23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6

Analysis

max time kernel
180s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
Size

1.0MB
MD5

6f0626b7f29227cacd2b92d4f5e31e90
SHA1

b5b10b50811739f53e536b073bc54a9f68414bf2
SHA256

23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6
SHA512

dbd954605fc5db613fe43509fa0bfea4296f74e3bbc18ebadbb5308d46027224b67cd06072a2b2274a8f8047ee297a771215f2282ff90cf3e62c3933afe03090
SSDEEP

12288:1wyrnyro59PUTtg2J6fg6RzSJFjpB7wpNtZmDbi7ce9WXGkfECOG8qi0Frau43O:1wEnEYPUTi2JRNcpNtaxXyiauQO

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4772-132-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/4772-133-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\eventcreate.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\help.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\svchost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\tttracer.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\cipher.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\Dism.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\SearchIndexer.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\UserAccountBroker.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\winrshost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\verclsid.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\WSManHTTPConfig.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\calc.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\findstr.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\ttdinject.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\tracerpt.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\choice.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\gpscript.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\NETSTAT.EXE	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\RmClient.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\rundll32.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\wecutil.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\logagent.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\openfiles.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\verifiergui.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\wbem\WMIC.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\whoami.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\CredentialUIBroker.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\dccw.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\relog.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\sort.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\cmdl32.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\dllhost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\icacls.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\sethc.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\dtdump.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\ipconfig.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\mobsync.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\RdpSa.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\xcopy.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\setup16.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\taskkill.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\autochk.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\rasphone.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\TpmTool.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\unregmp2.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\OposHost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\recover.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\AtBroker.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\CheckNetIsolation.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\cmstp.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\cttune.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\schtasks.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SysWOW64\Taskmgr.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_4eec2752c7ea16f8\f\backgroundTaskHost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-s..chservice-component_31bf3856ad364e35_10.0.19041.1266_none_2262e67641106c48\SpeechRuntime.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\LaunchTM.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-alg_31bf3856ad364e35_10.0.19041.746_none_86e29cecb9edce01\alg.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_hyperv-commandline-tool_31bf3856ad364e35_10.0.19041.928_none_0b17415ae0dd0379\hvc.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\ScriptRunner.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\r\AppVStreamingUX.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\UevTemplateBaselineGenerator.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.423_none_15f557c171018574\f\CHXSmartScreen.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Microsoft.AsyncTextService.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_comsvcconfig_b03f5f7f11d50a3a_4.0.15805.0_none_468e01fabfc37212\ComSvcConfig.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_installutil_b03f5f7f11d50a3a_10.0.19041.1_none_f4b2fffd9da4c90a\InstallUtil.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\r\AppVNice.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-assignedaccess-guard_31bf3856ad364e35_10.0.19041.844_none_10a0a60f1ec9cc10\AssignedAccessGuard.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-tetheringservice_31bf3856ad364e35_10.0.19041.746_none_6ba9668b45cb4938\IcsEntitlementHost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.19041.1_none_0e40322ba49953c6\cacls.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1_none_b29cb2f3845833b7\UevTemplateConfigItemGenerator.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\FileExplorer.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.746_none_a8b46aaa6c07ca3d\r\CredentialUIBroker.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvsystem_31bf3856ad364e35_10.0.19041.84_none_40bd4149a6d52edb\AppVClient.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\f\hvax64.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.264_none_13222f28beaa00a7\f\vmwp.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-u..iedwritefilter-mgmt_31bf3856ad364e35_10.0.19041.1_none_82af78fa7992ecce\uwfmgr.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..perience-ait-static_31bf3856ad364e35_10.0.19041.1_none_e6d5a48c4da284da\aitstatic.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_7c197eeaa6d7861f\SndVol.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\XGpuEjectDialog.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-guestcomputeservice_31bf3856ad364e35_10.0.19041.1202_none_024525bdc81df50d\VmComputeAgent.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hns-diagnosticstool_31bf3856ad364e35_10.0.19041.423_none_841c30f68571c385\f\hnsdiag.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\r\hvax64.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.746_none_4b0a936d86cdd479\f\oobeldr.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.1288_none_e25de9f9d964cdad\f\conhost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1_none_b29cb2f3845833b7\ApplySettingsTemplateCatalog.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\n\CExecSvc.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.264_none_0e32f443c4669fed\r\hvax64.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\hvix64.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.746_none_c291aefd01a5d6d6\f\EoAExperiences.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\FilePicker.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.1_none_0d3d1dcf5184d281\appidcertstorecheck.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\f\AccountsControlHost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regsql_b03f5f7f11d50a3a_10.0.19041.1_none_c9157ddc38b83b1b\aspnet_regsql.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\f\AppVStreamingUX.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..screencontentserver_31bf3856ad364e35_10.0.19041.746_none_e540b68b09558f5a\f\LockScreenContentServer.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.1288_none_d616f4b76bd7b8a2\f\CustomInstallExec.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_ceb3891c2721fc43\chkntfs.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-guestcomputeservice_31bf3856ad364e35_10.0.19041.264_none_6b6699b671c8f5a8\f\VmComputeAgent.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\ScriptRunner.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.746_none_4b0a936d86cdd479\f\windeploy.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.153_none_c283d2cf01b0b7d8\r\EoAExperiences.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.1_none_90e29eafea574969\psr.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-analog-facefodhandler_31bf3856ad364e35_10.0.19041.1266_none_1f1ff89fbf279f16\f\FaceFodUninstaller.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\bfsvc.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.84_none_8ea6a37043f4ae90\ClipUp.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.1288_none_e25de9f9d964cdad\conhost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.19041.1202_none_ddf8c4144200f5b4\f\winresume.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.746_none_b8eadbf8a9c907b3\f\psr.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.264_none_3f30ef10158954bf\CustomInstallExec.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_addinutil_b77a5c561934e089_4.0.15805.0_none_fcd173bc1b434b81\AddInUtil.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\AccountsControlHost.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..rarydialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_abd26b7610cb738e\AddSuggestedFoldersToLibraryDialog.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..screencontentserver_31bf3856ad364e35_10.0.19041.1_none_bd38794249e3d110\LockScreenContentServer.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..ing-platform-client_31bf3856ad364e35_10.0.19041.1266_none_7e2b6be969016c27\r\licensingdiag.exe	23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe

C:\Users\Admin\AppData\Local\Temp\23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe
"C:\Users\Admin\AppData\Local\Temp\23193ce542040c3d7ef64d6aacc951641439755d82a30618126be4a4f8a63dd6.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4772-132-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4772-133-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads