51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
Size

143KB
MD5

5abe42fa9789442c750734da6df6e1fa
SHA1

207a77ac380486aae173786ccfbe03e48eec0275
SHA256

51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55
SHA512

8e3e2b867dfa995de2c23a68d6f83ae6da065243952e59aefe3b156587909d7f9d8eb170f01caefc822e9d3a8f6783a97de881fe053d33535d7991c36138d1c1
SSDEEP

3072:AjWvFXPGQe5sX6deh6LVZypKXBK1HAP2u9f2T:AjmlGtsDqypKs1HAPnUT

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3076-132-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/3076-133-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/3076-134-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\sort.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\bootcfg.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\choice.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\cmdl32.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\findstr.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\lodctr.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\msiexec.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\RMActivate.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\Dism.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\dtdump.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\efsui.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPUEX.EXE	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\taskkill.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\replace.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\backgroundTaskHost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\ddodiag.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\DevicePairingWizard.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\winrshost.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\cscript.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\icsunattend.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\waitfor.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\mcbuilder.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\net.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\TapiUnattend.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\unlodctr.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\cacls.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\diskpart.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\xwizard.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\bthudtask.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\svchost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\setup16.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\convert.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\ddodiag.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\perfhost.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\psr.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\SettingSyncHost.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\shutdown.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\forfiles.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\GameBarPresenceWriter.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\getmac.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\resmon.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\regedit.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\extrac32.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\Utilman.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\PackagedCWALauncher.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\tasklist.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\winver.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\AtBroker.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\bitsadmin.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\CheckNetIsolation.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\icacls.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SysWOW64\takeown.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\bin\stopNetworkServer.bat	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer.bat-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\orbd.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\servertool.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\keytool.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\ktab.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.167.21\MicrosoftEdgeUpdateSetup_X86_1.3.167.21.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\7-Zip\Uninstall.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\java-rmi.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.71\GoogleUpdateSetup.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\7-Zip\7z.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\pack200.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\7-Zip\Uninstall.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.167.21\MicrosoftEdgeComRegisterShellARM64.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deployment_31bf3856ad364e35_10.0.19041.1_none_b1e0044e8cab889e\setupugc.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\SecureAssessmentBrowser.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.19041.153_none_4e0da8ffdd43ed0d\NetCfgNotifyObjectHost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.19041.1_none_f6e35a697a06e63e\desktopimgdownldr.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.19041.207_none_c5e1b9def3522696\f\securekernel.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-u..iedwritefilter-mgmt_31bf3856ad364e35_10.0.19041.1266_none_41843efc8f66bc7c\r\uwfmgr.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.19041.1237_none_a6ef3a2e62766c5c\f\Setup.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.746_none_8c45e6e8b672ffff\sxstrace.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.746_none_a8b46aaa6c07ca3d\CredentialUIBroker.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\f\ScriptRunner.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.844_none_de5d9fe254d9f8c4\r\BioEnrollmentHost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.19041.1266_none_d375b5361b806b32\f\WpcTok.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdge.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\r\MicrosoftEdge.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.19041.746_none_790f12933fbf7e0d\immersivetpmvscmgrsvr.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ddodiag_31bf3856ad364e35_10.0.19041.1_none_f69c49e870acf520\ddodiag.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_e190f18a08ed1a44\FlashUtil_ActiveX.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.1288_none_d616f4b76bd7b8a2\f\CustomInstallExec.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.264_none_583d67d6d00b6b6a\r\WerFaultSecure.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_04959f34117554a3\odbcad32.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.19041.1_none_51b7888297a3c04e\LocationNotificationWindows.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.19041.1_none_ee822d264112a470\powershell_ise.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-snmp-trap-service_31bf3856ad364e35_10.0.19041.1_none_857c0c60dec56103\snmptrap.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_10.0.19041.746_none_cc5cbb9556301da3\r\WMPDMC.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\f\AppVNice.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_10.0.19041.746_none_c1db40c45e8f2d9e\r\wbengine.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.19041.1110_none_ac2441dbb712f006\msra.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.19041.1_none_5d7644a9644fd29d\ctfmon.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..client-decoder-host_31bf3856ad364e35_10.0.19041.207_none_00b5dbdfab19326f\UtcDecoderHost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\ByteCodeGenerator.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-containers-ccg_31bf3856ad364e35_10.0.19041.844_none_3a7392af5414371e\f\CCG.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.19041.746_none_6c7de5b30e8f6071\f\BackgroundTransferHost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..tnet-mua-hostserver_31bf3856ad364e35_10.0.19041.746_none_aee92417063babbe\r\WinRTNetMUAHostServer.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1_none_65637d0d99e451f6\DeviceCensus.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.19041.1_none_0d5748d7e02a5474\bitsadmin.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sctasks_31bf3856ad364e35_10.0.19041.906_none_72b8b02e4865ebca\f\schtasks.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.19041.746_none_4b0e3418084b5511\r\EaseOfAccessDialog.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..eldebugger-recorder_31bf3856ad364e35_10.0.19041.1_none_24a9c1e1e1b0f793\ttdinject.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\r\HvsiSettingsWorker.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-settingsynchost_31bf3856ad364e35_10.0.19041.1_none_35d43a0ec2872060\SettingSyncHost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-web-app-host_31bf3856ad364e35_10.0.19041.789_none_1060d2d22df7c6eb\WWAHost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-utilman_31bf3856ad364e35_10.0.19041.746_none_eaf7a50dc46d5592\Utilman.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\SyncAppvPublishingServer.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1237_none_7578510aa0f564fa\r\vfpctrl.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_10.0.19041.746_none_045e85893c117e35\wksprt.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..te-orchestratorcore_31bf3856ad364e35_10.0.19041.1266_none_fb98272b39a47240\r\MoUsoCoreWorker.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-cloudnotifications_31bf3856ad364e35_10.0.19041.746_none_7a559100246cff2b\f\CloudNotifications.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.19041.264_none_5b8f61a9b1063622\SpeechModelDownload.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_multipoint-wmsselfhealingsvc_31bf3856ad364e35_10.0.19041.746_none_59e1ce71631fef8f\f\WmsSelfHealingSvc.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.746_none_4c95cf26b3aa5907\r\CredentialUIBroker.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_73cc8b3e43ba1056\aspnet_compiler.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..tegrity-diagnostics_31bf3856ad364e35_10.0.19041.1_none_224ac1aa56b7c6c2\CIDiag.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.19041.1110_none_fb1129caa00e000f\f\msinfo32.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_10.0.19041.1_none_f92e72a6a03c2c5a\prevhost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.19041.1165_none_a82485b8f343811f\f\WaaSMedicAgent.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_10.0.19041.1151_none_4e193eb76ed5f8cb\wiaacmgr.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_4.0.15805.0_none_8ce1f3b4679d3a76\RegSvcs.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
File created	C:\Windows\WinSxS\wow64_windowssearchengine_31bf3856ad364e35_7.0.19041.264_none_9627a04e40f9f001\r\SearchProtocolHost.exe-	51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe

C:\Users\Admin\AppData\Local\Temp\51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe
"C:\Users\Admin\AppData\Local\Temp\51ef6afe338ae414588d3185cccda45659fa9730229b4904c53b40e1b1e0db55.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:3076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3076-132-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3076-133-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3076-134-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download