data\lastalive1.dat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Web\Wallpaper\Theme1	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.LOG1	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\NetworkService\Desktop	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemResources\Windows.UI.SettingsHandlers-nt	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Tasks\SA.DAT	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\BitLockerDiscoveryVolumeContents	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Logs\SettingSync	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Offline Web Pages	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\NetworkService\Downloads	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\Music	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\servicing\Sessions\30977671_35414134.back.xml	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\NetworkService\Documents	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\NetworkService\Favorites	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceState\EventLog\Data\lastalive0.dat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceState\WinHttpAutoProxySvc\Data\cachev3.dat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemResources\Windows.UI.SettingsAppThreshold	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\security\EDP\Logs	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\Links	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\NetworkService\Music	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Web\Wallpaper\Windows	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Downloaded Program Files	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Media	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Installer	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\servicing\Sessions\Sessions.xml	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemResources\Windows.UI.Search	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\WindowsShell.Manifest	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ImmersiveControlPanel	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\schemas\CodeIntegrity	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\Videos	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Logs\NetSetup\service.0.etl	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\Saved Games	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\Pictures	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\pris	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\pris	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Globalization\ICU\icudtl.dat	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Logs\MeasuredBoot	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Logs\waasmedic\waasmedic.20220812_193333_703.etl	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\ServiceProfiles\LocalService\Downloads	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Prefetch	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\servicing\Sessions\30977670_2397349559.xml	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\servicing\Sessions\30977671_35414134.xml	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\microsoft.system.package.metadata	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Logs\CBS\CBS.log	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
File opened for modification	C:\WINDOWS\Logs\waasmedic\waasmedic.20220812_194033_082.etl	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
2228	73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe

C:\Users\Admin\AppData\Local\Temp\73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe
"C:\Users\Admin\AppData\Local\Temp\73fb4ba2a54cdb08f5e6f88fddc283ae1c71878bcec85cb52be05f6fd3bfd574.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:2228

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads