beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba

Analysis

max time kernel
190s
max time network
243s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
Size

8KB
MD5

488aa9dec48741ab565dd7bbc1fac780
SHA1

01278d361fde94cf08555bc874ee68c619a8608f
SHA256

beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba
SHA512

d8f94f9e956913bbad6dc74e58446e5a528c9d7723b29fc8261f2cb34dc4448255eae67a34366f185b401b5122d0683fb72146ab8021a010c0547f42b1b09c0e
SSDEEP

48:OEPLut1cj50HfvmC5rG12HuYVMNkAkvCAMud9+PGIAByhBefV+MfHH:nPatqmHdKAHR0dkaKkpAcBSAMfn

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Windows\SysWOW64\mshta.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\PkgMgr.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\fltMC.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\fsutil.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\makecab.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\stordiag.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\dvdplay.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\gpresult.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\gpscript.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\RMActivate_ssp_isv.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\winver.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\chkdsk.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\LaunchTM.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\runonce.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\SystemPropertiesProtection.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\tcmsetup.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\cleanmgr.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\dfrgui.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\gpupdate.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\poqexec.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\WerFault.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\wiaacmgr.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\icsunattend.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\InputSwitchToastHandler.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\mfpmp.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\OposHost.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\PATHPING.EXE	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\netiougc.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\PING.EXE	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\SearchIndexer.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\shutdown.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\sxstrace.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\bitsadmin.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\expand.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\fontview.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\hh.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\InfDefaultInstall.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\mavinject.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\pcaui.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\wermgr.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\appidtel.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\auditpol.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\BackgroundTransferHost.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\cacls.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\find.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\proquota.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\SystemPropertiesComputerName.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\wscadminui.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\bthudtask.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\calc.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\esentutl.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\GamePanel.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\mcbuilder.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\ftp.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\logman.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\SndVol.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\takeown.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\tracerpt.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\upnpcont.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\regedit.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\cttune.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\colorcpl.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\forfiles.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	\??\c:\Windows\SysWOW64\net1.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.153_none_4b81b20e830f375b\conhost.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.153_none_c283d2cf01b0b7d8\EoAExperiences.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\AppVShNotify.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..perience-ait-static_31bf3856ad364e35_10.0.19041.1_none_e6d5a48c4da284da\aitstatic.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.19041.173_none_2dc175215ae8ec39\winload.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.264_none_62496caeba2daa52\nvspinfo.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecore-e..taprotectioncleanup_31bf3856ad364e35_10.0.19041.1_none_8ba2233855fede6e\EDPCleanup.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_23a707c9a0b5a8e1\LaunchTM.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\UevTemplateBaselineGenerator.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.264_none_3f30ef10158954bf\ApplyTrustOffline.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.19041.1266_none_c4b179e0b12fe4b9\winload.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2358a116979cc599\FlashUtil_ActiveX.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_hyperv-compute-host-service_31bf3856ad364e35_10.0.19041.264_none_d58a0ca50a94510c\vmcompute.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-client-li..ing-platform-client_31bf3856ad364e35_10.0.19041.1_none_bf56a5e7532d9c79\licensingdiag.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1266_none_aa0661cc14f9fe9a\vmwp.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5500d10e49b43346\ByteCodeGenerator.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.1_none_0d3d1dcf5184d281\appidcertstorecheck.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\ApplySettingsTemplateCatalog.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-assignedaccess-guard_31bf3856ad364e35_10.0.19041.844_none_10a0a60f1ec9cc10\AssignedAccessGuard.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_hyperv-compute-guestcomputeservice_31bf3856ad364e35_10.0.19041.264_none_6b6699b671c8f5a8\VmComputeAgent.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_b817dbd29134ec4d\GameBarPresenceWriter.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecore-u..iedwritefilter-mgmt_31bf3856ad364e35_10.0.19041.1266_none_41843efc8f66bc7c\uwfmgr.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-analog-facefodhandler_31bf3856ad364e35_10.0.19041.1_none_604b329da953cf68\FaceFodUninstaller.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-hns-diagnosticstool_31bf3856ad364e35_10.0.19041.423_none_841c30f68571c385\hnsdiag.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\hvax64.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.264_none_1477a882bdce0df2\vmms.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..screencontentserver_31bf3856ad364e35_10.0.19041.1_none_bd38794249e3d110\LockScreenContentServer.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_5aba1063745f6e01\autofmt.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecore-c..periencehost-broker_31bf3856ad364e35_10.0.19041.746_none_1ce3c0f12fb5f8ec\CloudExperienceHostBroker.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-uevservice_31bf3856ad364e35_10.0.19041.1288_none_f26bd0dcdf662cc9\AgentService.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_hyperv-vmsp_31bf3856ad364e35_10.0.19041.1_none_39d506065bd87607\vmsp.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-client-li..pgrade-subscription_31bf3856ad364e35_10.0.19041.1_none_07600fc1c7993163\ClipRenew.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1288_none_f92f7256107c0e35\nvspinfo.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecore-d..ectxdatabaseupdater_31bf3856ad364e35_10.0.19041.928_none_138fb436497565f4\directxdatabaseupdater.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.19041.1_none_0e40322ba49953c6\cacls.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_hyperv-compute-host-service_31bf3856ad364e35_10.0.19041.1288_none_6c70124c60e2b4ef\vmcompute.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.19041.1023_none_5c93ef2449c89609\securekernel.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.746_none_b8eadbf8a9c907b3\psr.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_27f9f931a79d1cbe\mavinject.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-b..ment-bootsectortool_31bf3856ad364e35_10.0.19041.1_none_c27f721834e813f5\bootsect.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_4.0.15805.0_none_c6dc1994db088235\CasPol.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_76e6fb38a70dbd6d\GameBarPresenceWriter.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecore-tetheringservice_31bf3856ad364e35_10.0.19041.1_none_43a1294286598aee\IcsEntitlementHost.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_b321f2c2ab7710a2\sdbinst.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\AppVStreamingUX.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.19041.1_none_992adeb39ce930a0\PackagedCWALauncher.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..screencontentserver_31bf3856ad364e35_10.0.19041.746_none_e540b68b09558f5a\LockScreenContentServer.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1_none_b29cb2f3845833b7\UevTemplateBaselineGenerator.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.1_none_26e3edd6087852fc\backgroundTaskHost.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\explorer.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\winhlp32.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_e190f18a08ed1a44\FlashUtil_ActiveX.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_aadf84cda75da02d\aspnet_regsql.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_hyperv-commandline-tool_31bf3856ad364e35_10.0.19041.928_none_0b17415ae0dd0379\hvc.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\CExecSvc.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_installutil_b03f5f7f11d50a3a_10.0.19041.1_none_f4b2fffd9da4c90a\InstallUtil.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.84_none_8ea6a37043f4ae90\ClipUp.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-hns-diagnosticstool_31bf3856ad364e35_10.0.19041.1_none_5c015a65c60d8097\hnsdiag.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecore-pnp-drvinst_31bf3856ad364e35_10.0.19041.1_none_0b4eeb140948562c\drvinst.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1_none_e4c1e71455c2721c\appidtel.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_56b9c0cf76f27918\autochk.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_4.0.15805.0_none_faee98a3c711fae7\AddInProcess32.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.1_none_bafc9f61651f37d2\SystemUWPLauncher.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.1288_none_d616f4b76bd7b8a2\ApplyTrustOffline.exe	beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe

C:\Users\Admin\AppData\Local\Temp\beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe
"C:\Users\Admin\AppData\Local\Temp\beb59077d3a79684a6c787b1495f9c273d8c52b2952f9d298e560e7ba62127ba.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2456

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads