074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f

Analysis

max time kernel
159s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
Size

293KB
MD5

a3a8f091ea5d99b1035bae77d95f3330
SHA1

acabc7be68e2133d8d1b0a6ae13598b8452f3075
SHA256

074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f
SHA512

4be428e9a7938c60c9cc03b7d81d3791174f4e2dbe9d1047d37be6cb1943de721a2a3d59b0e8f63a73b4c0b8d39ddde576807c3c9e6bb06bc8034f64e4527a6e
SSDEEP

3072:h3BTstA+R1dqPlxK5QN/pJXpjK92i4lEoL8HafOafafpmo4MHceEQIE+pYZuwoPn:haA+YfESSKRzSBgbzj

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\cmdkey.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\fontview.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\runas.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\ftp.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\migwiz\MigSetup.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\msiexec.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\chkdsk.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\wbem\WinMgmt.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\certreq.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\gpscript.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\msra.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\regsvr32.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\wininit.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\mshta.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\WerFault.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\wermgr.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\comp.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\explorer.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\pcaui.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\SearchProtocolHost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\bitsadmin.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\replace.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\setupugc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\credwiz.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\logman.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\ntkrnlpa.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\winrshost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\icacls.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\IME\IMESC5\IMSCPROP.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\typeperf.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\RpcPing.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\svchost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\w32tm.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\label.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\net.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\sdchange.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\autofmt.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\charmap.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\compact.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\wbem\WMIC.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\winver.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\bthudtask.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\printui.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\dfrgui.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\NAPSTAT.EXE	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\ReAgentc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\where.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\wimserv.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrm.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_ef38a8d0d05cc2c7\IMJPDADM.EXE	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-anytime-upgradeui_31bf3856ad364e35_6.1.7600.16385_none_4aadf3be188c056d\WindowsAnytimeUpgradeui.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.2.9600.16428_none_3bb1024f1e6bc086\mshta.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a\notepad.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_40d0db63344deff9\SystemPropertiesHardware.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_6.1.7600.16385_none_2b2984d40648fbe7\Locator.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-synchost_31bf3856ad364e35_6.1.7600.16385_none_cfcaa9124aa42f85\SyncHost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-tzutil_31bf3856ad364e35_6.1.7601.17514_none_9cbe849a4e275c84\tzutil.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696\WSManHTTPConfig.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.17514_none_097346be305f3966\fixmapi.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7600.16385_none_23376bf5921e7b63\auditpol.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.1.7600.16385_none_47357ddedbb9dec6\logagent.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\resmon.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.1.7601.17514_none_ebb1ce7438031941\MuiUnattend.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-runas_31bf3856ad364e35_6.1.7600.16385_none_bbdd3aeb771e694e\runas.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\ehome\MediaCenterWebLauncher.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae\DFDWiz.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_e99b83c8fd064a06\InetMgr6.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wlan-extension_31bf3856ad364e35_6.1.7600.16385_none_f9b9855184ad1e6d\wlanext.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4\MultiDigiMon.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7601.17514_none_6f4ef219dd693ca6\WPDShextAutoplay.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\appcmd.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\appcmd.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_e97e2f6c50a1c3c0\mtstocom.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ervicing-management_31bf3856ad364e35_6.1.7600.16385_none_5e7ff93b6f0000b7\Dism.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\BrmfRsmg.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4\mfpmp.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbtugc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_6.1.7600.16385_none_1426830c3ebb712d\telnet.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\mofcomp.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_divacx64.inf_31bf3856ad364e35_6.1.7600.16385_none_cf37cc4c5bc25dc7\xlog.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\Dxpserver.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_047062a1736af5b9\consent.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\nfsadmin.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\relog.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\logoff.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22091_none_d0d0722c3bb0dc09\instnm.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_6.1.7600.16385_none_09320e5ae212b9d9\powercfg.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-devicepairingapp_31bf3856ad364e35_6.1.7600.16385_none_cb9353551bbd8ed8\DevicePairingWizard.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_371e8c461d966a55\extrac32.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.17514_none_7addf2001d014646\dpnsvr.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\TabTip.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_wpf-xamlviewer_31bf3856ad364e35_6.1.7601.17514_none_b43451f0938c6cd0\XamlViewer_v0300.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_5ec90957e1a8fe95\shutdown.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\ehome\mcGlidHost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14\Solitaire.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.2.9600.16428_none_46d2efef53c02386\wextract.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\print.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_6.1.7600.16385_none_b444164f1eecd3f2\cacls.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.1.7600.16385_none_0c9cb55c61e99805\dcomcnfg.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_8ea990b7bfab3802\icacls.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe

C:\Users\Admin\AppData\Local\Temp\074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
"C:\Users\Admin\AppData\Local\Temp\074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1260

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads