944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32

Analysis

max time kernel
159s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
Size

1.2MB
MD5

0ce8e2643aca77a6ba746f4e3238a060
SHA1

244d54ffb5e2c7aabee1e7bca335087162858a2c
SHA256

944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32
SHA512

0a5b2bba8bb958640743a7793c9b37033b9a3ef639be1bfa6eaeeb38661b5cef092fba65ba9bcf725e25134ad0a66ea00a6c086a5ee7a3c3cfedb51f4eabd337
SSDEEP

24576:1bkGWsmspxm9kG9Am2ck//Zs12DtIoOFdT:yGTmip+2Dt

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1768-54-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1768-55-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\comp.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\setupugc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\wscript.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\wusa.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\mcbuilder.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\nslookup.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\replace.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\grpconv.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\ReAgentc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\convert.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\finger.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\LocationNotifications.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\regedt32.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\regsvr32.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\verclsid.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\choice.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\credwiz.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\IME\shared\IMEPADSV.EXE	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\logman.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\net.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\wbem\mofcomp.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\ARP.EXE	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\TCPSVCS.EXE	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\charmap.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\find.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\getmac.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\sethc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\sfc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\svchost.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\wininit.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\newdev.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\taskeng.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\autoconv.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\cipher.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\PING.EXE	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\wbem\WinMgmt.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\wecutil.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\wevtutil.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\notepad.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\PushPrinterConnections.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\rrinstaller.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\expand.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\mfpmp.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\RMActivate.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\shutdown.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\winrshost.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\at.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\EhStorAuthn.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjppdmg.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\sc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\SysWOW64\attrib.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_1b8f8373383de46a\ehrecvr.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSSVC.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\servicing\GC64\tzupd.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\twunk_16.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b\aitagent.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhst3g.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22091_none_d2b1c721321aadf8\conhost.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\ehome\mcGlidHost.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\explorer.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437\chkdsk.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12\GettingStarted.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ddodiag.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFaultSecure.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\ehome\ehrecvr.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_c3afa97fae99bbe4\diskraid.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehshell_31bf3856ad364e35_6.1.7600.16385_none_95955bd51390781b\ehshell.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\ehome\ehrec.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-anytime-upgradeui_31bf3856ad364e35_6.1.7600.16385_none_4aadf3be188c056d\WindowsAnytimeUpgradeui.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-control_31bf3856ad364e35_6.1.7600.16385_none_f560eae4c42edb14\control.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_02bb0612dc529329\diantz.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_brmfcmf.inf_31bf3856ad364e35_6.1.7600.16385_none_6f8740b92fea8e01\BrmfRsmg.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_8094bd7b62d2b435\ImagingDevices.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\ehome\ehshell.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.1.7600.16385_none_6a5b38699f97e38d\imjppdmg.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86\iscsicli.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_6.1.7600.16385_none_5da314d233bb2676\dvdplay.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-forfiles_31bf3856ad364e35_6.1.7600.16385_none_b1186146f739d0f1\forfiles.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.1.7600.16385_none_8fbb77bb3cd808d1\pcawrk.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104\sdbinst.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appidcertstorecheck.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\dxdiag.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_11.2.9600.16428_none_e410f56f6c4ee930\ConfigureIEOptionalComponents.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_b7aa02fc1797974c\IMTCPROP.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_dcb42ec76404494f\aspnet_regsql.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.17514_none_d6fc8d83d55eb77c\dpnsvr.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.1.7600.16385_none_901eda10f3ab38d2\McrMgr.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.1.7601.17514_none_88ff132e83a8a275\ehtray.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe

C:\Users\Admin\AppData\Local\Temp\944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe
"C:\Users\Admin\AppData\Local\Temp\944b61f660b88b20fb8f8a88f9da52145653cf4e91d39efaa7e967207eaa2b32.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-54-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1768-55-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads