e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4

Analysis

max time kernel
200s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
Size

291KB
MD5

a3767fb618211fd650fdcf34fd330890
SHA1

9ca38d56098ddeec835a34a5229fe52b19604207
SHA256

e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4
SHA512

56384faf3d5a3834d0c082c5d6520df48f11947f6346dbc9044e6a4f34c199a8b4306658d9267d44a43e76647371f8628676350e6b1f923c5efb1470d9f6cce8
SSDEEP

3072:h3BTstA+R1dqPlxK5QN/pJXpjK92i4lVUcLmo4MHcekAMYja3GmoT4d8y8HafOab:haA+YfESSuTSyTTmZRzSqc

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Windows.WARP.JITService.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\winrshost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\secinit.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\setx.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\sfc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\fontview.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\credwiz.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\gpresult.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\OpenWith.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\RmClient.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechModelDownload.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\SystemUWPLauncher.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\whoami.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\clip.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\diskpart.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\Dism.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\explorer.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\PickerHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\prevhost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\sxstrace.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\bitsadmin.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\wbem\WMIC.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\Windows.Media.BackgroundPlayback.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\WWAHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\msra.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\recover.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\systray.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\dccw.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\NETSTAT.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\psr.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\Register-CimProvider.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\ROUTE.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\regedit.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\bthudtask.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\efsui.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\getmac.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\setupugc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\svchost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\backgroundTaskHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\xwizard.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\finger.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\Com\comrepl.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\compact.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\ctfmon.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\mavinject.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\relog.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\appidtel.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\wiaacmgr.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\ttdinject.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\perfhost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\InputSwitchToastHandler.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\mcbuilder.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\TokenBrokerCookies.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\winver.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SysWOW64\cmdl32.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe

Drops file in Windows directory 62 IoCs

description	ioc	Process
File created	C:\Windows\bfsvc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\HelpPane.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\OOBENetworkCaptivePortal.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_aadf84cda75da02d\aspnet_regsql.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_datasvcutil_b77a5c561934e089_4.0.15805.0_none_5b1ada239e3b0505\DataSvcUtil.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_10.0.19041.1_none_e51212a36c631d23\CasPol.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_4.0.15805.0_none_c6dc1994db088235\CasPol.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellApp.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_bsdtar_31bf3856ad364e35_10.0.19041.1_none_0c1f19c50b5e5f6e\tar.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\CredDialogHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\XGpuEjectDialog.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\winhlp32.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regsql_b03f5f7f11d50a3a_10.0.19041.1_none_c9157ddc38b83b1b\aspnet_regsql.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppResolverUX.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\OOBENetworkConnectionFlow.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\servicing\TrustedInstaller.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_10.0.19041.1_none_82a36c559596820a\aspnet_regbrowsers.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_comsvcconfig_b03f5f7f11d50a3a_4.0.15805.0_none_468e01fabfc37212\ComSvcConfig.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\splwow64.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\CameraBarcodeScannerPreview.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_e190f18a08ed1a44\FlashUtil_ActiveX.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2358a116979cc599\FlashUtil_ActiveX.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_dfsvc_b03f5f7f11d50a3a_4.0.15805.0_none_c0d2d1227427864f\dfsvc.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_73cc8b3e43ba1056\aspnet_compiler.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Microsoft.AsyncTextService.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AddSuggestedFoldersToLibraryDialog.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\explorer.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\FilePicker.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_curl_31bf3856ad364e35_10.0.19041.1_none_345cbd92bc885eba\curl.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\UndockedDevKit.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_10.0.19041.1_none_3700bdc08c446a5c\AddInProcess32.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_4.0.15805.0_none_faee98a3c711fae7\AddInProcess32.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_addinutil_b77a5c561934e089_4.0.15805.0_none_fcd173bc1b434b81\AddInUtil.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\Boot\PCAT\memtest.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\notepad.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\Speech\Common\sapisvr.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\FileExplorer.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_aspnet_compiler_b03f5f7f11d50a3a_10.0.19041.1_none_9202844cd514ab44\aspnet_compiler.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\hh.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Win32WebViewHost.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_addinprocess_b77a5c561934e089_4.0.15805.0_none_74baba51266f3010\AddInProcess.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15805.0_none_646d7347043be71c\aspnet_regbrowsers.exe	e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe

C:\Users\Admin\AppData\Local\Temp\e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe
"C:\Users\Admin\AppData\Local\Temp\e71bdff05d48d4c909993ff76ff13fc2987fcebc930973590f660dfc5a1f68b4.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:3960

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads