4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0

Analysis

max time kernel
152s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
Size

1.3MB
MD5

6bcb3899524409e25df2ab34d2b4fa80
SHA1

2c19192beff2cb105234bf7f5192867b566ce03e
SHA256

4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0
SHA512

bf8d616102887b18d6174b3c473397c7cfe2ac4a585f0eab8778c8d8203a1a6dc9ef24804db5be0667c6fabfb880447d577bd67d8a847e8bcc1a2323c5a9a2c5
SSDEEP

12288:1pXlQnDXSgzyUfKRzS1RzSzittmDbi7ce9WXOmDbi7ce9WXw:1pXlYJyUf9KzitGxX9xXw

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4848-132-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/4848-133-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\sfc.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\AtBroker.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\mstsc.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\RdpSa.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\runas.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\doskey.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\perfhost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\SyncHost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\tzutil.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\Utilman.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\wlanext.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\Fondue.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\replace.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\Robocopy.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\sdchange.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\autoconv.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\cmd.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\OposHost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\SndVol.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\Taskmgr.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\eventvwr.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\findstr.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\fsquirt.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\esentutl.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\odbcad32.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\SettingSyncHost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\setx.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\dvdplay.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\wbem\mofcomp.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\choice.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\cmstp.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\makecab.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\dpapimig.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\forfiles.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\instnm.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\logman.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\autochk.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\compact.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\CredentialUIBroker.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\cttune.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\ntprint.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\WinRTNetMUAHostServer.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\poqexec.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\tasklist.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\autofmt.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\taskkill.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\timeout.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\TpmInit.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SysWOW64\ttdinject.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.19041.207_none_c5e1b9def3522696\securekernel.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..rarydialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_abd26b7610cb738e\r\AddSuggestedFoldersToLibraryDialog.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-choice_31bf3856ad364e35_10.0.19041.1_none_7957f8902b2072a6\choice.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\ImeBroker.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..d-searchintegration_31bf3856ad364e35_10.0.19041.746_none_63b0fc68ee30f2cb\r\IMESEARCH.EXE	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.1052_none_0bde546bcaf8e34a\f\ClipUp.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.1_none_26e3edd6087852fc\backgroundTaskHost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-castserver_31bf3856ad364e35_10.0.19041.1_none_7d903181d06247f1\CastSrv.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.19041.1202_none_33e8c5dac6801a49\CompatTelRunner.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1288_none_f92f7256107c0e35\nvspinfo.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..extservice.appxmain_31bf3856ad364e35_10.0.19041.423_none_2cade1bc915dca0d\r\Microsoft.AsyncTextService.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_aspnet_compiler_b03f5f7f11d50a3a_10.0.19041.1_none_9202844cd514ab44\aspnet_compiler.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvsystem_31bf3856ad364e35_10.0.19041.1081_none_bdf809eb2dd695f9\r\AppVClient.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.84_none_ffbdc333a0778274\hvsimgr.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.19041.264_none_876d2c71ceefefbb\appcmd.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_10.0.19041.746_none_cabafbc5834ab93f\r\DisplaySwitch.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-s..chservice-component_31bf3856ad364e35_10.0.19041.1266_none_2262e67641106c48\SpeechRuntime.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.746_none_b8eadbf8a9c907b3\psr.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_10.0.19041.746_none_c1db40c45e8f2d9e\f\wbengine.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dataexchangehost_31bf3856ad364e35_10.0.19041.746_none_c77d8290c75caeee\f\DataExchangeHost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\r\hvsirdpclient.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..pgrade-subscription_31bf3856ad364e35_10.0.19041.1_none_07600fc1c7993163\ClipRenew.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_e304dcaa2490f61c\f\SystemUWPLauncher.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_10.0.19041.153_none_b4f0bd83cfc7701e\f\AxInstUI.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1_none_65637d0d99e451f6\DeviceCensus.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellApp.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\r\wdagtool.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.746_none_4b0a936d86cdd479\f\windeploy.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\Microsoft.Uev.CscUnpinTool.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1_none_97e4facd611ea96a\autochk.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..ment-bootsectortool_31bf3856ad364e35_10.0.19041.1_none_c27f721834e813f5\bootsect.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..anagement-dmomacpmo_31bf3856ad364e35_10.0.19041.1_none_856b4f50911c6560\DmOmaCpMo.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\UndockedDevKit.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_edda8130b19d4286\CHXSmartScreen.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_10.0.19041.1_none_77d767642c0e040b\chkdsk.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.19041.964_none_46ba1386f4ce2b0b\r\diskpart.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-u..iedwritefilter-mgmt_31bf3856ad364e35_10.0.19041.1_none_82af78fa7992ecce\uwfmgr.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_10.0.19041.1_none_cf441068ff6081fd\msdtc.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.264_none_223a5768a6257099\f\CustomShellHost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appresolverux.appxmain_31bf3856ad364e35_10.0.19041.423_none_df344b9fe5390f25\AppResolverUX.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.19041.1_none_3e1c0a49448926c6\bcdedit.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_10.0.19041.84_none_bf1eecf3f472e3ce\Defrag.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.19041.906_none_198d8d483aa30ed0\f\gpupdate.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_10.0.19041.1_none_82a36c559596820a\aspnet_regbrowsers.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..perience-ait-static_31bf3856ad364e35_10.0.19041.1_none_e6d5a48c4da284da\aitstatic.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_edmgen_b77a5c561934e089_4.0.15805.0_none_ae80a3049486a75f\EdmGen.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.546_none_70569b662ddb706c\f\CameraBarcodeScannerPreview.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.264_none_87b4b95ab967b582\r\fontdrvhost.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..periencehost-broker_31bf3856ad364e35_10.0.19041.1_none_f4db83a870443aa2\CloudExperienceHostBroker.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.19041.1_none_9ffa8bc52ecc9e29\comrepl.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devicesetupmanagerapi_31bf3856ad364e35_10.0.19041.746_none_55af03e86cb19d55\DsmUserTask.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_43128ab833fd583f\fsquirt.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\f\ImeBroker.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-d..ectxdatabaseupdater_31bf3856ad364e35_10.0.19041.928_none_138fb436497565f4\r\directxdatabaseupdater.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_a40a1f93665b43eb\f\SndVol.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.19041.572_none_42ec0e96ce977bdb\r\gpscript.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.19041.1_none_0f750b10a0559386\IMTCPROP.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.19041.1_none_825521fc8f4a22ac\fsutil.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.19041.1_none_51b7888297a3c04e\WindowsActionDialog.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\r\hvsimgr.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_aadf84cda75da02d\aspnet_regsql.exe	4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe

C:\Users\Admin\AppData\Local\Temp\4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe
"C:\Users\Admin\AppData\Local\Temp\4052094f905afd12560dfc1921cd96b2016e395f90f03e0680f311b8fa0d0ea0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4848-132-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4848-133-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads