066110dd29ac9db7348ab1bd1ee1836de693091f455abd6c7d21d8cd51820627

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
26/11/2023, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b45cc6e466c6f31b8ba2a01a3d61dca0.exe
Size

1.2MB
MD5

b45cc6e466c6f31b8ba2a01a3d61dca0
SHA1

d95afec3741252759173a9a8f7d18acc5f6e43e9
SHA256

066110dd29ac9db7348ab1bd1ee1836de693091f455abd6c7d21d8cd51820627
SHA512

c8f3f2d4e8faf82739cd67b4cdb880ee9adbd103365bed64a986051fdc57ef794dfaa4513ef33780944b0dd4078c8500268355768d850839c46845856bbf3b8a
SSDEEP

24576:ZrFMtLpwbtLpwlZua9ob7ko+lCKuRrFMtLpwbtLpwl:gtL2tLid9ob7ko+4Ku4tL2tL6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1988-1-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x00080000000120bd-6.dat	upx
behavioral1/memory/1988-3664-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wevtutil.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\wscript.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\dfrgui.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\diskcomp.com-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\logman.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\ROUTE.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\TapiUnattend.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\mfpmp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\winrshost.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\isoburn.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\label.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\Mystify.scr	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\TpmInit.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\cscript.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\forfiles.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\reg.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\SetIEInstalledDate.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\AtBroker.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\comp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\finger.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\mtstocom.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\OptionalFeatures.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\wevtutil.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\scrnsave.scr	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\at.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\comp.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\hdwwiz.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\ktmutil.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\ntoskrnl.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\where.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\xcopy.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\setupSNK.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\dllhost.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\icardagt.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\MigAutoPlay.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\runonce.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\proquota.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\TpmInit.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\AdapterTroubleshooter.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\mshta.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\netsh.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\xwizard.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\icardagt.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\mstsc.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\TCPSVCS.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\winrshost.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\diskpart.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\grpconv.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\shutdown.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\Utilman.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\waitfor.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Windows Mail\wab.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Google\Update\Install\{32AC3C1E-1D77-4453-A97C-1A59B69FA808}\chrome_installer.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-anytime-upgrade_31bf3856ad364e35_6.1.7600.16385_none_fb591b6cf023ade3\WindowsAnytimeUpgrade.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_3575d2dc8edf4a22\diskcopy.com-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_8094bd7b62d2b435\ImagingDevices.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_ddef5417d55eb944\aspnet_regbrowsers.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_f20ae427dbae4faf\ntprint.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\ehome\McrMgr.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\tracerpt.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..commandlinetoolsmqq_31bf3856ad364e35_6.1.7600.16385_none_851e6308c5b62529\qwinsta.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-certificaterequesttool_31bf3856ad364e35_6.1.7600.16385_none_67e6e9a778bbd9d5\certreq.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.2.9600.16428_none_828666943772c435\msfeedssync.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_6.1.7601.17514_none_331c32d99bebbdac\mip.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_6.1.7600.16385_none_304988749d91936f\SystemPropertiesComputerName.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\splwow64.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ftp_31bf3856ad364e35_6.1.7601.17514_none_0b11635f6f2987f7\ftp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7600.16385_none_9ebebe8614be1470\notepad.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_052696aea98bcefc\PING.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\resmon.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22091_none_d0d0722c3bb0dc09\setup16.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-runas_31bf3856ad364e35_6.1.7600.16385_none_5fbe9f67bec0f818\runas.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_eb70808bd228319e\RegAsm.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\tscon.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7600.16385_none_13b9b4b7d327a721\wmpnscfg.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\posix.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchProtocolHost.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_wpf-xamlviewer_31bf3856ad364e35_6.1.7601.17514_none_b43451f0938c6cd0\XamlViewer_v0300.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_11.2.9600.16428_none_87f259ebb3f177fa\ConfigureIEOptionalComponents.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\wow64_eventviewersettings_31bf3856ad364e35_6.1.7600.16385_none_5b41740051c4eca4\eventvwr.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.1.7600.16385_none_901eda10f3ab38d2\McrMgr.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sctasks_31bf3856ad364e35_6.1.7601.17514_none_e8657d02cbf5e4c1\schtasks.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7601.17514_none_cc9e34fd4e687b15\vbc.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_23079f05995ee912\SetIEInstalledDate.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.1.7601.17514_none_6dd5e8c3b6b81894\PhotoScreensaver.scr-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.16428_none_caf2ec2ca6b08f27\ieinstal.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\migwiz.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..ration.online.setup_31bf3856ad364e35_6.1.7600.16385_none_0dbedb7c5ac04a7d\onlinesetup.cmd-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_04d9defd57c1f6bf\rrinstaller.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-robocopy_31bf3856ad364e35_6.1.7601.17514_none_c90e996c4aa655c4\Robocopy.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.2.9600.16428_none_3bb1024f1e6bc086\mshta.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb\RMActivate_ssp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.1.7600.16385_none_69769fd78b751ad3\FlickLearningWizard.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.1.7600.16385_none_d9c7c4a2e721da7e\dpapimig.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_wpf-terminalserverwpfwrapperexe_31bf3856ad364e35_6.1.7600.16385_none_80543131e5508a75\TsWpfWrp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiodg.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_78dd6e4cd6655603\WmiPrvSE.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-clip_31bf3856ad364e35_6.1.7600.16385_none_a7b238407d550501\clip.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\dfrgui.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_3df12febe293ce5d\tcmsetup.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe

C:\Users\Admin\AppData\Local\Temp\b45cc6e466c6f31b8ba2a01a3d61dca0.exe
"C:\Users\Admin\AppData\Local\Temp\b45cc6e466c6f31b8ba2a01a3d61dca0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
2.1MB

MD5
096effb212d4abee7f7c8bdec8ac6079

SHA1
7d5406d36b19ad262ab26f1f130f21dba05d5711

SHA256
f466d4e1d72256653ee69b1492938d3e9d1744b0e25dd2c0b13586fef23f874f

SHA512
6ee52ce69d8d8f3758652c17202d347e5d2e1537a1511ad05277312f5f52e3a1297834dc1afcc6a13aa5d8b9148089a669adee92fd07cab07da5f4d10cb01a50

Download Submit
memory/1988-1-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1988-3664-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download