feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f

Analysis

max time kernel
151s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
Size

512KB
MD5

a32c414e701a618ebaeee638dfbdb9e0
SHA1

d672fc90377e0f0f91626630c2e102609c764b4e
SHA256

feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f
SHA512

ed048efb1f7d829506a009575e55ea264a19da43f4931d955638a09e79c3b5050c798ddf3a6a976e41256b75d5f249114c89db7ed22d9d3727b5ca3935ab49a6
SSDEEP

12288:1pXlQnDXSgzyUfHwiZRzSONgK2H+PmSr3g:1pXlYJyUfQ/POPmSrw

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4440-132-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/4440-133-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\RpcPing.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\SystemUWPLauncher.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\at.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\ROUTE.EXE	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\comp.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\quickassist.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\tzutil.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\EhStorAuthn.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\netiougc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\NETSTAT.EXE	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\WWAHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\forfiles.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\hdwwiz.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\RdpSaUacHelper.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\shutdown.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\takeown.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\TpmInit.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\ByteCodeGenerator.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\Fondue.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\MuiUnattend.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\wbem\WMIC.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMCCPHR.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\logman.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\setupugc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\eudcedit.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\InstallShield\setup.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\winrshost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\BackgroundTransferHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\pcaui.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\secinit.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\SettingSyncHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\srdelayed.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\systray.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\gpupdate.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\ipconfig.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\msra.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\xwizard.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\recover.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\setup16.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\curl.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\fltMC.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\fontview.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\mmgaserver.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\resmon.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\diskpart.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\instnm.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\gpresult.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\net1.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\rasdial.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\TpmTool.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\choice.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\finger.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SysWOW64\rasphone.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1202_none_d081f9868ac0a804\Microsoft.AAD.BrokerPlugin.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-starttiledata_31bf3856ad364e35_10.0.19041.1202_none_05856bbd8f935e6b\f\DataStoreCacheDumpTool.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1081_none_2e31e8eed4b770c3\WmiApSrv.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.19041.1_none_3e1c0a49448926c6\bcdedit.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.19041.964_none_46ba1386f4ce2b0b\diskpart.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1_none_2eeab9eac7c3eb5c\FXSCOVER.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpconfig.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..plicationframe-host_31bf3856ad364e35_10.0.19041.746_none_b7a67ddd8bcc7470\f\ApplicationFrameHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-spectrum_31bf3856ad364e35_10.0.19041.153_none_59d1094dec9b8480\r\Spectrum.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.264_none_7dd490aa65cdf624\r\runexehelper.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..alenrollmentmanager_31bf3856ad364e35_10.0.19041.264_none_839983ebef167c68\f\CredentialEnrollmentManager.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\wdagtool.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.84_none_ffbdc333a0778274\hvsirpcd.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\f\AppVDllSurrogate.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1023_none_374973298940e35c\FilePicker.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.19041.1237_none_9d556cf140e198b4\f\RecoveryDrive.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1202_none_dfaaff89afe4f3d4\r\vds.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_hyperv-commandline-tool_31bf3856ad364e35_10.0.19041.1_none_e2f75fda217d5015\hvc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.19041.207_none_c5e1b9def3522696\f\securekernel.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..dialoghost.appxmain_31bf3856ad364e35_10.0.19041.423_none_edab5dd3a4c202d9\f\CredDialogHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.19041.1_none_5f22b28b2f384ed0\PATHPING.EXE	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.19041.746_none_790f12933fbf7e0d\f\tpmvscmgrsvr.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6012c8cabf808ff7\f\pcaui.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_27f9f931a79d1cbe\f\mavinject.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\UevAppMonitor.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-uimanagerbroker_31bf3856ad364e35_10.0.19041.1_none_30033f434a10c03b\UIMgrBroker.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.19041.207_none_11794cc79cc85d1d\f\WaaSMedicAgent.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-where_31bf3856ad364e35_10.0.19041.1_none_13c446a37d881982\where.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.19041.964_none_dddeea757b7fbba7\f\ssh.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_10.0.19041.546_none_36dd2ad842e4f8c3\f\csrss.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-expand_31bf3856ad364e35_10.0.19041.1_none_0e6389fff73df783\expand.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.19041.153_none_3c9b504ec5293ad0\WpcTok.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1266_none_b2317523477fbd48\f\lsass.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.19041.1_none_d69d2c25bd407a87\SystemSettingsAdminFlows.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_10.0.19041.746_none_0f70f5a5b71ec478\r\TSWbPrxy.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-guestcomputeservice_31bf3856ad364e35_10.0.19041.264_none_6b6699b671c8f5a8\r\VmComputeAgent.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sctasks_31bf3856ad364e35_10.0.19041.1_none_4030851754b3e0fb\schtasks.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.19041.1_none_735c6874d3056a0a\ofdeploy.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.19041.84_none_42927ae06bc1dce9\WpcMon.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1266_none_14b8c34dbc1df417\f\runexehelper.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_10.0.19041.572_none_90e9bab3cbbfd71a\djoin.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_10.0.19041.1_none_e12fdac08aa3b840\sfc.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.1288_none_d616f4b76bd7b8a2\r\ApplyTrustOffline.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.173_none_38fc88f8cb913df1\winresume.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_10.0.19041.746_none_a5751a882524bee1\r\Defrag.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.19041.964_none_dddeea757b7fbba7\r\sftp.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.844_none_de5d9fe254d9f8c4\f\BioEnrollmentHost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..te-musnotifyiconexe_31bf3856ad364e35_10.0.19041.153_none_1721bd4ad34c0544\r\MusNotifyIcon.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.19041.746_none_18c3ddf7dbfedda0\f\PinEnrollmentBroker.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.19041.264_none_4a12028313046a9e\ntoskrnl.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.153_none_c283d2cf01b0b7d8\f\EoAExperiences.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..tx-dxgiadaptercache_31bf3856ad364e35_10.0.19041.84_none_9f3e49455f52d8f7\dxgiadaptercache.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-iechooser_31bf3856ad364e35_11.0.19041.1_none_da5b9e6604736fbe\IEChooser.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.746_none_8c45e6e8b672ffff\sxstrace.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..appserver-licensing_31bf3856ad364e35_10.0.19041.1_none_5ca728f7dabaeefb\tlsbln.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1266_none_aa0661cc14f9fe9a\vmwp.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\HvsiSettingsWorker.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.19041.264_none_4a12028313046a9e\r\ntoskrnl.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.19041.1202_none_cd68049c9076546f\r\mighost.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.19041.1_none_adf98e02f565c8fe\unlodctr.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.19041.1237_none_a6ef3a2e62766c5c\r\AuditShD.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..riseclientsync-host_31bf3856ad364e35_10.0.19041.207_none_ac38fc33d542b487\r\WorkFolders.exe	feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe

C:\Users\Admin\AppData\Local\Temp\feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe
"C:\Users\Admin\AppData\Local\Temp\feae751cc7f4fb3141bf1c1fa21c2d8afb30196777990539b56d0c025fbe962f.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4440-132-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4440-133-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads