6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b

Analysis

max time kernel
149s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
Size

1.0MB
MD5

07d80ad2679100b989c5e14d0c532e30
SHA1

04a42a91261a7bc973f4bb95093a517a3e04b909
SHA256

6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b
SHA512

a3cd17a3b49c8de3f0094153963854c27fce4ea804e35a94aabcedc2b1f691793ba29b1eacfbd3bb17f226864325371138ede936716d6f7e75d8e16c66eefc8b
SSDEEP

12288:1yN6PPZYmDbi7ce9WXfT3PyN6PPZYmDbi7ce9WXCD3:1ywPPZDxXL3PywPPZDxX03

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1504-54-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1504-55-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ftp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\ipconfig.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\lodctr.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\AtBroker.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\choice.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\secinit.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\verclsid.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\at.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\gpupdate.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\reg.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\SyncHost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\unregmp2.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\wowreg32.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\recover.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\Robocopy.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\powercfg.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\certreq.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\dccw.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\getmac.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\rundll32.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\comp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\iexpress.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\runas.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\TpmInit.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\wuapp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\xpsrchvw.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\credwiz.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\perfmon.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\user.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\wlanext.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\netiougc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\pcaui.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\rasphone.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\w32tm.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\cmdkey.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\finger.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\gpresult.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\mstsc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\sethc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\clip.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\where.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\bthudtask.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\net1.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\vssadmin.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\servicing\TrustedInstaller.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.1.7600.16385_none_0c9cb55c61e99805\dcomcnfg.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_6.1.7600.16385_none_44d62330646f757a\DeviceEject.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ConvertInkStore.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\ehome\wow\ehexthost32.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-wtvconverter_31bf3856ad364e35_6.1.7600.16385_none_a8464accb5a91f59\WTVConverter.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iisreset.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_6.1.7600.16385_none_dc2a59723dcfa2c7\RmClient.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39\PurblePlace.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_wcf-comsvcconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_52db65a773b633fd\ComSvcConfig.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\ehome\McxTask.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehshell_31bf3856ad364e35_6.1.7600.16385_none_95955bd51390781b\ehshell.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_a058fee6d0280cab\fontview.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.1.7600.16385_none_38dc646bf68909f4\cmdkey.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFHost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\Mcx2Prov.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-snmp-agent-service_31bf3856ad364e35_6.1.7601.17514_none_555ae6d66ee2630d\snmp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_51e5e402131afc4a\AppLaunch.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-blb-cli-main_31bf3856ad364e35_6.1.7600.16385_none_a749cec7a8b6bf08\wbadmin.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a\wbengine.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.17514_none_f885d1129806720d\CasPol.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_7547f48c79b40229\msdtc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deployment_31bf3856ad364e35_6.1.7600.16385_none_57e3e87206ff08ca\setupugc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\Dxpserver.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_6.1.7601.17514_none_cb4d60191a09a7b0\PresentationSettings.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7601.17514_none_0c19cef0ed2a642e\unregmp2.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-srdelayed_31bf3856ad364e35_6.1.7600.16385_none_b252497a75d8a174\srdelayed.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_31db018394805d6b\TSTheme.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_6.1.7600.16385_none_8c6823f855ef04a5\SystemPropertiesComputerName.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicepackcoordinator_31bf3856ad364e35_6.1.7601.17514_none_92e727843e307e1b\spreview.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d\printui.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-addinutil_31bf3856ad364e35_6.1.7601.17514_none_29443e96f9fb6564\AddInUtil.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\ehome\CreateDisc\SBEServer.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_6d6b3cfb6a5a1e5a\newdev.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..erinboxgames-spades_31bf3856ad364e35_6.1.7600.16385_none_6fa6d7361acba514\shvlzm.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_90ecf919657dacf4\ARP.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchIndexer.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_96421d40c0e2903e\aspnet_regbrowsers.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_6.1.7601.17514_none_352b5454878cd498\AxInstUI.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61\BdeUnlockWizard.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\SystemPropertiesRemote.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_2df6395b9cf7e9a5\AdapterTroubleshooter.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_5cbb962a4f0d58c1\comp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.1.7600.16385_none_84db2473005c51cb\MdRes.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\WmiApSrv.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_wcf-servicemodelreg_b03f5f7f11d50a3a_6.1.7601.17514_none_40fc6e6d1b4ea992\ServiceModelReg.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae\DFDWiz.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe

C:\Users\Admin\AppData\Local\Temp\6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
"C:\Users\Admin\AppData\Local\Temp\6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1504-54-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1504-55-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads