feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f

Analysis

max time kernel
152s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
Size

512KB
MD5

a32c414e701a618ebaeee638dfbdb9e0
SHA1

d672fc90377e0f0f91626630c2e102609c764b4e
SHA256

feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f
SHA512

ed048efb1f7d829506a009575e55ea264a19da43f4931d955638a09e79c3b5050c798ddf3a6a976e41256b75d5f249114c89db7ed22d9d3727b5ca3935ab49a6
SSDEEP

12288:1pXlQnDXSgzyUfHwiZRzSONgK2H+PmSr3g:1pXlYJyUfQ/POPmSrw

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1228-54-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1228-55-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\comp.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\at.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\bitsadmin.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\certutil.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\diskraid.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\driverquery.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\AtBroker.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\clip.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\ddodiag.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\DeviceProperties.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\diantz.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\Dism.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\autoconv.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\charmap.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\com\MigRegDB.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\DisplaySwitch.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\dllhost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\attrib.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\dfrgui.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\diskperf.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\control.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\ctfmon.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cttune.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\bthudtask.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\convert.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\dpapimig.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\certreq.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\chkdsk.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cmstp.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\diskpart.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\regedit.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\AdapterTroubleshooter.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cacls.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cmd.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cmdl32.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cscript.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\auditpol.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\autofmt.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\calc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cmdkey.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\credwiz.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\DevicePairingWizard.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\autochk.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\choice.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\doskey.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\ARP.EXE	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\com\comrepl.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\ehome\wow\ehexthost32.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\ehome\WTVConverter.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\splwow64.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\explorer.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\ehome\mcGlidHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\ehome\ehtray.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe

C:\Users\Admin\AppData\Local\Temp\feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
"C:\Users\Admin\AppData\Local\Temp\feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1228-54-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1228-55-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads