074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f

Analysis

max time kernel
158s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
Size

293KB
MD5

a3a8f091ea5d99b1035bae77d95f3330
SHA1

acabc7be68e2133d8d1b0a6ae13598b8452f3075
SHA256

074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f
SHA512

4be428e9a7938c60c9cc03b7d81d3791174f4e2dbe9d1047d37be6cb1943de721a2a3d59b0e8f63a73b4c0b8d39ddde576807c3c9e6bb06bc8034f64e4527a6e
SSDEEP

3072:h3BTstA+R1dqPlxK5QN/pJXpjK92i4lEoL8HafOafafpmo4MHceEQIE+pYZuwoPn:haA+YfESSKRzSBgbzj

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\doskey.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\ftp.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\icacls.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\mmgaserver.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\charmap.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\makecab.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\perfhost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\Utilman.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\mcbuilder.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\RdpSa.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\cmdkey.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\extrac32.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\gpscript.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\help.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\netiougc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\printui.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\RdpSaProxy.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\chkdsk.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\RpcPing.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\TokenBrokerCookies.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\RMActivate.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\mspaint.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\psr.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\relog.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\runas.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\ThumbnailExtractionHost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\clip.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\certreq.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\choice.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\dpapimig.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\lodctr.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\xwizard.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\bthudtask.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\mtstocom.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\runonce.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\SndVol.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\wecutil.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMCCPHR.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\eventcreate.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\mountvol.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\netsh.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\tar.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\fontview.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\mmc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\wbem\WMIC.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\Windows.Media.BackgroundPlayback.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\WSManHTTPConfig.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\Fondue.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\shutdown.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\stordiag.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\dccw.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..screencontentserver_31bf3856ad364e35_10.0.19041.746_none_e540b68b09558f5a\f\LockScreenContentServer.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.1_none_0d3d1dcf5184d281\appidpolicyconverter.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bootux.deployment_31bf3856ad364e35_10.0.19041.1_none_f4025a506f9e9f01\bootim.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..alenrollmentmanager_31bf3856ad364e35_10.0.19041.1202_none_1a780ff3456b7bcd\CredentialEnrollmentManager.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-container-manager_31bf3856ad364e35_10.0.19041.1266_none_07a5d18b92d8b668\cmimageworker.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.264_none_0e32f443c4669fed\hvax64.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..periencehost-broker_31bf3856ad364e35_10.0.19041.746_none_1ce3c0f12fb5f8ec\r\CloudExperienceHostBroker.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\f\AccountsControlHost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..directplay8-payload_31bf3856ad364e35_10.0.19041.1_none_b970f5eb6342eadb\dpnsvr.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-driververifier_31bf3856ad364e35_10.0.19041.1_none_705ce89b3c18ecc5\verifiergui.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..al-chinese-moimeexe_31bf3856ad364e35_10.0.19041.746_none_0f44a2d7a5e3a37a\ChtIME.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.19041.746_none_770f598aef14382e\f\dfrgui.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_10.0.19041.1_none_a2b2be7cc3d8faf5\DisplaySwitch.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_10.0.19041.1_none_fa14fc3992df87f1\dllhst3g.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-browser-brokers_31bf3856ad364e35_11.0.19041.153_none_580ef30a6bb05e53\browserexport.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-certificateinstall_31bf3856ad364e35_10.0.19041.1_none_efa641d58a943e71\dmcertinst.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.928_none_0f531ea0d233243b\f\DiagnosticsHub.StandardCollector.Service.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.746_none_4b0a936d86cdd479\f\windeploy.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\ApplySettingsTemplateCatalog.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_56b9c0cf76f27918\f\autochk.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-browser-brokers_31bf3856ad364e35_11.0.19041.746_none_581ccf386ba57d51\browser_broker.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-container-manager_31bf3856ad364e35_10.0.19041.153_none_70cb6ca43c818606\cmproxyd.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deviceenroller_31bf3856ad364e35_10.0.19041.1202_none_36057e94c281704a\f\DeviceEnroller.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_10.0.19041.1_none_e51212a36c631d23\CasPol.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\Taskmgr.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.264_none_5481650943811810\f\audiodg.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_10.0.19041.153_none_b4f0bd83cfc7701e\f\AxInstUI.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..tx-dxgiadaptercache_31bf3856ad364e35_10.0.19041.928_none_85ac1b118ff2a924\f\dxgiadaptercache.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..periencehost-broker_31bf3856ad364e35_10.0.19041.746_none_1ce3c0f12fb5f8ec\f\CloudExperienceHostBroker.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-utilityvm-setupagent_31bf3856ad364e35_10.0.19041.1_none_cf994a1a65720fd5\wcsetupagent.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\AppVNice.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.264_none_0e32f443c4669fed\f\hvix64.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..screencontentserver_31bf3856ad364e35_10.0.19041.746_none_e540b68b09558f5a\r\LockScreenContentServer.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-analog-facefodhandler_31bf3856ad364e35_10.0.19041.1266_none_1f1ff89fbf279f16\r\FaceFodUninstaller.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-container-manager_31bf3856ad364e35_10.0.19041.1266_none_07a5d18b92d8b668\f\cmproxyd.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\OOBENetworkCaptivePortal.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_e190f18a08ed1a44\FlashUtil_ActiveX.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2358a116979cc599\FlashUtil_ActiveX.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.19041.207_none_c5e1b9def3522696\securekernel.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-s..chservice-component_31bf3856ad364e35_10.0.19041.1266_none_2262e67641106c48\SpeechRuntime.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-capturepicker.appxmain_31bf3856ad364e35_10.0.19041.423_none_12ca604b48f8d3fb\r\CapturePicker.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-container-manager_31bf3856ad364e35_10.0.19041.153_none_70cb6ca43c818606\cmdiag.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1266_none_119b1e415d838a28\r\autoconv.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmsp_31bf3856ad364e35_10.0.19041.1_none_39d506065bd87607\vmsp.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1288_none_f92f7256107c0e35\f\nvspinfo.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1288_none_f92f7256107c0e35\nvspinfo.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-csvde_31bf3856ad364e35_10.0.19041.1_none_112f38db81e24102\csvde.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.19041.1_none_e341aee7030e39c4\MigRegDB.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.264_none_0f23d07ed2574292\r\DiagnosticsHub.StandardCollector.Service.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.153_none_4b81b20e830f375b\f\conhost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..extservice.appxmain_31bf3856ad364e35_10.0.19041.423_none_2cade1bc915dca0d\f\Microsoft.AsyncTextService.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..rarydialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_abd26b7610cb738e\AddSuggestedFoldersToLibraryDialog.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..al-chinese-moimeexe_31bf3856ad364e35_10.0.19041.746_none_0f44a2d7a5e3a37a\r\ChtIME.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.264_none_1477a882bdce0df2\f\vmms.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.264_none_13222f28beaa00a7\f\vmwp.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-runtimebroker_31bf3856ad364e35_10.0.19041.746_none_744cb37f06e446cc\RuntimeBroker.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-e..taprotectioncleanup_31bf3856ad364e35_10.0.19041.789_none_b38221af158e5881\EDPCleanup.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_4eec2752c7ea16f8\r\backgroundTaskHost.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.173_none_38fc88f8cb913df1\r\winload.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cloudnotifications_31bf3856ad364e35_10.0.19041.746_none_7000e6adf00c3d30\f\CloudNotifications.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.1_none_9224c91b2d8eed57\imecfmui.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
File created	C:\Windows\WinSxS\amd64_hyperv-commandline-tool_31bf3856ad364e35_10.0.19041.928_none_0b17415ae0dd0379\r\hvc.exe	074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe

C:\Users\Admin\AppData\Local\Temp\074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe
"C:\Users\Admin\AppData\Local\Temp\074facb86b2ff7640c0d827c093c7828bd17807078197dd8452f70f99a342d7f.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4476

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads