Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
05/10/2023, 14:00
231005-raznlsdd59 430/09/2023, 17:52
230930-wf1kbaga24 730/09/2023, 17:50
230930-went5aee6t 730/09/2023, 17:07
230930-vmytmaeb71 3Analysis
-
max time kernel
253s -
max time network
254s -
platform
windows10-1703_x64 -
resource
win10-20230915-en -
resource tags
arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system -
submitted
30/09/2023, 17:52
Static task
static1
1 signatures
General
-
Target
loader.bin.exe
-
Size
5.7MB
-
MD5
fd2d84bee10bbccb7b590e1025752873
-
SHA1
c0fbb34903a19dcf4591ba7f88c3995d183fefe8
-
SHA256
1bb662d598172326e5ddd54f879bae3a6fea58742af0f44bd3934003da625384
-
SHA512
87ed02ad109845b34f8f70237a2e3a51f607dac89e795f1c3b5fad019630c2a2756c2be51c7f25e04c2d4246b68803ef2b43c002155a3d660a2f66911c891add
-
SSDEEP
98304:3453W8vYIC+RgZkKIXfEIeYUAlLc3A6fv4i/NTJVLpxrOw1xitse3Jk9yfPDnmY:o53W83p5XfEI5WNn4QNtVLXrOw2TSsfS
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 12 ip-api.com -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\rescache\_merged\4183903823\810424605.pri taskmgr.exe File created C:\Windows\rescache\_merged\1601268389\3877292338.pri taskmgr.exe File created C:\Windows\rescache\_merged\4183903823\810424605.pri taskmgr.exe File created C:\Windows\rescache\_merged\1601268389\3877292338.pri taskmgr.exe -
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings taskmgr.exe Key created \REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3444 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 4372 WMIC.exe Token: SeSecurityPrivilege 4372 WMIC.exe Token: SeTakeOwnershipPrivilege 4372 WMIC.exe Token: SeLoadDriverPrivilege 4372 WMIC.exe Token: SeSystemProfilePrivilege 4372 WMIC.exe Token: SeSystemtimePrivilege 4372 WMIC.exe Token: SeProfSingleProcessPrivilege 4372 WMIC.exe Token: SeIncBasePriorityPrivilege 4372 WMIC.exe Token: SeCreatePagefilePrivilege 4372 WMIC.exe Token: SeBackupPrivilege 4372 WMIC.exe Token: SeRestorePrivilege 4372 WMIC.exe Token: SeShutdownPrivilege 4372 WMIC.exe Token: SeDebugPrivilege 4372 WMIC.exe Token: SeSystemEnvironmentPrivilege 4372 WMIC.exe Token: SeRemoteShutdownPrivilege 4372 WMIC.exe Token: SeUndockPrivilege 4372 WMIC.exe Token: SeManageVolumePrivilege 4372 WMIC.exe Token: 33 4372 WMIC.exe Token: 34 4372 WMIC.exe Token: 35 4372 WMIC.exe Token: 36 4372 WMIC.exe Token: SeIncreaseQuotaPrivilege 4372 WMIC.exe Token: SeSecurityPrivilege 4372 WMIC.exe Token: SeTakeOwnershipPrivilege 4372 WMIC.exe Token: SeLoadDriverPrivilege 4372 WMIC.exe Token: SeSystemProfilePrivilege 4372 WMIC.exe Token: SeSystemtimePrivilege 4372 WMIC.exe Token: SeProfSingleProcessPrivilege 4372 WMIC.exe Token: SeIncBasePriorityPrivilege 4372 WMIC.exe Token: SeCreatePagefilePrivilege 4372 WMIC.exe Token: SeBackupPrivilege 4372 WMIC.exe Token: SeRestorePrivilege 4372 WMIC.exe Token: SeShutdownPrivilege 4372 WMIC.exe Token: SeDebugPrivilege 4372 WMIC.exe Token: SeSystemEnvironmentPrivilege 4372 WMIC.exe Token: SeRemoteShutdownPrivilege 4372 WMIC.exe Token: SeUndockPrivilege 4372 WMIC.exe Token: SeManageVolumePrivilege 4372 WMIC.exe Token: 33 4372 WMIC.exe Token: 34 4372 WMIC.exe Token: 35 4372 WMIC.exe Token: 36 4372 WMIC.exe Token: SeDebugPrivilege 3444 taskmgr.exe Token: SeSystemProfilePrivilege 3444 taskmgr.exe Token: SeCreateGlobalPrivilege 3444 taskmgr.exe Token: SeIncreaseQuotaPrivilege 4132 WMIC.exe Token: SeSecurityPrivilege 4132 WMIC.exe Token: SeTakeOwnershipPrivilege 4132 WMIC.exe Token: SeLoadDriverPrivilege 4132 WMIC.exe Token: SeSystemProfilePrivilege 4132 WMIC.exe Token: SeSystemtimePrivilege 4132 WMIC.exe Token: SeProfSingleProcessPrivilege 4132 WMIC.exe Token: SeIncBasePriorityPrivilege 4132 WMIC.exe Token: SeCreatePagefilePrivilege 4132 WMIC.exe Token: SeBackupPrivilege 4132 WMIC.exe Token: SeRestorePrivilege 4132 WMIC.exe Token: SeShutdownPrivilege 4132 WMIC.exe Token: SeDebugPrivilege 4132 WMIC.exe Token: SeSystemEnvironmentPrivilege 4132 WMIC.exe Token: SeRemoteShutdownPrivilege 4132 WMIC.exe Token: SeUndockPrivilege 4132 WMIC.exe Token: SeManageVolumePrivilege 4132 WMIC.exe Token: 33 4132 WMIC.exe Token: 34 4132 WMIC.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe 3444 taskmgr.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 220 loader.bin.exe 4848 loader.bin.exe 1692 loader.bin.exe 1948 loader.bin.exe -
Suspicious use of WriteProcessMemory 62 IoCs
description pid Process procid_target PID 220 wrote to memory of 3020 220 loader.bin.exe 77 PID 220 wrote to memory of 3020 220 loader.bin.exe 77 PID 220 wrote to memory of 4280 220 loader.bin.exe 78 PID 220 wrote to memory of 4280 220 loader.bin.exe 78 PID 220 wrote to memory of 2748 220 loader.bin.exe 79 PID 220 wrote to memory of 2748 220 loader.bin.exe 79 PID 2748 wrote to memory of 4372 2748 cmd.exe 80 PID 2748 wrote to memory of 4372 2748 cmd.exe 80 PID 4848 wrote to memory of 2828 4848 loader.bin.exe 85 PID 4848 wrote to memory of 2828 4848 loader.bin.exe 85 PID 4848 wrote to memory of 4172 4848 loader.bin.exe 86 PID 4848 wrote to memory of 4172 4848 loader.bin.exe 86 PID 4848 wrote to memory of 792 4848 loader.bin.exe 87 PID 4848 wrote to memory of 792 4848 loader.bin.exe 87 PID 4848 wrote to memory of 1104 4848 loader.bin.exe 88 PID 4848 wrote to memory of 1104 4848 loader.bin.exe 88 PID 4848 wrote to memory of 5048 4848 loader.bin.exe 89 PID 4848 wrote to memory of 5048 4848 loader.bin.exe 89 PID 4848 wrote to memory of 4480 4848 loader.bin.exe 90 PID 4848 wrote to memory of 4480 4848 loader.bin.exe 90 PID 4848 wrote to memory of 5096 4848 loader.bin.exe 91 PID 4848 wrote to memory of 5096 4848 loader.bin.exe 91 PID 4848 wrote to memory of 1272 4848 loader.bin.exe 92 PID 4848 wrote to memory of 1272 4848 loader.bin.exe 92 PID 4848 wrote to memory of 3440 4848 loader.bin.exe 93 PID 4848 wrote to memory of 3440 4848 loader.bin.exe 93 PID 4848 wrote to memory of 868 4848 loader.bin.exe 94 PID 4848 wrote to memory of 868 4848 loader.bin.exe 94 PID 4848 wrote to memory of 1716 4848 loader.bin.exe 95 PID 4848 wrote to memory of 1716 4848 loader.bin.exe 95 PID 4848 wrote to memory of 5116 4848 loader.bin.exe 96 PID 4848 wrote to memory of 5116 4848 loader.bin.exe 96 PID 5116 wrote to memory of 4132 5116 cmd.exe 97 PID 5116 wrote to memory of 4132 5116 cmd.exe 97 PID 4848 wrote to memory of 4244 4848 loader.bin.exe 98 PID 4848 wrote to memory of 4244 4848 loader.bin.exe 98 PID 4848 wrote to memory of 1392 4848 loader.bin.exe 99 PID 4848 wrote to memory of 1392 4848 loader.bin.exe 99 PID 4848 wrote to memory of 5104 4848 loader.bin.exe 100 PID 4848 wrote to memory of 5104 4848 loader.bin.exe 100 PID 4848 wrote to memory of 2116 4848 loader.bin.exe 101 PID 4848 wrote to memory of 2116 4848 loader.bin.exe 101 PID 1948 wrote to memory of 2496 1948 loader.bin.exe 106 PID 1948 wrote to memory of 2496 1948 loader.bin.exe 106 PID 1948 wrote to memory of 1488 1948 loader.bin.exe 107 PID 1948 wrote to memory of 1488 1948 loader.bin.exe 107 PID 1948 wrote to memory of 3844 1948 loader.bin.exe 108 PID 1948 wrote to memory of 3844 1948 loader.bin.exe 108 PID 1948 wrote to memory of 3756 1948 loader.bin.exe 109 PID 1948 wrote to memory of 3756 1948 loader.bin.exe 109 PID 1948 wrote to memory of 3032 1948 loader.bin.exe 110 PID 1948 wrote to memory of 3032 1948 loader.bin.exe 110 PID 1948 wrote to memory of 2996 1948 loader.bin.exe 111 PID 1948 wrote to memory of 2996 1948 loader.bin.exe 111 PID 1948 wrote to memory of 3028 1948 loader.bin.exe 112 PID 1948 wrote to memory of 3028 1948 loader.bin.exe 112 PID 1948 wrote to memory of 3576 1948 loader.bin.exe 113 PID 1948 wrote to memory of 3576 1948 loader.bin.exe 113 PID 1948 wrote to memory of 4460 1948 loader.bin.exe 114 PID 1948 wrote to memory of 4460 1948 loader.bin.exe 114 PID 4460 wrote to memory of 2692 4460 cmd.exe 115 PID 4460 wrote to memory of 2692 4460 cmd.exe 115
Processes
-
C:\Users\Admin\AppData\Local\Temp\loader.bin.exe"C:\Users\Admin\AppData\Local\Temp\loader.bin.exe"1⤵PID:508
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4464
-
C:\Users\Admin\Desktop\loader.bin.exe"C:\Users\Admin\Desktop\loader.bin.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:220 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:3020
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:4280
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic baseboard get product2⤵
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Windows\System32\Wbem\WMIC.exewmic baseboard get product3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4372
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3444
-
C:\Users\Admin\Desktop\loader.bin.exe"C:\Users\Admin\Desktop\loader.bin.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4848 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2828
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:4172
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:792
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1104
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:5048
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:4480
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:5096
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1272
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:3440
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:868
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1716
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic baseboard get product2⤵
- Suspicious use of WriteProcessMemory
PID:5116 -
C:\Windows\System32\Wbem\WMIC.exewmic baseboard get product3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:4244
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1392
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:5104
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2116
-
-
C:\Users\Admin\Desktop\loader.bin.exe"C:\Users\Admin\Desktop\loader.bin.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1692
-
C:\Users\Admin\Desktop\loader.bin.exe"C:\Users\Admin\Desktop\loader.bin.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2496
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1488
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:3844
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:3756
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:3032
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2996
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:3028
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:3576
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic baseboard get product2⤵
- Suspicious use of WriteProcessMemory
PID:4460 -
C:\Windows\System32\Wbem\WMIC.exewmic baseboard get product3⤵PID:2692
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
PID:4008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
162KB
MD50d02b03a068d671348931cc20c048422
SHA167b6deacf1303acfcbab0b158157fdc03a02c8d5
SHA25644f4263d65889ea8f0db3c6e31a956a4664e9200aba2612c9be7016feeb323c0
SHA512805e7b4fafed39dec5ecc2ede0c65b6e103e6757e0bd43ecdce7c00932f59e3e7a68d2ea0818244dfeb691b022c1ccca590a3f4239f99e1cd8a29ba66daed358
-
Filesize
2KB
MD5a2942665b12ed000cd2ac95adef8e0cc
SHA1ac194f8d30f659131d1c73af8d44e81eccab7fde
SHA256bdc5de6c42c523a333c26160d212c62385b03f5ebdae5aa8c5d025ff3f8aa374
SHA5124e5ba962ba97656974c390b45302d60f4c82d604feb6199d44e80497a40d0b0a9fd119ca17ac184809ca0821ab6813292892c433ed7277f65c275f37a96070b9