f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

Analysis

max time kernel
113s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
Size

6.1MB
MD5

b715f182234faee376a807e72e503b35
SHA1

018ec314b35a5442f500d2a5002a7f49a121d419
SHA256

f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374
SHA512

607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937
SSDEEP

196608:fyyEfKUknVZ3kegDpl6gv/eKnD/GGvb8cD96CpmMRZHoK:fyyEfKNZ3kegr6gvVnD/GWocB62VPD

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 14 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0006000000022f76-135.dat	aspack_v212_v242
behavioral2/files/0x0006000000022f76-136.dat	aspack_v212_v242
behavioral2/files/0x0006000000022f7f-143.dat	aspack_v212_v242
behavioral2/files/0x0006000000022f7f-144.dat	aspack_v212_v242
behavioral2/files/0x0006000000022f81-150.dat	aspack_v212_v242
behavioral2/files/0x0006000000022f81-151.dat	aspack_v212_v242
behavioral2/files/0x000200000001e2b0-159.dat	aspack_v212_v242
behavioral2/files/0x000200000001e2b0-160.dat	aspack_v212_v242
behavioral2/files/0x000200000001e698-168.dat	aspack_v212_v242
behavioral2/files/0x000200000001e698-169.dat	aspack_v212_v242
behavioral2/files/0x0003000000000725-176.dat	aspack_v212_v242
behavioral2/files/0x0003000000000725-177.dat	aspack_v212_v242
behavioral2/files/0x0004000000000727-185.dat	aspack_v212_v242
behavioral2/files/0x0004000000000727-184.dat	aspack_v212_v242

Executes dropped EXE 7 IoCs

pid	Process
1148	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
5040	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
2252	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
904	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
2700	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
2816	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
1968	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000000.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\U:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
File opened (read-only)	\??\P:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
File opened (read-only)	\??\W:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
File opened (read-only)	\??\X:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
File opened (read-only)	\??\I:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\Q:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\T:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
File opened (read-only)	\??\H:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\R:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\Z:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\Q:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\T:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\X:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\J:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
File opened (read-only)	\??\K:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\V:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\G:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
File opened (read-only)	\??\A:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\N:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\I:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\R:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\A:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\F:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\Z:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
File opened (read-only)	\??\Y:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\E:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\E:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\M:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\U:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\K:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\Z:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\G:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\M:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
File opened (read-only)	\??\N:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
File opened (read-only)	\??\F:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
File opened (read-only)	\??\N:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\L:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\T:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\U:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\H:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
File opened (read-only)	\??\L:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
File opened (read-only)	\??\Q:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
File opened (read-only)	\??\B:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\M:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
File opened (read-only)	\??\V:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
File opened (read-only)	\??\Q:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\R:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\T:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\Q:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\X:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
File opened (read-only)	\??\Q:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
File opened (read-only)	\??\B:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
File opened (read-only)	\??\O:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\H:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\A:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\W:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\G:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\S:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
File opened (read-only)	\??\F:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
File opened (read-only)	\??\W:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
File opened (read-only)	\??\L:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
File opened (read-only)	\??\Y:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
File opened (read-only)	\??\S:	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2296	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
2296	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
1148	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
1148	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
5040	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
5040	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
2252	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
2252	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
904	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
904	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
2700	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
2700	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
2816	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
2816	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
1968	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000000.exe
1968	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000000.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 4276	2296	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe	86
PID 2296 wrote to memory of 4276	2296	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe	86
PID 2296 wrote to memory of 4276	2296	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe	86
PID 4276 wrote to memory of 1148	4276	cmd.exe	88
PID 4276 wrote to memory of 1148	4276	cmd.exe	88
PID 4276 wrote to memory of 1148	4276	cmd.exe	88
PID 1148 wrote to memory of 724	1148	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe	93
PID 1148 wrote to memory of 724	1148	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe	93
PID 1148 wrote to memory of 724	1148	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe	93
PID 724 wrote to memory of 5040	724	cmd.exe	95
PID 724 wrote to memory of 5040	724	cmd.exe	95
PID 724 wrote to memory of 5040	724	cmd.exe	95
PID 5040 wrote to memory of 4512	5040	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe	97
PID 5040 wrote to memory of 4512	5040	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe	97
PID 5040 wrote to memory of 4512	5040	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe	97
PID 4512 wrote to memory of 2252	4512	cmd.exe	99
PID 4512 wrote to memory of 2252	4512	cmd.exe	99
PID 4512 wrote to memory of 2252	4512	cmd.exe	99
PID 2252 wrote to memory of 1048	2252	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe	101
PID 2252 wrote to memory of 1048	2252	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe	101
PID 2252 wrote to memory of 1048	2252	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe	101
PID 1048 wrote to memory of 904	1048	cmd.exe	103
PID 1048 wrote to memory of 904	1048	cmd.exe	103
PID 1048 wrote to memory of 904	1048	cmd.exe	103
PID 904 wrote to memory of 4368	904	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe	105
PID 904 wrote to memory of 4368	904	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe	105
PID 904 wrote to memory of 4368	904	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe	105
PID 4368 wrote to memory of 2700	4368	cmd.exe	107
PID 4368 wrote to memory of 2700	4368	cmd.exe	107
PID 4368 wrote to memory of 2700	4368	cmd.exe	107
PID 2700 wrote to memory of 2788	2700	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe	109
PID 2700 wrote to memory of 2788	2700	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe	109
PID 2700 wrote to memory of 2788	2700	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe	109
PID 2788 wrote to memory of 2816	2788	cmd.exe	111
PID 2788 wrote to memory of 2816	2788	cmd.exe	111
PID 2788 wrote to memory of 2816	2788	cmd.exe	111
PID 2816 wrote to memory of 4620	2816	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe	113
PID 2816 wrote to memory of 4620	2816	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe	113
PID 2816 wrote to memory of 4620	2816	f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe	113
PID 4620 wrote to memory of 1968	4620	cmd.exe	115
PID 4620 wrote to memory of 1968	4620	cmd.exe	115
PID 4620 wrote to memory of 1968	4620	cmd.exe	115

C:\Users\Admin\AppData\Local\Temp\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
"C:\Users\Admin\AppData\Local\Temp\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe"
1⤵
- Checks computer location settings
- Enumerates connected drives
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gameofmir.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4276
- - C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe
    "\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe"
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Enumerates connected drives
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1148
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
      4⤵
      Suspicious use of WriteProcessMemory
      PID:724
    - - C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe
        
        "\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe"
        5⤵
        Executes dropped EXE
        Checks computer location settings
        Enumerates connected drives
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5040
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4512
        
        C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe
        
        "\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe"
        7⤵
        Executes dropped EXE
        Checks computer location settings
        Enumerates connected drives
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:1048
        
        C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe
        
        "\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe"
        9⤵
        Executes dropped EXE
        Checks computer location settings
        Enumerates connected drives
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4368
        
        C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe
        
        "\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe"
        11⤵
        Executes dropped EXE
        Checks computer location settings
        Enumerates connected drives
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:2788
        
        C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe
        
        "\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe"
        13⤵
        Executes dropped EXE
        Checks computer location settings
        Enumerates connected drives
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:4620
        
        C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000000.exe
        
        "\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000000.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LoginTemp.ini

Filesize
30B

MD5
9b2456363290ba7d3b58b22d66ce6a18

SHA1
43f3a27739354d6a21dab842e5910205eb7ebe6b

SHA256
95b5335823c05e3acf512d08169bf4cc9925d70e96b72e83b472cb55b094e218

SHA512
3eceb636eb660bf20d558a396a0ac186902974e9737354577b301765407c98c94f800c62083f6e648bd576da8a84e414919a7a99144b409befea5bb86b48cbba

Download Submit
C:\LoginTemp.ini

Filesize
30B

MD5
9b2456363290ba7d3b58b22d66ce6a18

SHA1
43f3a27739354d6a21dab842e5910205eb7ebe6b

SHA256
95b5335823c05e3acf512d08169bf4cc9925d70e96b72e83b472cb55b094e218

SHA512
3eceb636eb660bf20d558a396a0ac186902974e9737354577b301765407c98c94f800c62083f6e648bd576da8a84e414919a7a99144b409befea5bb86b48cbba

Download Submit
C:\LoginTemp.ini

Filesize
30B

MD5
9b2456363290ba7d3b58b22d66ce6a18

SHA1
43f3a27739354d6a21dab842e5910205eb7ebe6b

SHA256
95b5335823c05e3acf512d08169bf4cc9925d70e96b72e83b472cb55b094e218

SHA512
3eceb636eb660bf20d558a396a0ac186902974e9737354577b301765407c98c94f800c62083f6e648bd576da8a84e414919a7a99144b409befea5bb86b48cbba

Download Submit
C:\LoginTemp.ini

Filesize
30B

MD5
072418f231e0bf022453501d596b6b89

SHA1
c8e473298746f00c4f88013768417388dc202edc

SHA256
02498df477a6df1e5fb0e320e05b5554350e53c48178ab4fdac8a8c19b3ccda0

SHA512
0547c2f3c9da08ad230cd4910d04a24908dcd030ebbe499a7158f2c2bff4420946b71f91371a2345468378c90dfad804626d814f6b8031172a0ae998fe8fd8c1

Download Submit
C:\LoginTemp.ini

Filesize
30B

MD5
9b2456363290ba7d3b58b22d66ce6a18

SHA1
43f3a27739354d6a21dab842e5910205eb7ebe6b

SHA256
95b5335823c05e3acf512d08169bf4cc9925d70e96b72e83b472cb55b094e218

SHA512
3eceb636eb660bf20d558a396a0ac186902974e9737354577b301765407c98c94f800c62083f6e648bd576da8a84e414919a7a99144b409befea5bb86b48cbba

Download Submit
C:\LoginTemp.ini

Filesize
30B

MD5
9b2456363290ba7d3b58b22d66ce6a18

SHA1
43f3a27739354d6a21dab842e5910205eb7ebe6b

SHA256
95b5335823c05e3acf512d08169bf4cc9925d70e96b72e83b472cb55b094e218

SHA512
3eceb636eb660bf20d558a396a0ac186902974e9737354577b301765407c98c94f800c62083f6e648bd576da8a84e414919a7a99144b409befea5bb86b48cbba

Download Submit
C:\LoginTemp.ini

Filesize
30B

MD5
072418f231e0bf022453501d596b6b89

SHA1
c8e473298746f00c4f88013768417388dc202edc

SHA256
02498df477a6df1e5fb0e320e05b5554350e53c48178ab4fdac8a8c19b3ccda0

SHA512
0547c2f3c9da08ad230cd4910d04a24908dcd030ebbe499a7158f2c2bff4420946b71f91371a2345468378c90dfad804626d814f6b8031172a0ae998fe8fd8c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameLogin_Debug.txt

Filesize
257B

MD5
f3274381d0b23ca57074b7a9a9144be2

SHA1
26055c271522f13d2719a075c2f86330e6cb2fed

SHA256
a0d6376f9bb7482914730e23a5938cd8ca7e0e4615cf7659b4502a3d8eb9b72f

SHA512
aeef6749ccf579262d7e74648ef24dd4962fb4e84ed8cffea45e215f9d8dcd1ecdcf1845065ac48d7f84ea7bda097fc90e755fc922c20f3fc603ff751bfdd6d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\gameofmir.bat

Filesize
338B

MD5
d88f5a42c3a3ce89ace944fdbd74eaf4

SHA1
4664e4fe44b1e7581679faf3a9dbecb750de86fe

SHA256
e722740a571e06364213ff55a7a5ec07ed683a578d18ec0117f49855948aa4e4

SHA512
2ef28e48118edd00713c8df5a170f04dc02c2ff1007da32c547002c6c3fa665cff7f2ae4c66649cb30aba38ded63a029aec292723bbc2f67909a215ab6909f0b

Download Submit
C:\\GameLogin_Debug.txt

Filesize
229B

MD5
4bf3a938c99705aed501a38eeb231379

SHA1
b61acf5d1cecb341671c914a0b46fc1921a301ea

SHA256
1f89bfb83835d2ae1fe7fa6b776f36d880388dfad59b72a4a68b87994d95bdf1

SHA512
11f5e269fcc808e1078e9db4943d46ae0616ddfe78edee684150554aa756eae21572c00e775644c807ece3a5fa2691302e50b204b990f455bb8b9bef50fc4a84

Download Submit
C:\\GameLogin_Debug.txt

Filesize
345B

MD5
46f0598379c54c3bf82018d8d864c975

SHA1
5f7c01373d5c94b6239c82d461084213cb38c098

SHA256
e6450963cf927d4da173d609055282308581b209072888e22ac67ffb223aef67

SHA512
f3569380a17aa1aca9b679d444c6a4283ea01a4dddb9b1294cfcfda0e07e182ff98a6b173974ac2fb17c85f328a6c8ff44b41622eb6f685b01b0604ef29d9eb6

Download Submit
C:\\GameLogin_Debug.txt

Filesize
462B

MD5
68fe8744f3f28e07305c677186315545

SHA1
ff9a0d96d5f80830160387023fb73695f196a50e

SHA256
558d53e9142af0ebfaaa69ae9c12eaf0d78131c954617ced376cac9d8a5dd07c

SHA512
45eb4a661771aaec602589b4a70784c7eb8f71d7fff7aea3d7ec100d36aaa3795ff9a2372be5d587cd55dadafc484f240b4f6e9c88ca921002d4ca02790e0663

Download Submit
C:\\GameLogin_Debug.txt

Filesize
580B

MD5
61e06effa15ada38812a456ef1350d44

SHA1
40f894638e6aba22e96ca42676e925f0c3e0f966

SHA256
93bf36d4e2de8bc9816fe0ee10b34de398dd13ddbd92f93a59ac1941e67c714d

SHA512
789e44b0eac95c8397c54ad75a8d4ad194a89588eab3ad36cb260733921bc26adc5dc17963a6658f44c378cadebe635c5512e2c8d449101982e0f7469801acd6

Download Submit
C:\\GameLogin_Debug.txt

Filesize
699B

MD5
19323f01812817a5fd5306f2766e40f2

SHA1
fe558b395ae1a4adeb169e77b0d647146bf0b22c

SHA256
45aa105e251dbf3c559595cc1b0d021922c3ae537bf1ad17294e11b76fa84325

SHA512
aa75d42202aaa71a870c2d8551174ea44d9354f62b89c7e83bab8e524982a775c678c4cede8734fbbeada8a5b206871d256e74bdcba75ae3b32b76f57f8991e7

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd73740000.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd737400000.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000000.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374000000.exe

Filesize
6.1MB

MD5
b715f182234faee376a807e72e503b35

SHA1
018ec314b35a5442f500d2a5002a7f49a121d419

SHA256
f3bbac9ad974c7fd329f93893c7a365831ce2e00f967fbf4eae7f702d0fd7374

SHA512
607ee501694658b80a72df698bc8808ad0694817bb8f8a803f85cf11673dd5ea851b94e214a74ca81c21bcd4fedc00fc75ef7c4907f93c7f512847d5503e8937

Download Submit
C:\gameofmir.bat

Filesize
283B

MD5
4ca530cb371a5e0a4e62a9e459c23342

SHA1
4f9d72527b21c655a90c56c3f8f45613654916fc

SHA256
841d787a55339d835fe90fcc221ac11473bc5b39c902b254aad1f60e9a9c3f62

SHA512
01a70037d4d5fa1c1951abc330ef8aa20d646d75927f7b82726f81f574d6397da300f068a5d8156ae9246722a03a5b219519ac9af8ea28a6665bc785645773ff

Download Submit
C:\gameofmir.bat

Filesize
289B

MD5
777ef772bef84460bcf5afc9d3f26b59

SHA1
008b6c4e6284d31a2b81bc0c2c4d6d1be77923fc

SHA256
b15693c26b2028db2027475546302030f1ad824a6a47018ed146544582bed173

SHA512
b512583a8791a6dba4f8593111b81c18ea7dc6bac0d6705dc53d9e3c5621051990babe67432aa2db5cf3e891badac1edcb9c874ad27ced1ea77960b271185698

Download Submit
C:\gameofmir.bat

Filesize
292B

MD5
3e89b8e80e1f2b50ca9435c721e76b14

SHA1
f90e43318835f45110cb2bd149b47ab0cd041f90

SHA256
892234dc2d3c000f106aa02c489bdd6290da86d039ac5e77a51261708d0f9cc7

SHA512
785a9931eeb66d197e7ba0a8828b37ad5fe4a5233b2edb3a2818bcaf6271a3d571efd8274aea6b93303e7ffcbf1f847b9e82c8bb51632d6b4835d366f3541ad4

Download Submit
C:\gameofmir.bat

Filesize
277B

MD5
623cb0c38abe5735a39752a4dcd54cda

SHA1
ccdae38f03ee894e5629bb0966d6d905292ceac3

SHA256
640863d5fd18ac00c2ce691f0f687469765e38d9d75e5c78f4dcf2ea1daddd72

SHA512
f3ea809d29721d4da2d151544a3659c50ce7a31104766b7cecafd22725b58fc8fd9ea6f529afbf3b1343eb704f2e29b27bd510d45fa84de81d131f057971f63f

Download Submit
C:\gameofmir.bat

Filesize
280B

MD5
f1fa82148caeedc07ed84c0e285b0113

SHA1
fb968dd281b576d0e91386796e9c787f2711c207

SHA256
d76cbd3126547615f3572fcf35d7c095ca2343365829b5b3da1229d3883faf03

SHA512
2452a56e5afe786f01b7b462cfef397f88ec30aa1e86973ae24238cd64e41fdfc22cd63899a85aa49e3873841d2bbb90517d0bc8b5130a4c9d220aecb2f72fea

Download Submit
C:\gameofmir.bat

Filesize
286B

MD5
e89ddaccce0030b6368df8c9e1387d11

SHA1
6768a043ef5ebac46a1a2860ec673a13cba305f8

SHA256
c7cd3a2a1dcb0fa6c714111cca07902ef4d525b6763aba648a79a85c8e9b8350

SHA512
2d473fc1199a815d926e91a30a3b3cd95f4d7c5c18f0088bd1b73f2de99f82f138dcac240e9d58f0560ddfd5a339815e782ed607ca1f822e3bbb022449a88822

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads