87e904893a81c4ca7daa3fa4ddcb69527db3ad5d7c147dfd1dec6c5a333587f9

Analysis

max time kernel
101s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2023 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
Size

457KB
MD5

288a04f04d9fc3e84ff5b2402c8050b1
SHA1

8e0b920bb33920e298ac9f73ab4b7ea0bbdfdbf2
SHA256

cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6
SHA512

928b111cfb151ad8967e1bde8e1e17ab592f0312f3883b1faf6578401b49cc741dde7ae426ee1ef7d8c985b3e4d4b287ccabaf01ea3841f8438d4dc993d9b5fb
SSDEEP

12288:QkoPbgRuF1R5u7w1eTe5XxLvZNOujzAKv546Q4dPHm:QkEb4E5u7w8Te5XxLhN9l54r4dHm

Score

7^/10

Malware Config

Signatures

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2640	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	86
PID 2756 wrote to memory of 2640	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	86
PID 2756 wrote to memory of 3276	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	87
PID 2756 wrote to memory of 3276	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	87
PID 2756 wrote to memory of 1136	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	88
PID 2756 wrote to memory of 1136	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	88
PID 2756 wrote to memory of 1216	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	89
PID 2756 wrote to memory of 1216	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	89
PID 2756 wrote to memory of 1092	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	90
PID 2756 wrote to memory of 1092	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	90
PID 2756 wrote to memory of 1536	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	91
PID 2756 wrote to memory of 1536	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	91
PID 2756 wrote to memory of 692	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	92
PID 2756 wrote to memory of 692	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	92
PID 2756 wrote to memory of 376	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	93
PID 2756 wrote to memory of 376	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	93
PID 2756 wrote to memory of 2528	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	94
PID 2756 wrote to memory of 2528	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	94
PID 2756 wrote to memory of 4648	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	95
PID 2756 wrote to memory of 4648	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	95
PID 2756 wrote to memory of 2448	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	96
PID 2756 wrote to memory of 2448	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	96
PID 2756 wrote to memory of 2968	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	97
PID 2756 wrote to memory of 2968	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	97
PID 2756 wrote to memory of 2304	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	98
PID 2756 wrote to memory of 2304	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	98
PID 2756 wrote to memory of 4320	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	99
PID 2756 wrote to memory of 4320	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	99
PID 2756 wrote to memory of 3524	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	100
PID 2756 wrote to memory of 3524	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	100
PID 2756 wrote to memory of 392	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	101
PID 2756 wrote to memory of 392	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	101
PID 2756 wrote to memory of 4160	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	102
PID 2756 wrote to memory of 4160	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	102
PID 2756 wrote to memory of 4616	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	103
PID 2756 wrote to memory of 4616	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	103
PID 2756 wrote to memory of 4148	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	104
PID 2756 wrote to memory of 4148	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	104
PID 2756 wrote to memory of 4148	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	104
PID 2756 wrote to memory of 4164	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	105
PID 2756 wrote to memory of 4164	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	105
PID 2756 wrote to memory of 4212	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	106
PID 2756 wrote to memory of 4212	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	106
PID 2756 wrote to memory of 4156	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	107
PID 2756 wrote to memory of 4156	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	107
PID 2756 wrote to memory of 4132	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	108
PID 2756 wrote to memory of 4132	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	108
PID 2756 wrote to memory of 2380	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	109
PID 2756 wrote to memory of 2380	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	109
PID 2756 wrote to memory of 2340	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	110
PID 2756 wrote to memory of 2340	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	110
PID 2756 wrote to memory of 2236	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	111
PID 2756 wrote to memory of 2236	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	111
PID 2756 wrote to memory of 3120	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	112
PID 2756 wrote to memory of 3120	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	112
PID 2756 wrote to memory of 1684	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	113
PID 2756 wrote to memory of 1684	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	113
PID 2756 wrote to memory of 1684	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	113
PID 2756 wrote to memory of 1040	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	114
PID 2756 wrote to memory of 1040	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	114
PID 2756 wrote to memory of 216	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	115
PID 2756 wrote to memory of 216	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	115
PID 2756 wrote to memory of 3812	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	116
PID 2756 wrote to memory of 3812	2756	cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe	116

C:\Users\Admin\AppData\Local\Temp\cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe
"C:\Users\Admin\AppData\Local\Temp\cd15fbc9e839dbc2888b3e72c47827e09a8bc50038a509f138c266ebcf2f3ed6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"
  2⤵
  PID:2640
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"
  2⤵
  PID:3276
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"
  2⤵
  PID:1136
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1216
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"
  2⤵
  PID:1092
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"
  2⤵
  PID:1536
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:692
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
  2⤵
  PID:376
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
  2⤵
  PID:2528
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4648
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2448
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
  2⤵
  PID:2968
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe"
  2⤵
  PID:2304
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"
  2⤵
  PID:4320
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe"
  2⤵
  PID:3524
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"
  2⤵
  PID:392
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
  2⤵
  PID:4160
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"
  2⤵
  PID:4616
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"
  2⤵
  PID:4148
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe"
  2⤵
  PID:4164
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"
  2⤵
  PID:4212
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"
  2⤵
  PID:4156
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe"
  2⤵
  PID:4132
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe"
  2⤵
  PID:2380
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"
  2⤵
  PID:2340
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"
  2⤵
  PID:2236
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"
  2⤵
  PID:3120
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"
  2⤵
  PID:1684
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"
  2⤵
  PID:1040
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"
  2⤵
  PID:216
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"
  2⤵
  PID:3812

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2756-133-0x0000014CE1AF0000-0x0000014CE1B66000-memory.dmp

Filesize
472KB

Download
memory/2756-134-0x0000014CFC120000-0x0000014CFC130000-memory.dmp

Filesize
64KB

Download