Analysis
-
max time kernel
38s -
max time network
37s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
01-04-2023 00:40
General
-
Target
C.L[]LZ.bat
-
Size
18KB
-
MD5
e8587d513e54e911f058af7494b80e78
-
SHA1
5005f14b178a18334fa794f2aa21e790fd42f8a7
-
SHA256
f11ce7bb0448619dd5488c2bb4a5e44e3e123f9276919bf69f8cd6471dacdcc5
-
SHA512
ba9f48f9d9b39ff4c617f62867874166595543b04b017c623efe8fbe3f418eab88e423642b485eba74eafbb5cd57a2e942500d21580261b5738fe0751830e7cf
-
SSDEEP
192:dMJOA2222222222222222222222222222222222222222222222222222222222+:dgOl
Score
8/10
Malware Config
Signatures
-
Sets file to hidden 1 TTPs 8 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops file in Windows directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Opens file in notepad (likely ransom note) 2 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 8 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C.L[]LZ.bat"1⤵
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib +s +h *.vbs*2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\attrib.exeAttrib +S +H *Control*2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\attrib.exeattrib +s +h *.vbs*2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\attrib.exeAttrib +S +H *Control*2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\attrib.exeattrib +s +h *.vbs*2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\attrib.exeAttrib +S +H *Control*2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\reg.exereg add HKLM\SYSTEM\ControlSet001\Policies /v _PM_Allow_Startup_Config /t REG_DWORD /D 012⤵
- Modifies registry key
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\dyk.txt2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\attrib.exeattrib +s +h *.vbs*2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\attrib.exeAttrib +S +H *Control*2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 8015.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 29330.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13157.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 29960.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 18429.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 23282.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 17476.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4273.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 1391.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 32657.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 25659.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 5320.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 15052.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 20936.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 16510.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 3666.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 30753.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 7486.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 12535.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 11406.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 5556.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 1526.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13249.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 27033.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 6549.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 10124.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 11415.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13971.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 7029.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 14779.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 14293.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13237.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 6843.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 24099.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 20783.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 3125.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 31445.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 31561.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 21153.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 18794.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 6604.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 18656.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 24489.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 24881.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13596.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 28999.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4277.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 911.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4290.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 27730.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 29399.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 27544.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 5270.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 30541.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 12224.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 14223.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 21467.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 20030.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 29164.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 3150.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13077.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 2667.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 22810.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 2024.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 8218.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 18972.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4863.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 18318.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4204.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 1442.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 27707.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 1199.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 14790.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13720.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 28044.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 3427.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 14581.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 11881.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 22850.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 7178.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 6889.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 21779.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 7411.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 21040.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 31756.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4394.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 2927.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 23221.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 12755.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 8223.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 29430.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 30506.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 12946.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 11714.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 25513.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 31869.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 12180.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 22022.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 14911.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 729.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 5483.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 29700.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 17145.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 19656.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 26245.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 25155.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 2264.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 10651.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 9216.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4151.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 9485.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 22283.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 14527.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4359.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 8881.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 9760.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 6846.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 1940.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 19126.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 26450.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 5794.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 5046.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 27678.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 25071.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 31125.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 9416.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 29802.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 23228.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 3408.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 21864.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 27734.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 28127.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 6777.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13432.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 11459.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 16380.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 25904.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 8040.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 24565.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 19103.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 22501.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4536.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 8958.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 18394.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 20588.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 3512.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 23418.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 303.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 17235.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 659.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 5501.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 1455.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 10611.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 21387.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 32202.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 2916.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 27589.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 25734.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 19526.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 32749.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 16759.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 20426.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 12972.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 3176.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13375.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 10501.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 9089.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4245.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 16112.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 29072.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 1355.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 22839.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 14923.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 8692.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 9726.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 5566.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 3095.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 27822.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 695.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 20772.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 19572.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 7727.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 14252.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 29205.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 21868.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 15911.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 11363.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 1618.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 28875.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 22019.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 20515.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 23895.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 6192.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 180.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 31401.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13884.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 31589.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 10163.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 17691.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 1241.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 16620.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4418.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 28482.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 4653.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 13530.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 9204.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 9459.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 31745.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 23017.vbs 10002⤵
-
-
C:\Windows\system32\fsutil.exefsutil file createnew 879.vbs 10002⤵
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\Msg.txt2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\PING.EXEping 102.33.46.1 202⤵
- Runs ping.exe
-
-
C:\Windows\system32\PING.EXEping 127.0.0.1 -n 42⤵
- Runs ping.exe
-
-
C:\Windows\system32\mspaint.exemspaint2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k wsappx -s AppXSvc1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k imgsvc1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f7dcb24540769805e5bb30d193944dce
SHA1e26c583c562293356794937d9e2e6155d15449ee
SHA2566b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
SHA512cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
Filesize
40B
MD530910cb2ab0c563f5e1701bd9d0cd585
SHA183e72309f199259f898a6e7d3a4e7b8fa84ac55f
SHA25621417870bd4541025c54848cbe6a2957e398bee76cfcd44332f7b38c39cb5141
SHA512687fc0407d37dd4c0ad89cabc6b4cd39b9920805eb55f1caa83c0769fc13172d87aaaa829300b04f98cfaea4aa34bcd98e10f0bda273616a7d4aebea132138df
-
Filesize
40B
MD530910cb2ab0c563f5e1701bd9d0cd585
SHA183e72309f199259f898a6e7d3a4e7b8fa84ac55f
SHA25621417870bd4541025c54848cbe6a2957e398bee76cfcd44332f7b38c39cb5141
SHA512687fc0407d37dd4c0ad89cabc6b4cd39b9920805eb55f1caa83c0769fc13172d87aaaa829300b04f98cfaea4aa34bcd98e10f0bda273616a7d4aebea132138df
-
Filesize
55B
MD55c808e1fadc76f558b2de3517369f682
SHA1287a33918206966ca8c931ce0a266b9f5d1edaf9
SHA2564e3d1dfb2ee00cdd13b4e20073f21eb077a02f468832cb38bab4f46db4e12eab
SHA5120c78bb104f1bda4e95b0defd11db5596e1f84ed421068977e6b9e8f08957126cf60ad44a12ae7228b254d0b0e67259fce0c0f9472a76ed538cb00f860aca275b
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB