xtremerat | 8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02

Analysis

max time kernel
150s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
Size

44KB
MD5

a2ddf46077eda9278ad6fed530ae810c
SHA1

1e0082877baded12bcfb4de91427a9cbbfcfce28
SHA256

8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02
SHA512

e859c7c94a708fca11c0e12b34f055540fbb200a5c5ea3f7aa55bc3f83669a8c7049cfb0c734af4b408188b64327930d67f7711b9096d7c1ce531e8add2999f0
SSDEEP

768:rBr+tjFqTPkAlOztB1lr6an3smTA8uvm2DfOTwYPI2zo+J:FyRUHlEL1lr6an3TLuvm2buQqo+J

Score

10^/10

xtremerat persistence rat spyware

Malware Config

Signatures

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1284	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	26
PID 2024 wrote to memory of 1284	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	26
PID 2024 wrote to memory of 1284	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	26
PID 2024 wrote to memory of 1284	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	26
PID 2024 wrote to memory of 1284	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	26
PID 2024 wrote to memory of 1432	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	27
PID 2024 wrote to memory of 1432	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	27
PID 2024 wrote to memory of 1432	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	27
PID 2024 wrote to memory of 1432	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	27
PID 2024 wrote to memory of 1432	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	27
PID 2024 wrote to memory of 1756	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	28
PID 2024 wrote to memory of 1756	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	28
PID 2024 wrote to memory of 1756	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	28
PID 2024 wrote to memory of 1756	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	28
PID 2024 wrote to memory of 1756	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	28
PID 2024 wrote to memory of 996	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	29
PID 2024 wrote to memory of 996	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	29
PID 2024 wrote to memory of 996	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	29
PID 2024 wrote to memory of 996	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	29
PID 2024 wrote to memory of 996	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	29
PID 2024 wrote to memory of 1632	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	30
PID 2024 wrote to memory of 1632	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	30
PID 2024 wrote to memory of 1632	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	30
PID 2024 wrote to memory of 1632	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	30
PID 2024 wrote to memory of 1632	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	30
PID 2024 wrote to memory of 1644	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	31
PID 2024 wrote to memory of 1644	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	31
PID 2024 wrote to memory of 1644	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	31
PID 2024 wrote to memory of 1644	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	31
PID 2024 wrote to memory of 1644	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	31
PID 2024 wrote to memory of 1596	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	32
PID 2024 wrote to memory of 1596	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	32
PID 2024 wrote to memory of 1596	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	32
PID 2024 wrote to memory of 1596	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	32
PID 2024 wrote to memory of 1596	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	32
PID 2024 wrote to memory of 1396	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	33
PID 2024 wrote to memory of 1396	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	33
PID 2024 wrote to memory of 1396	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	33
PID 2024 wrote to memory of 1396	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	33
PID 2024 wrote to memory of 1576	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	34
PID 2024 wrote to memory of 1576	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	34
PID 2024 wrote to memory of 1576	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	34
PID 2024 wrote to memory of 1576	2024	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	34
PID 1576 wrote to memory of 1456	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	35
PID 1576 wrote to memory of 1456	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	35
PID 1576 wrote to memory of 1456	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	35
PID 1576 wrote to memory of 1456	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	35
PID 1576 wrote to memory of 1456	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	35
PID 1576 wrote to memory of 1104	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	36
PID 1576 wrote to memory of 1104	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	36
PID 1576 wrote to memory of 1104	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	36
PID 1576 wrote to memory of 1104	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	36
PID 1576 wrote to memory of 1104	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	36
PID 1576 wrote to memory of 1968	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	37
PID 1576 wrote to memory of 1968	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	37
PID 1576 wrote to memory of 1968	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	37
PID 1576 wrote to memory of 1968	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	37
PID 1576 wrote to memory of 1968	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	37
PID 1576 wrote to memory of 1524	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	38
PID 1576 wrote to memory of 1524	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	38
PID 1576 wrote to memory of 1524	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	38
PID 1576 wrote to memory of 1524	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	38
PID 1576 wrote to memory of 1524	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	38
PID 1576 wrote to memory of 584	1576	8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe	39

C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
"C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1284
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1432
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1756
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:996
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1632
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1644
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1596
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1396
- C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
  "C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1456
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1104
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1968
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1524
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:584
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1440
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:524
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:900
- - C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
    "C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe"
    3⤵
    PID:664
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:908
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:1700
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:1824
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:792
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:536
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:1008
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:1184
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
      "C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe"
      4⤵
      PID:1076
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1636
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:764
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1948
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1740
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1960
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1972
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1156
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe"
        5⤵
        
        PID:2012
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1500
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:268
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1652
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1556
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1996
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:960
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1496
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe"
        6⤵
        
        PID:1624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe"
        7⤵
        
        PID:1956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe"
        8⤵
        
        PID:1548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8613616f74d6f80819e24bf11dc27af825e20dd214636277f2e4aba8d989bd02.exe"
        9⤵
        
        PID:300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\cdxiRzcF.cfg

Filesize
1KB

MD5
30c4f0be297c8040ae2cebb85586a8a5

SHA1
5b8e4b2eb8c4ec0de86eb890b9d6126e132f9084

SHA256
44c8960d173340ae45e5d726f55f5edb2d9a982ed0beab37668d72cb1d04af48

SHA512
9823e61cf39cf9fd163b20a52903359580d3147f18060e35d2e8115f95c7b04a808d78bbf79f0ba4f6d5c8579cf01f98155fecff2770e9af538dd8cb62089a47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\cdxiRzcF.cfg

Filesize
1KB

MD5
30c4f0be297c8040ae2cebb85586a8a5

SHA1
5b8e4b2eb8c4ec0de86eb890b9d6126e132f9084

SHA256
44c8960d173340ae45e5d726f55f5edb2d9a982ed0beab37668d72cb1d04af48

SHA512
9823e61cf39cf9fd163b20a52903359580d3147f18060e35d2e8115f95c7b04a808d78bbf79f0ba4f6d5c8579cf01f98155fecff2770e9af538dd8cb62089a47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\cdxiRzcF.cfg

Filesize
1KB

MD5
30c4f0be297c8040ae2cebb85586a8a5

SHA1
5b8e4b2eb8c4ec0de86eb890b9d6126e132f9084

SHA256
44c8960d173340ae45e5d726f55f5edb2d9a982ed0beab37668d72cb1d04af48

SHA512
9823e61cf39cf9fd163b20a52903359580d3147f18060e35d2e8115f95c7b04a808d78bbf79f0ba4f6d5c8579cf01f98155fecff2770e9af538dd8cb62089a47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\cdxiRzcF.cfg

Filesize
1KB

MD5
30c4f0be297c8040ae2cebb85586a8a5

SHA1
5b8e4b2eb8c4ec0de86eb890b9d6126e132f9084

SHA256
44c8960d173340ae45e5d726f55f5edb2d9a982ed0beab37668d72cb1d04af48

SHA512
9823e61cf39cf9fd163b20a52903359580d3147f18060e35d2e8115f95c7b04a808d78bbf79f0ba4f6d5c8579cf01f98155fecff2770e9af538dd8cb62089a47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\cdxiRzcF.cfg

Filesize
1KB

MD5
30c4f0be297c8040ae2cebb85586a8a5

SHA1
5b8e4b2eb8c4ec0de86eb890b9d6126e132f9084

SHA256
44c8960d173340ae45e5d726f55f5edb2d9a982ed0beab37668d72cb1d04af48

SHA512
9823e61cf39cf9fd163b20a52903359580d3147f18060e35d2e8115f95c7b04a808d78bbf79f0ba4f6d5c8579cf01f98155fecff2770e9af538dd8cb62089a47

Download Submit
memory/2024-54-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download