Analysis Overview
SHA256
eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7
Threat Level: Known bad
The file eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7 was found to be: Known bad.
Malicious Activity Summary
Wannacry
Drops file in System32 directory
Drops file in Windows directory
Program crash
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-10-11 03:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-11 03:57
Reported
2022-10-11 04:00
Platform
win7-20220812-en
Max time kernel
151s
Max time network
161s
Command Line
Signatures
Wannacry
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ADKEUKXD.txt | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0RAHLROR.txt | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ADKEUKXD.txt | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0RAHLROR.txt | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\59084HUA.txt | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\59084HUA.txt | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\WINDOWS\tasksche.exe | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
Program crash
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000004000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe
"C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe"
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe -m security
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 756
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe -m security
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 752
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe -m security
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 752
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | udp |
| AU | 103.224.212.220:80 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| US | 8.8.8.8:53 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | udp |
| US | 76.223.26.96:80 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| AU | 103.224.212.220:80 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| US | 76.223.26.96:80 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| AU | 103.224.212.220:80 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| US | 8.8.8.8:53 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | udp |
| US | 76.223.26.96:80 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| AU | 103.224.212.220:80 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| US | 8.8.8.8:53 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | udp |
| US | 76.223.26.96:80 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
Files
memory/1308-54-0x0000000075661000-0x0000000075663000-memory.dmp
memory/1028-56-0x0000000000000000-mapping.dmp
memory/1220-58-0x0000000000000000-mapping.dmp
memory/700-60-0x0000000000000000-mapping.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-11 03:57
Reported
2022-10-11 04:00
Platform
win10v2004-20220901-en
Max time kernel
145s
Max time network
163s
Command Line
Signatures
Wannacry
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\WINDOWS\tasksche.exe | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
Program crash
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History | C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe
"C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe"
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe -m security
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4664 -ip 4664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1088
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe -m security
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3104 -ip 3104
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 1088
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe
C:\Users\Admin\AppData\Local\Temp\eafa317c34a868cb700a943c6abc04025bc8e5589afab1ab457372c51eb971d7.exe -m security
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3316 -ip 3316
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 1104
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | udp |
| AU | 103.224.212.220:80 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| US | 8.8.8.8:53 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | udp |
| US | 13.248.148.254:80 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| AU | 103.224.212.220:80 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| US | 13.248.148.254:80 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| US | 52.109.13.64:443 | tcp | |
| US | 20.42.73.24:443 | tcp | |
| FR | 2.18.109.224:443 | tcp | |
| NL | 87.248.202.1:80 | tcp | |
| NL | 88.221.25.155:80 | tcp | |
| US | 8.8.8.8:53 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | udp |
| AU | 103.224.212.220:80 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| US | 8.8.8.8:53 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | udp |
| US | 76.223.26.96:80 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| AU | 103.224.212.220:80 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |
| US | 8.8.8.8:53 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | udp |
| US | 13.248.148.254:80 | ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com | tcp |