fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2022 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
Size

1.1MB
MD5

4007aae50f450517b45e957f17223c00
SHA1

7d654077f17fcd977fe171baa126a8166677cbc4
SHA256

fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf
SHA512

0e78f05fb27e9796290905a34063de91cf6e7b10cc8732ad0fe2757db33060da926c7008ccbb3c88d910f40641031f7130dc98289b44b9cefefdc12896bd1759
SSDEEP

12288:1pXlQnDXSgzyUfKRzS1RzSzit0kfECOG8qi0Frau43O:1pXlYJyUf9KzitUiauQO

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2624-132-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/2624-133-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\TSTheme.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\WerFault.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\at.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\iexpress.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\systray.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\TpmInit.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\tasklist.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\typeperf.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\xwizard.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\eventcreate.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\mtstocom.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\odbcad32.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\getmac.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\wextract.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\sc.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\svchost.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\wevtutil.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\whoami.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\makecab.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\mspaint.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\newdev.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\OneDriveSetup.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\wscadminui.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\raserver.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\unlodctr.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\diskpart.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMCCPHR.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\NETSTAT.EXE	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\instnm.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\wbem\mofcomp.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\rundll32.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\setupugc.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\provlaunch.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\DevicePairingWizard.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\label.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\proquota.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\quickassist.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\RMActivate.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\UserAccountBroker.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\bthudtask.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\certreq.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\isoburn.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\convert.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\dvdplay.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\findstr.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\ndadmin.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\comp.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_73cc8b3e43ba1056\aspnet_compiler.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_10.0.19041.1266_none_a88c5999d8585853\f\pcalua.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.173_none_38fc88f8cb913df1\r\winresume.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.19041.1266_none_3e00d223332897b8\f\SearchApp.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ebviewhost.appxmain_31bf3856ad364e35_10.0.19041.746_none_e873f3aa792d8bb3\f\Win32WebViewHost.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\SyncAppvPublishingServer.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..tx-dxgiadaptercache_31bf3856ad364e35_10.0.19041.84_none_9f3e49455f52d8f7\dxgiadaptercache.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.746_none_61e0347e850155a8\r\UserOOBEBroker.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1237_none_bd2b0ef5b58e1540\r\cscript.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\shrpubw.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-unp_31bf3856ad364e35_10.0.19041.1266_none_21c0be7c0dad3632\r\UNPUXHost.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-starttiledata_31bf3856ad364e35_10.0.19041.264_none_6ea6dfb6393e5f06\DataStoreCacheDumpTool.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.19041.746_none_726cc4a1ebcb1c1e\r\wlrmdr.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..deploymentmgrclient_31bf3856ad364e35_10.0.19041.1202_none_c26e06f4b82585b5\f\dmclient.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1023_none_374973298940e35c\FilePicker.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.19041.1_none_51b7888297a3c04e\LocationNotificationWindows.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-settingsynchost_31bf3856ad364e35_10.0.19041.1202_none_f4a35974d85ff180\SettingSyncHost.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\scrcons.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regsql_b03f5f7f11d50a3a_10.0.19041.1_none_c9157ddc38b83b1b\aspnet_regsql.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-runtimebroker_31bf3856ad364e35_10.0.19041.746_none_744cb37f06e446cc\RuntimeBroker.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ommandline-dsdbutil_31bf3856ad364e35_10.0.19041.844_none_1d907c422e447b14\dsdbutil.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sigverif_31bf3856ad364e35_10.0.19041.1_none_718a91e09abc2926\sigverif.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\UevTemplateConfigItemGenerator.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.1288_none_d616f4b76bd7b8a2\r\CustomInstallExec.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.19041.1_none_260e545bf60f6b0f\cliconfg.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.19041.844_none_487fcc4fe2c3cfbb\provlaunch.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.1202_none_cc0c3d35675da3a1\f\appidpolicyconverter.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..management-omadmprc_31bf3856ad364e35_10.0.19041.844_none_93c03ca99a47dc8f\omadmprc.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.19041.1_none_1655d5e596a1ade0\netbtugc.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\f\SecHealthUI.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wab-app_31bf3856ad364e35_10.0.19041.1_none_f89a6b0476f024dd\wabmig.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.84_none_f80970fc24265338\BioEnrollmentHost.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.19041.906_none_87b019d7cebd66d4\r\iissetup.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.19041.1202_none_5f774093e49b3593\refsutil.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.19041.1_none_7cf83d048bc1c334\Robocopy.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_10.0.19041.1_none_2d6e24727e9eaaa1\TpmInit.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..perience-ait-static_31bf3856ad364e35_10.0.19041.1202_none_a5a4c3f2637b55fa\f\aitstatic.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.1_none_90e29eafea574969\psr.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-coredpussvr_31bf3856ad364e35_10.0.19041.746_none_7946fb11bf19dc87\f\coredpussvr.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..s-datausagehandlers_31bf3856ad364e35_10.0.19041.153_none_dbdeec75cdd2a4d1\f\DataUsageLiveTileTask.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\Taskmgr.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_a40a1f93665b43eb\SndVol.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.19041.117_none_1db60e061b48335a\bash.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmplayer.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.19041.1_none_2311dc3012116c15\OpenWith.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.19041.1_none_10c7bab3a237c3a9\SystemPropertiesPerformance.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-ngc-trustlet_31bf3856ad364e35_10.0.19041.423_none_c3eac275ecdf7e0a\r\NgcIso.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wusa_31bf3856ad364e35_10.0.19041.1151_none_21d0a68ccdc67be8\r\wusa.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_10.0.19041.867_none_b4e9fc09cfcbdd7c\f\AxInstUI.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-mdmdiagnosticstool_31bf3856ad364e35_10.0.19041.1023_none_d3d892f3280079d7\r\MdmDiagnosticsTool.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.19041.1_none_c367e800917abc7d\odbcconf.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..up-deviceencryption_31bf3856ad364e35_10.0.19041.1_none_9053c2b542fdf1c3\BitLockerDeviceEncryption.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.19041.1237_none_a6ef3a2e62766c5c\AuditShD.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-taskkill_31bf3856ad364e35_10.0.19041.1_none_db6f0c88fb6e127a\taskkill.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.844_none_de5d9fe254d9f8c4\BioEnrollmentHost.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.19041.746_none_cdf422107d2779cf\r\cttunesvr.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpshare.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.19041.1151_none_21b291c4f7bdb6e0\r\nfsclnt.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.19041.1266_none_e40ca34e5de298c9\r\rasdial.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.19041.746_none_6275453e12708a76\r\recdisc.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_10.0.19041.1_none_e9b79397c28488a5\pcalua.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\r\mmgaserver.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.19041.264_none_c813a1965bacf6d2\SystemSettingsBroker.exe	fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe

C:\Users\Admin\AppData\Local\Temp\fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe
"C:\Users\Admin\AppData\Local\Temp\fbd189a24aea2d445cbbc176d66021351f80aa0639ecb61d837a1b0664c97edf.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2624-132-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2624-133-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads