e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4

Analysis

max time kernel
144s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
Size

291KB
MD5

a3767fb618211fd650fdcf34fd330890
SHA1

9ca38d56098ddeec835a34a5229fe52b19604207
SHA256

e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4
SHA512

56384faf3d5a3834d0c082c5d6520df48f11947f6346dbc9044e6a4f34c199a8b4306658d9267d44a43e76647371f8628676350e6b1f923c5efb1470d9f6cce8
SSDEEP

3072:h3BTstA+R1dqPlxK5QN/pJXpjK92i4lVUcLmo4MHcekAMYja3GmoT4d8y8HafOab:haA+YfESSuTSyTTmZRzSqc

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\DpiScaling.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\IME\shared\IMEPADSV.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\TapiUnattend.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\winrshost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\eudcedit.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\IME\shared\IMCCPHR.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\mspaint.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\reg.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\userinit.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\regsvr32.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\autoconv.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\dialer.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\dvdplay.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\where.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\esentutl.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\fltMC.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\fsutil.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\nslookup.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\OptionalFeatures.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\poqexec.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\waitfor.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\charmap.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\dxdiag.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\printui.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\certutil.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\replace.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\msra.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\regedt32.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\DisplaySwitch.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\msdt.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\ftp.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\IME\IMETC10\IMTCPROP.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\netbtugc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\dccw.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\calc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPMGR.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\ndadmin.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDCT.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\MigAutoPlay.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\mshta.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\rasdial.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\fc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\raserver.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\rundll32.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\clip.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\wow64_microsoft-windows-tapicore_31bf3856ad364e35_6.1.7600.16385_none_4a83748394a862f9\dialer.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_8094bd7b62d2b435\ImagingDevices.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.17514_none_ac02530437b71a3f\mstsc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.16428_none_1c0dbd69636d746a\ieUnatt.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7600.16385_none_0d4d30a05370cb73\odbcconf.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-choice_31bf3856ad364e35_6.1.7601.17514_none_218cf07ba262766c\choice.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_052696aea98bcefc\PATHPING.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-pnputil_31bf3856ad364e35_6.1.7600.16385_none_5958b438d6388d15\PnPutil.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-getmac_31bf3856ad364e35_6.1.7600.16385_none_0bd4ecde034ea7da\getmac.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhst3g.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rpc-ping_31bf3856ad364e35_6.1.7600.16385_none_9d906433a20c1949\RpcPing.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFault.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_6d6b3cfb6a5a1e5a\ndadmin.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..up-drivepreparation_31bf3856ad364e35_6.1.7601.17514_none_ff178cca7f9d03eb\BdeHdCfg.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.1.7600.16385_none_0e3c9ce5e73a7257\imjppdmg.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\SpeechUXWiz.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-xwizard-host-process_31bf3856ad364e35_6.1.7600.16385_none_b4e9027a5234f127\xwizard.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\cscript.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_fb26c75d92790b8f\setupSNK.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sethc_31bf3856ad364e35_6.1.7601.17514_none_64c7a8e4d35d675c\sethc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.17514_none_4544cf0e5f20beea\prevhost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.17514_none_d6fc8d83d55eb77c\dpnsvr.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.1.7600.16385_none_901eda10f3ab38d2\McrMgr.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7601.17514_none_4458ac8eafdacbdd\isoburn.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmplayer.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_934d08d31b96d4ee\sdchange.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..-coreinkrecognition_31bf3856ad364e35_6.1.7600.16385_none_498d334c14a3b9bb\hwrcomp.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\poqexec.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-setx_31bf3856ad364e35_6.1.7600.16385_none_ac4d2bf27a63f85f\setx.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf\imjpuexc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnscacheugc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_d63cc4dd74a11d0b\DpiScaling.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86\iscsicli.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7600.16385_none_1179f9944d0d9973\certutil.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrmEngine.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_cd93efad202e5fb6\bthudtask.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_04d9defd57c1f6bf\rrinstaller.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791\dinotify.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7600.16385_none_13b9b4b7d327a721\wmpnscfg.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_0df703f36aac2f13\aspnet_state.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_964da911ba806d45\colorcpl.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_00192601418cadff\wmpenc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-synchost_31bf3856ad364e35_6.1.7600.16385_none_c575fec016436d8a\SyncHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-certificaterequesttool_31bf3856ad364e35_6.1.7600.16385_none_67e6e9a778bbd9d5\certreq.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.17514_none_f885d1129806720d\CasPol.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..-coreinkrecognition_31bf3856ad364e35_6.1.7600.16385_none_498d334c14a3b9bb\hwrreg.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7600.16385_none_da5dd271ce714fff\mshta.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17932_none_d088def7226177d5\setup16.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.7601.17514_none_3eb101caec1acc2c\ie4uinit.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7601.17514_none_0c19cef0ed2a642e\unregmp2.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_935e5e07aa28aa00\rdpsign.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_6.1.7601.17514_none_9757fd443892abe7\inetinfo.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_23079f05995ee912\SetIEInstalledDate.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe

C:\Users\Admin\AppData\Local\Temp\e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
"C:\Users\Admin\AppData\Local\Temp\e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1808

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads