a380d766e276a1f51e3e7279a16985d7127739ac403939f23c700d160674417a

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2023, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PO 350000878.xls
Size

614KB
MD5

67cb6ccd1ba1f0cb96049b49b968097f
SHA1

6785cf8534d55835e6637c32ddbec8f1435515fe
SHA256

a380d766e276a1f51e3e7279a16985d7127739ac403939f23c700d160674417a
SHA512

985fd8617e4900ab1b1ecd068c1e0243bd3e7f87d688a2a889692ab3fc660e7833a758bb2860592e7a80943529d543b49563402e26e4467456aef74763837913
SSDEEP

12288:sys/7Cb31G5kCnmPTYOF3XSE45T8xJtIKYR6V80QXU0ck8Uge/:Hs/mbI5k8xYCla6jRVzEtkG

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{68C68039-93C9-4410-AE8B-9EE26774569D}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E4E8930E-8E9E-4BBE-B55F-7E751A59CEBD}.catalogItem	svchost.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4572	EXCEL.EXE
3716	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeAuditPrivilege	3716	WINWORD.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4572	EXCEL.EXE
4572	EXCEL.EXE

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
4572	EXCEL.EXE
3716	WINWORD.EXE
3716	WINWORD.EXE
3716	WINWORD.EXE
3716	WINWORD.EXE

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 3612	3716	WINWORD.EXE	89
PID 3716 wrote to memory of 3612	3716	WINWORD.EXE	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4112

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\PO 350000878.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4572

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:3612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3764

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
15c5f1759454089d5d24f951d4ed7d3f

SHA1
ba09b62d0cfd3aecbad20fadfc95ac25cf9a9325

SHA256
18662fd058a82ede366d0d1ea9d09005b377b4a65cd83e31a15410b5d99c09f2

SHA512
1a3c18be56506ccd7e7bdf1261f39d1292fbdeaf9dc24f91a3168cfabec0bc40db63e8e6a1f8a0c1c691828774724ca22badcf88abb7ed8bc9fbe40a18ae6cae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
446B

MD5
7ce04b8ae779f6285c05c7e544b41ea3

SHA1
e667b7504af84ad7df184bcccaf883dce05714c0

SHA256
dfcc17842d401967e86853e77c82a7a81a0419702c5dfe63ad9056ad51dad7f0

SHA512
173c607754231d24e7a0027b6be22a452c6f43059a4602eb4e6a6e932793de16b6c2b6179d4fef93e47ccdaab7b67c6d5d90f01de42c1aaf3018fd8dc14e49f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\f1.f1.f1[1].doc

Filesize
12KB

MD5
74388b1571594dcd616538347f335bd0

SHA1
894116948a21eac51f42f11d66fe516813cf29c7

SHA256
1f12508822b30e1dd04d9e8b91e776c5dde66c483d07ce9ffd714138c91ccf48

SHA512
3920aa205ef0345a40ab8e9bbd47e2e9b7e2102d4fe09ed6fac37bc21946a711c8111003a42dd98709e62301b588dbb46cf345dbe690b9e3df54d3f810e4e6dc

Download Submit
C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder\9NXQXXLFST89\300X300.png

Filesize
36KB

MD5
761388ca8095173f6963b1d23ad8a68b

SHA1
41e2693d0efc36cb0b97ea215d554932c46464ab

SHA256
369a2323cb569b44970884d5af3d70e38c9cfb59a54d929fabb51ba46593aa06

SHA512
2db4576927b4325dc51ce1755d55b00f7153a10424ca79fb7f32f8c92a5dec899c3961b44a15a129f1e5234b53a89c8946192703b88b10e70e86670e5831ebdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsu1CE2.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
1955e0b2de4630b20831b8b08ad590cd

SHA1
938a3502d13e5cae2199d3bdec95e1c7b70825dc

SHA256
1a3d5b144e79dae0245ec9dff335521540c226b09e04c7804fe2ba023f1fbbb2

SHA512
bcb14906c555e93d38d48e075e294fb2f19e056008f62ac934525d2db9221f02809bfbdf7a6bab568150c2e248636335d7807cfe366ccb3b9125f8c8fd9c59c5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
47b280deaa05d72a0ce768f881ea751a

SHA1
7024a2bca43d92eeb825dc40a9ca614ef154560b

SHA256
2825c65d6976607edf4c10d7767a791caaf24a8ded0556d686ea285308f69fcc

SHA512
4c4894b305e31ff93717b5c2b9633e63caa6f8950c209295847e314e4da9603789965cf5c576b73a0dbd55e3f9570ac070c74f81e6ce2a358b3188596dc64628

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
e7267f1d89bffeb2a0393d677dcc8ebb

SHA1
9a0132d99f2d42567b1bac93e69072d0c22e3826

SHA256
47b86e13e1beb1e53bee48ad15c5e2941a86c01ea2185a42f2e1c630e892313d

SHA512
e399874980b63897998871b6df926b92215e6bcc49708691ae5b90e51b1d225f49561fc6932c2eb0a3e5d5a1e07584540cf60f58acc411aff008ca0f552cc994

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
1a5557b6001c125a24228abddb7f3922

SHA1
6a12d830620375e7e48c8e761213d757cedaff94

SHA256
ee07410db2042e2e5f05548d80353e06507e3c383b87e47d04ddc56aba36b51c

SHA512
c161dd736a02c9fca8eb0fa9e0b174d1f63b59678cf82f7c54a70ab0d13fdf3114d29b4ad23b830b7748a2469457c918cd48bf90d6cb564839d7067da5747f33

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
c5b34093772350bfbd6e8e9cb056a3d3

SHA1
e8eb0f35fcc762ed0f39573195d5b95acf665ac7

SHA256
f74e1da682605e3e803ebcc271320f67000894b31dcaa974ae8027596d63d73e

SHA512
590637b032a4a9e9a9918b717298ba1d2f498b68c8d25a71d9349745af557e8b5dca7b3c0451b9e9f0f91165e76a48c4d84655db404af9a97e453d012a7932c8

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
fc2263f71c44f4bf107029dcb995e04e

SHA1
9b6f7fe0803629b918025875af992384899349ff

SHA256
e7ee6564e6ef2dd80bbfbb2557cb40f3ad692c5bfc957ca49e79b5afd17acce1

SHA512
52a8fa2c8eff8819aa2ffbe639020d2818885f0b4800ff24efaf3bd3d214c69a461274d01020ff4935c77cdc0236724a4a443cfc9a22dc865173e30b3a836ce6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
56868b7262c28553fdf2acbc70bace27

SHA1
65a255bdbc1068bf6192fddbb0f93598d37ac6a0

SHA256
44fd44b2440f4eb840ab3a7c35e26e193dae0ed5de64578fc23b34a6c62d4566

SHA512
f8c1e73e50b862df9aecc8a134e8ae0f76fb8fa0476ca38a94e36e7ca96c9c804cb224873fabff8f4caee5168bd36dbd6e1375a9b133d4ad6926956fde2eac2d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
3ad7a6286038096b6ca69654fb8b37d8

SHA1
faa30063e57e5287c51115dae8a4de70fed5ba34

SHA256
23b14d63799c49ddd83c2d59ceafe6cf04a359799a9f56bbca531a52f2ff42e2

SHA512
ca4b4f7dc9c1e6d8837af18aa98a5177cfa244e4001ea3d6d47043f80b4ff0c5f723ebdac68799b70f60b381da3e861423efc6f51f9af62e9e2253cff365556b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
e71eb8912f95339f53fbf40a6f19ddf2

SHA1
3b37932edb786f3790d55d05780f43464d19a785

SHA256
24a2283cc1725a40174958f636e853578e4708b362d9fc039a13fde1638249bf

SHA512
f46097be32b2e16ef6c55c096665f402944bf8f6c04b5ca1ed7176989410b647f23847a521512f2ee85700b157bb9dbcaeeb9f5e5653ba7c116534b0476e84d3

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
2278d65a2548b8117604a5d4a8cb6a33

SHA1
ccc7ba2addc64bde89e33d2c0f49aefcc68000fa

SHA256
ac14caa9f29cbdd9b8e98f4326ae12f185d4a579fe70813574b48d335bf926fa

SHA512
6d851ebc6ca13fc812fd605a2a06c4b141f796b6c5846187b66248bb8588a55853b485185f21bb28c8deebfa3a08a64a1ecabbd0ee2b4e538c69a94d1197413e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
ebe68af1a77e140dd0086ec6d26f7ab1

SHA1
0da22b6b2a5c20699fe72c7018d8b1734b1637bb

SHA256
92a8e59dc5440ea0d51c4897833c6689c129987f3f2253b569725b45892d0e3a

SHA512
ae656571d21fdd3543397498e94fc3d0cc7b04ee555a2ac84bca7f02e816c1c18b7532daddcb5c532f4fee09c5d1ee60421265612208781fe547602693534a53

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
c229a6d4a36f13299d03c5a03f83fc4d

SHA1
a2cda07645cdb969baa13a06ab7fa77becc2ef59

SHA256
8104586aacdbe351cea2d5195296d56e52f563f6b667f03596a9f7f8b48b0676

SHA512
a972d5d47ca6d2b0f83fb138fd2e7a1d9921aaeddddeed74c3983a15a4911b856ba9012caee93f0de930c26bc32d3a7d7e47cdda2dffafb894ee15c9113a84f5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
1e669abcfdca6948badd6c655c91076f

SHA1
259897f2cd91c1d544636731a7f267530f64a6e6

SHA256
3a0e6c9f29c12bbe114690fcb592e0d367dbd7c77d14610aaef5bd208e4ec9d3

SHA512
ac284075555b549c4932adb8f7d54b6fbdb40f0222c4a7f207c94a6fbfebf09ff2c891950068d4ada98854f563024b7af71064bfb7b09735390560dde70f5c78

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
35ff705bd87da1f109dc96cd9af9c241

SHA1
79ea917aad1892cb46bdbd582ad41ed2d4103aa6

SHA256
04e6c3e4326788edc4b4a731830bcc15d5acc8d04bc553d855671fe0317e27e5

SHA512
d72cf13fac718684247285dc15fd6be02e0859c951ecb12257949fe4a3f5bb6cca856d408be1dcaf3e8c4b1f1decc12d68d2bb7026b331451f313ecbd437ae9e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
3dd6888c481da14b945365283a480184

SHA1
e744bb1f8bbcf66b78780698ba6fe0f3346cdb13

SHA256
53cdd52f0f9983cacb4ae7118ee0f2d430e509a304b5f498a737f2625a818cf6

SHA512
4890f60bf05d492f6c536eac10241ead3b208487825125d2ffeab740d9cab739136bed9094e49c8460729a20aa92ccb7fb994bd7dffb23139375fe5cce5c14ea

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
25a30b0ac7c5fe5f16c17b4e18dca72d

SHA1
fbe92db1fc00bd96bb0a32a04f5c6ea426fa8906

SHA256
3ef4dc0b093a7edb0b1139b353cffc1d0c2f35884e3471206b0a2c06c4699e3c

SHA512
5184e1f0f36aa42436d825fde15558d2109b85a477ac7e9bee11eec3a74284568084c89562bf1489443d7328fe241632549ede463c4e6258184b439e9f923611

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
4fb0afecb3d4517fd62af1dac829ebc9

SHA1
39710fd25f4d131e5e2e34693fdad14d43995629

SHA256
9ad7eeb8aca914007685d0de630a1b988ffc3e4a47b70573e25cb5c119dda7de

SHA512
ab1182b8bf5a84ef9b290ed7c886529687d8db57ced14afe809b39a29fd07f24992d9363fee04b2c8c49d21bfbd4eaf9b992010150e9ca1b845e1b6d3dc748e1

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
bd929464f76ffd177e90110d283adfc4

SHA1
ec316764f273f1aecb1d6499ad442bafe2106bdd

SHA256
2228b6f3c4d98d9c299fd8ec2b7da5befb6cd9a137338d36ad45823fb1476810

SHA512
8acd16c75b59872bcf4e4599bc6af9a3c5d353bdc51a81cf1e0aca9fedfac14952e58cef1c61c9271953e49599f15491dd918506d9430c133bd0ff5373e4f858

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
4f731b2fd82209233103e23b40be5a4d

SHA1
19d0e053059d55b299db78275afa2ca503c8290a

SHA256
a897596a75b337ebfdcdbbf816e57cfd8a3db438b12656d93be608ab90e96fb8

SHA512
21898b4e7a01760c85dbd79274aa58c6a81aa3aa597ff519ac02493b8e1994adb376536784ca49592f61078243b792a00611f113ce66f0031ba254189c77a6e0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
da94df533e5d794688b7246d33af21e2

SHA1
336ca8b366b22e3563fdfef5a9d8017e0bfb06f1

SHA256
69576182ebbc5c790656ed8ec1806de1e89fa421d449eda201d037660d610e2e

SHA512
ac35a05720fabd90c97785256b0b587c7acdfbd37fa536258b9415e24efe5c2679742811e23514e4c45dbd8771368e88482792f4f21b2022f9020e3262230e62

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
f964fbbdb69d3d1b0c9509add9c346d6

SHA1
09d09b68f6b398b5ef3f83a1496e746e1230bf58

SHA256
af954791b36bf6d6a79ebf4985fc118a6de292a6db0b2fd21fafc1ebe9753915

SHA512
1503a880ae537b77a83d908df72de1f0cc475bf6950119a03daa5ad01dd120af3895c235fa86010eb818d4e7f7fffef7c28ff3085562f7c733ffbd7b9fa4da91

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
735cc2a48fefa2017182ecb2cc873126

SHA1
deee3daa03702b0b2912a727fe781eeffd7231db

SHA256
9899d43e007ec0c7d7b0464cc80b7f3663ea2c4d12c897897c6614ea7f20ebca

SHA512
cd8d8aa6f0f0e73a5d252291c3ee7f27db75a4b78f30db1b66c8a690be8c7fd6c601bc4a6f7dc9f83b329abb7c4bdada2f24fef49475a540a68d451655bdeb2f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
363d9516817535bbf91df9870a7fd356

SHA1
b3833671b02a90785fca053c5dd1b685f414aede

SHA256
3204594c8b6d1776ee225f77e7cf8c449c72ff29ce382e2dff812e36a90c3124

SHA512
a68ded99cdce38c68ab29f020f952a60dab1433d044e2fa13480fdbd86341e7caff007d025a84860f035922028db39c11a30d9ff1ef38bb8ea79e92abc5c05e7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
f6860031e9d96edee620a2d3a1dac565

SHA1
a044660111d283d9546df6e8c77ffacd82d2dff2

SHA256
9c56704999f8cebe7a406dbeecd750580214a5cd1938a641250db3293ae2b136

SHA512
f5bb79714a6b1fa293506bea90ad11e26289b542eacd2f28bc204c36832af7b8f5ff09bf486f6ba99a9ac1c23db50972a97009832b9172023855d7d52ef0e318

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
434f39216a992e3120ccdfa96498a5d0

SHA1
0a2b98a294722e9bf7fc88cd8b53d1fcc09e1c28

SHA256
6e60cf6fb142beaf295005aea2adb63c9bd5e23690adb633f27a51d177dfeb3e

SHA512
be82751a8b67c5e1a85259b97aacb7183602b5f401ee5d1403d5b3f735b6713d6b68228d25def66b8b5f22daa01461bcb97b490027863c4d2d4fdc32e38027ac

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
49784c44573e7ed3e08c35e8125e575c

SHA1
8941468db2eddfba870414673dae8cf222a87994

SHA256
c372ea032f21c40e83f5107f49fc63e785f564aa500f61ba594feb6607eb2814

SHA512
64c066108061e41f3f34f5df5dd4b6fddc182a83e736595ff47e8999009ee7ad544a4244c80ac1fab01944c285a3d9e0b87981a135ad1c34a7d1cd2f18bfb6cc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
9c4af3b46410a7618076eeaa73b62511

SHA1
a1d649c261f52d2ba4318d72e3bc9526541529fc

SHA256
8a79167254139c9092fb4272a7dd1af3d00134ded878367916a5c15007217fea

SHA512
1533b87a52b491cf9cffee6de181cbfbff2e335ef8dbb403e23843a88fb0edf89f7fdec83c7d137e75f0710f781102557622fc76f41dc14495833da289cf6b82

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
87cf95e5a054e3c4fdc631f102765c33

SHA1
2a4a5d3aad0aa54884a9b82d20500d617bff7e0f

SHA256
35f54384f48b9c82f7e60c66409467ca32c170c07db53f2a5225de7109640f4c

SHA512
cfbc5634353ad8ea766223e06886807844d1a8c5139ff1d6365cf651b006a969172bfa2162934d3e9b581bdcef053f96bf0b65cfbd2134f56508a837e999d780

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
2be9c5dc5b3446c3bb52d96a05b24ac5

SHA1
deac49842e734eff6c648a0965ebeb0c18f4f621

SHA256
16c72996b917b519c41a82bf7ab674035053a1fc93d941774d9d445786a3ba48

SHA512
de32bf67398c63bbd1652eda63dbc8b2ab9ee464eedbf2cb5c4407c78131322634d16179e20bb16ef977af2c8baf46e68b9f53ad10aed3388c0755c25f84f588

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
d535c62b1828bd32159f3b220b162bcc

SHA1
28261fe7a95635c25d89f3acb7089c24b0c40f3b

SHA256
802557a4ea40f190228818d3832c09628f26bf7fdc6fd5286b3ca9ce979b3218

SHA512
e1a9b68ca09dd66d5d40cdb3609e6fb5dc873c885e03a4c47d402e9bb1578874062588dc9619969f052236b5472dfc25634da62a10ed3364bef5a94bcce7e106

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
b7805840e218b6b09a9a09d2482b7fbc

SHA1
8c2f98d862047edb832096892f57430f89fd7100

SHA256
9d6c9b83755b047e2df5f391eb041b89829ba9648be5d7715530ccbe584becce

SHA512
a307b7b10d02a098ee2e91ddd810b861d91fd19c307302e1740d590152a953d6c0267f252c9814b38bbbdc2ccae2fe24f66ca834de28d41b21ee74c909dd80e0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
848c369076fa7d4c8d52daf7974bf7f4

SHA1
f47c6f6839f3fae45170539877736e68c56f1bb3

SHA256
a9c8a42235ca09a5b19aea52de0c47ae2e5fb9c5ae861d37d6b5115f0152a093

SHA512
28f4661ab9fad8729bca5d2656380b2e63df46ee39f51a76774788c4e3bea91c704204932a79872fa51dcb19906d6bba7bf46e7835e80f630b99b18f442c4cf0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
ef32a46c028f7695ddd20450c92dff02

SHA1
55c87aade30323aeeb8949313fb8ffd83ee6abae

SHA256
2792df5b63889405dfdc4259c081ec8512e262dd7d60817f474c01a61bb594f5

SHA512
6148d4313fd90bf7c10d64c74d7b2dac808395115fc959acefdd1996a0090d18def396887d7385a4ff08791c56a31a4e4a00f10e2e006d3d3611f9f8b20372ea

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
d79310e14187b9f2521b701fae727884

SHA1
c0883846559e41b6ff63e99d720ce2526dbff7cc

SHA256
400e91b27933a7680ea31537e037f93815dd64884575f970a4f424995353762b

SHA512
9f6bd0104d1be4771a27ec2c8a03d44adb226dbadb21ffda94e98f50b6ed57b9ffdfb54c2e98aab2b4e32f9d35224af2e309345f4771f9835c5c791aba66855d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
f3b7a12bc2ce071a692a040e9881b6d7

SHA1
8c2ba6364f5813325ab31214d780ec4289a49992

SHA256
b7f992533bcbf2767a1e724510748ebc119607732d4ee214416e72489acc7798

SHA512
f31aa9b01b4918d7eb4924f96e5f6c0ac229575edb0c4b1e8f3336fa1f7f79ddbcbf03a85a3cf7a35d00f8762e90c57c473cae20997a64f91784beb313c78e21

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
3c290b1bd6f75f66484b5a9651795ce4

SHA1
7d89c582bdb4be8eaee56ef6168cf5efc5a82b6a

SHA256
148b976bdb6db111162ad12d10aef5965c3230f5eca8ff8b562b140d75701bc8

SHA512
ed3da1c94e900e5e08e9e323982de1ca6ab56128cad7ea8217f886a96548c0ed613d159e944314103127eef460f22ca1f5452b04c5132005d833e3d2fabe4c45

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
ab1e671adc3f3b6af639013d7a222ef4

SHA1
bac3cbd4e1ab5de0aa1a6ac93f9f10810b1e315e

SHA256
a53b009203dce13d3e1b111ee8f16509bb3a370711229631b10ffb093925539b

SHA512
6a28249a172095e441e9d36935aebd7e200bd4b59e28d3b4c3511e3bd6c17638526da023c20be4fb9302f5b36080c2f8a0f15082ae08515e701e342f68b5609c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
cc13dc3d5d53633396aab2253a15a28c

SHA1
2287360c8c32de97f6f8f37555049b8120598397

SHA256
c85a0b58dc7ad7ae820a2122abfb3c94e365e53c6cc909f50c775d113a59f4ae

SHA512
18ae940e33ee8b26c92ee819d8e5aa90971eec0251743429fcc5508f28d5505fd452838ed0a829ad52bd7e13022b29cd5a0b3019558c8a3c11de95240c764e1e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
f1d9f1a03ca99fe66f1a4915a96b133d

SHA1
95949eda0277e62e98ed51b04e3d434097564301

SHA256
4345f974412aa6625907fa47c85b3cc1153f11e731ec6545fa0884818d52c117

SHA512
321b7e509667d98e0f49a0028a9c9cc864b0e1c6ed49ba3fa7928d81345df831cf0d0ced898408ebed23ac6e5f0c5023d6b134aa62f7a7f402d8ec6b251757bf

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
2c496ea154cd7de0699f501211194d2c

SHA1
d62133133e855f041798d5e59dcddb55e8a7b835

SHA256
da10c1442f7bb1923be2ff105e1e03a062a6a4ab5dda93112ba54edbd578e8c9

SHA512
908e67331674e175f675e4cbd28f92e342d77bd738f7edb6f8e7fe883e7b1779c540413c5eb30ddf957725edc6e9222d3916701b4a1ef2ece6d43c26e383f0a7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat

Filesize
66KB

MD5
3f3e4a7be5c9a6547a71d8e9cce472c3

SHA1
7ecb628939578f3b59b201cb2db9130d77a18f39

SHA256
34f4181df5c4f44710e0d63160ad3087be931418642007285be8066c949b21af

SHA512
2ff115f36ea82c98fbc4df47ed39eb729b6c798d7d32b43073d7f4780ebb72d6ef80e5b34681c523e3c5d8eba196110e63305ee2d6c9f34abdafcb12decb8bfc

Download Submit
memory/3716-152-0x00007FFDE3610000-0x00007FFDE3620000-memory.dmp

Filesize
64KB

Download
memory/3716-151-0x00007FFDE3610000-0x00007FFDE3620000-memory.dmp

Filesize
64KB

Download
memory/4572-140-0x00007FFDE3610000-0x00007FFDE3620000-memory.dmp

Filesize
64KB

Download
memory/4572-138-0x00007FFDE3610000-0x00007FFDE3620000-memory.dmp

Filesize
64KB

Download
memory/4572-137-0x00007FFDE5A50000-0x00007FFDE5A60000-memory.dmp

Filesize
64KB

Download
memory/4572-136-0x00007FFDE5A50000-0x00007FFDE5A60000-memory.dmp

Filesize
64KB

Download
memory/4572-135-0x00007FFDE5A50000-0x00007FFDE5A60000-memory.dmp

Filesize
64KB

Download
memory/4572-134-0x00007FFDE5A50000-0x00007FFDE5A60000-memory.dmp

Filesize
64KB

Download
memory/4572-133-0x00007FFDE5A50000-0x00007FFDE5A60000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads