6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
Size

1.0MB
MD5

07d80ad2679100b989c5e14d0c532e30
SHA1

04a42a91261a7bc973f4bb95093a517a3e04b909
SHA256

6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b
SHA512

a3cd17a3b49c8de3f0094153963854c27fce4ea804e35a94aabcedc2b1f691793ba29b1eacfbd3bb17f226864325371138ede936716d6f7e75d8e16c66eefc8b
SSDEEP

12288:1yN6PPZYmDbi7ce9WXfT3PyN6PPZYmDbi7ce9WXCD3:1ywPPZDxXL3PywPPZDxX03

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/828-132-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/828-133-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\expand.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\GameBarPresenceWriter.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\LaunchTM.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\NETSTAT.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\mmgaserver.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\Register-CimProvider.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\ttdinject.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\whoami.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\auditpol.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\findstr.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\mfpmp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\net.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\cipher.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\msdt.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\print.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechModelDownload.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\WWAHost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\CameraSettingsUIHost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\convert.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\ReAgentc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\sdiagnhost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\regedt32.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\fsquirt.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\PING.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\rasdial.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\ROUTE.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\UserAccountBroker.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\tttracer.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\upnpcont.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\eudcedit.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\RdpSa.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\SyncHost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\ARP.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\CredentialUIBroker.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\nslookup.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\RmClient.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\cleanmgr.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\fontview.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\mobsync.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\msiexec.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\regini.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\tasklist.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\wusa.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\dtdump.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\efsui.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\ipconfig.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\provlaunch.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SysWOW64\setupugc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-unlock_31bf3856ad364e35_10.0.19041.1_none_1a86be89cbd66ed2\bdeunlock.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.19041.1081_none_e836fc4ed2e2ecc1\f\SpeechModelDownload.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-spelling-host.binaries_31bf3856ad364e35_10.0.19041.746_none_eb2cdd2a40f60c45\MsSpellCheckingHost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_datasvcutil_b77a5c561934e089_4.0.15805.0_none_5b1ada239e3b0505\DataSvcUtil.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1_none_9be54a615e8b9e53\autofmt.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.19041.906_none_198d8d483aa30ed0\r\gpupdate.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\f\MDMAppInstaller.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.19041.1_none_25afcd12036f5605\RMActivate_ssp.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.19041.153_none_6ef8a222ac00dbc2\r\TrustedInstaller.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..dateclient-api-host_31bf3856ad364e35_10.0.19041.1266_none_149b57f8509ce672\f\wuapihost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1240cd13c584c1c\XGpuEjectDialog.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\r\AtBroker.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_49716c2392052aca\tracerpt.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_f20ecec27517964b\f\PinningConfirmationDialog.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.19041.1_none_8df65f134a48195f\rundll32.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1288_none_6f1fcb1866fcb4b8\ntprint.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devicepairingapp_31bf3856ad364e35_10.0.19041.1_none_258f6f31a16a0eac\DevicePairingWizard.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..riseclientsync-host_31bf3856ad364e35_10.0.19041.1202_none_42d3a7d52bcb0f8d\r\WorkFolders.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\SystemSettings.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lxss-wslhost_31bf3856ad364e35_10.0.19041.1151_none_329784a84ed43acd\r\wslhost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.19041.746_none_5fb37340a423d88f\PrintBrmEngine.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\CExecSvc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1_none_b29cb2f3845833b7\UevAgentPolicyGenerator.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-commandline-dsmgmt_31bf3856ad364e35_10.0.19041.1_none_00c77b5a9e4f1bee\dsmgmt.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_10.0.19041.1_none_eb29661c32e6a63a\rdpsign.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.19041.1_none_3e188ad1a12f1c4d\dpapimig.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\SyncAppvPublishingServer.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core_31bf3856ad364e35_10.0.19041.264_none_92ee62a6d5b1c18a\fhmanagew.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.19041.1_none_260e545bf60f6b0f\cliconfg.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.19041.1202_none_d081cba554088913\slui.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..d-searchintegration_31bf3856ad364e35_10.0.19041.746_none_63b0fc68ee30f2cb\r\IMESEARCH.EXE	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-srdelayed_31bf3856ad364e35_10.0.19041.1_none_0c4e6556fb852148\srdelayed.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\ByteCodeGenerator.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1266_none_ec5eb439471de957\f\cleanmgr.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.19041.1202_none_3fe90cdb6667211e\f\wevtutil.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1081_none_ef39acce2648e404\f\WerFaultSecure.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\Boot\PCAT\memtest.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_b321f2c2ab7710a2\sdbinst.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.19041.746_none_cdf422107d2779cf\r\cttunesvr.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.19041.1110_none_ac2441dbb712f006\r\msra.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.19041.1266_none_93a0f3defb54e912\f\rdpshell.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\r\hvsimgr.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.264_none_08acfd4a9926561a\r\wermgr.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1288_none_6f1fcb1866fcb4b8\r\ntprint.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-service_31bf3856ad364e35_10.0.19041.1202_none_d965e0f65a4ddcdf\BdeUISrv.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..client-decoder-host_31bf3856ad364e35_10.0.19041.207_none_00b5dbdfab19326f\UtcDecoderHost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.1_none_216932a6d29366ce\typeperf.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AddSuggestedFoldersToLibraryDialog.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-analog-facefodhandler_31bf3856ad364e35_10.0.19041.1266_none_1f1ff89fbf279f16\f\FaceFodUninstaller.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.19041.1202_none_fceb29af5a61f7e6\bcdedit.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\newdev.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.19041.867_none_099246ae3a45708c\r\printfilterpipelinesvc.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.746_none_a8b46aaa6c07ca3d\r\CredentialUIBroker.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sensordataservice_31bf3856ad364e35_10.0.19041.1_none_b3f4f49ac9993d28\SensorDataService.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8fe667a6f213806a\AtBroker.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-label_31bf3856ad364e35_10.0.19041.1_none_1774c39d9e06c822\label.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.19041.1_none_9ffa8bc52ecc9e29\comrepl.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-container-manager_31bf3856ad364e35_10.0.19041.1266_none_07a5d18b92d8b668\f\cmimageworker.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.264_none_223a5768a6257099\f\CustomShellHost.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-taskhost_31bf3856ad364e35_10.0.19041.1_none_de2fb5dcf9b35f74\taskhostw.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_10.0.19041.1_none_c719fa2e662738e0\WPDShextAutoplay.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.19041.1_none_09fac50a5fe3aec5\Fondue.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_edmgen_b77a5c561934e089_4.0.15805.0_none_ae80a3049486a75f\EdmGen.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.19041.906_none_87b019d7cebd66d4\f\appcmd.exe	6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe

C:\Users\Admin\AppData\Local\Temp\6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe
"C:\Users\Admin\AppData\Local\Temp\6c68b3729e4dc867e13ae2b9282881cc2a0f7d60d0fbc0665236522663d70e1b.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/828-132-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/828-133-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads