Analysis
-
max time kernel
34s -
max time network
20s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
30-08-2023 09:36
Static task
static1
General
-
Target
26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe
-
Size
4.2MB
-
MD5
086477161c0670fd4dd64ee32f421206
-
SHA1
1324f37f911a1c07bd9e1401eb0543e3d65caad3
-
SHA256
26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23
-
SHA512
f0e4a78334b6c2a55c51f01120a1fad8f2506257904ce84243f1ce7d01941822f130695483fdd1a6aa3ecf5d4e66c9eba8239f326069144e1771aebabdb7a23e
-
SSDEEP
98304:oRz7mkfbzAUXChyCWYMmB6IxjWuNmst05WInW9PO:Cz7TD9Ch8lKwkm9PnWFO
Malware Config
Signatures
-
Glupteba payload 8 IoCs
resource yara_rule behavioral1/memory/4404-2-0x0000000004590000-0x0000000004E7B000-memory.dmp family_glupteba behavioral1/memory/4404-3-0x0000000000400000-0x00000000022FE000-memory.dmp family_glupteba behavioral1/memory/4404-70-0x0000000004590000-0x0000000004E7B000-memory.dmp family_glupteba behavioral1/memory/4404-71-0x0000000000400000-0x00000000022FE000-memory.dmp family_glupteba behavioral1/memory/4404-72-0x0000000000400000-0x00000000022FE000-memory.dmp family_glupteba behavioral1/memory/4404-305-0x0000000000400000-0x00000000022FE000-memory.dmp family_glupteba behavioral1/memory/4444-308-0x0000000000400000-0x00000000022FE000-memory.dmp family_glupteba behavioral1/memory/4444-536-0x0000000000400000-0x00000000022FE000-memory.dmp family_glupteba -
Modifies Windows Firewall 1 TTPs 1 IoCs
pid Process 4472 netsh.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-442 = "Arabian Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1822 = "Russia TZ 1 Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-132 = "US Eastern Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2001 = "Cabo Verde Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1842 = "Russia TZ 4 Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-891 = "Morocco Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1972 = "Belarus Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1411 = "Syria Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-141 = "Canada Central Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-532 = "Sri Lanka Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-841 = "Argentina Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-681 = "E. Australia Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-651 = "AUS Central Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-362 = "GTB Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1721 = "Libya Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-301 = "Romance Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1911 = "Russia TZ 10 Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2511 = "Lord Howe Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-365 = "Middle East Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-122 = "SA Pacific Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-491 = "India Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-382 = "South Africa Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-51 = "Greenland Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-622 = "Korea Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-792 = "SA Western Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-352 = "FLE Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-435 = "Georgian Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-562 = "SE Asia Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-591 = "Malay Peninsula Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-461 = "Afghanistan Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-221 = "Alaskan Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-401 = "Arabic Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-962 = "Paraguay Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-121 = "SA Pacific Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-448 = "Azerbaijan Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2371 = "Easter Island Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-302 = "Romance Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-632 = "Tokyo Standard Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1821 = "Russia TZ 1 Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2791 = "Novosibirsk Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-741 = "New Zealand Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-71 = "Newfoundland Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-831 = "SA Eastern Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-261 = "GMT Daylight Time" 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1956 powershell.exe 1956 powershell.exe 1956 powershell.exe 4404 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe 4404 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe 1060 powershell.exe 1060 powershell.exe 1060 powershell.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 1956 powershell.exe Token: SeDebugPrivilege 4404 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Token: SeImpersonatePrivilege 4404 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe Token: SeDebugPrivilege 1060 powershell.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4404 wrote to memory of 1956 4404 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe 71 PID 4404 wrote to memory of 1956 4404 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe 71 PID 4404 wrote to memory of 1956 4404 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe 71 PID 4444 wrote to memory of 1060 4444 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe 76 PID 4444 wrote to memory of 1060 4444 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe 76 PID 4444 wrote to memory of 1060 4444 26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe 76
Processes
-
C:\Users\Admin\AppData\Local\Temp\26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe"C:\Users\Admin\AppData\Local\Temp\26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4404 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1956
-
-
C:\Users\Admin\AppData\Local\Temp\26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe"C:\Users\Admin\AppData\Local\Temp\26b3e5c72493e28a280ae5c2d5c177365da30865f1f0ad5ceeffe4df3adcba23.exe"2⤵
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:4444 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile3⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1060
-
-
C:\Windows\System32\cmd.exeC:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"3⤵PID:3996
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes4⤵
- Modifies Windows Firewall
PID:4472
-
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile3⤵PID:4664
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a