066110dd29ac9db7348ab1bd1ee1836de693091f455abd6c7d21d8cd51820627

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2023 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b45cc6e466c6f31b8ba2a01a3d61dca0.exe
Size

1.2MB
MD5

b45cc6e466c6f31b8ba2a01a3d61dca0
SHA1

d95afec3741252759173a9a8f7d18acc5f6e43e9
SHA256

066110dd29ac9db7348ab1bd1ee1836de693091f455abd6c7d21d8cd51820627
SHA512

c8f3f2d4e8faf82739cd67b4cdb880ee9adbd103365bed64a986051fdc57ef794dfaa4513ef33780944b0dd4078c8500268355768d850839c46845856bbf3b8a
SSDEEP

24576:ZrFMtLpwbtLpwlZua9ob7ko+lCKuRrFMtLpwbtLpwl:gtL2tLid9ob7ko+4Ku4tL2tL6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2256-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/files/0x0007000000022ca0-5.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dpapimig.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\mtstocom.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\TCPSVCS.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\cipher.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\help.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\RdpSaUacHelper.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\sdbinst.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\TSTheme.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\at.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\certreq.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\fixmapi.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\PING.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\provlaunch.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\ReAgentc.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\replace.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\wscadminui.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\WWAHost.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\edpnotify.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\getmac.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\instnm.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\sethc.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\whoami.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\charmap.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\Com\MigRegDB.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\InputSwitchToastHandler.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\mmgaserver.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\mountvol.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\ntprint.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\rrinstaller.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\write.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\ARP.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\fc.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\OpenWith.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\TpmInit.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\GamePanel.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\isoburn.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\sc.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\ctfmon.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\mstsc.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\autofmt.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\SearchIndexer.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\verifiergui.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\finger.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\poqexec.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\sc.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\TapiUnattend.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\taskkill.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\Windows.Media.BackgroundPlayback.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SysWOW64\eventvwr.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Google\Update\Install\{18238221-87DD-468B-83D3-9DB71CA592AF}\chrome_installer.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\StartRevoke.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Windows Media Player\wmplayer.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoia.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\StartRevoke.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\HelpPane.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\hh.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.1052_none_0bde546bcaf8e34a\ClipUp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1288_none_f92f7256107c0e35\nvspinfo.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..screencontentserver_31bf3856ad364e35_10.0.19041.746_none_e540b68b09558f5a\LockScreenContentServer.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appresolverux.appxmain_31bf3856ad364e35_10.0.19041.423_none_df344b9fe5390f25\f\AppResolverUX.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-analog-facefodhandler_31bf3856ad364e35_10.0.19041.1266_none_1f1ff89fbf279f16\FaceFodUninstaller.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1_none_b29cb2f3845833b7\UevTemplateBaselineGenerator.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\r\AppVShNotify.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\r\SyncAppvPublishingServer.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-tetheringservice_31bf3856ad364e35_10.0.19041.746_none_6ba9668b45cb4938\r\IcsEntitlementHost.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-alg_31bf3856ad364e35_10.0.19041.1_none_5eda5fa3fa7c0fb7\alg.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-browser-brokers_31bf3856ad364e35_11.0.19041.746_none_581ccf386ba57d51\browser_broker.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-container-manager_31bf3856ad364e35_10.0.19041.153_none_70cb6ca43c818606\cmdiag.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.264_none_0e32f443c4669fed\f\hvix64.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.264_none_13222f28beaa00a7\f\vmwp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1_none_b29cb2f3845833b7\Microsoft.Uev.CscUnpinTool.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..pgrade-subscription_31bf3856ad364e35_10.0.19041.1_none_07600fc1c7993163\ClipRenew.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-browser-brokers_31bf3856ad364e35_11.0.19041.746_none_581ccf386ba57d51\browserexport.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-castserver_31bf3856ad364e35_10.0.19041.746_none_a5986eca8fd4063b\r\CastSrv.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_10.0.19041.746_none_11e04cec24452336\f\dwm.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\r\AppVNice.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.1_none_8b021141ec175d3e\sdbinst.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\AccountsControlHost.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..perience-ait-static_31bf3856ad364e35_10.0.19041.1202_none_a5a4c3f2637b55fa\aitstatic.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.746_none_4028b8f4f6c0b829\r\wpr.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..esslockapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_eddf8132c42e0857\AssignedAccessLockApp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-certificateinstall_31bf3856ad364e35_10.0.19041.1_none_efa641d58a943e71\dmcertinst.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-japanese-setting_31bf3856ad364e35_10.0.19041.1_none_682105a41c3c7a6b\IMJPSET.EXE-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..periencehost-broker_31bf3856ad364e35_10.0.19041.746_none_1ce3c0f12fb5f8ec\f\CloudExperienceHostBroker.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.844_none_ba2b07b5ed02761a\imecfmui.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\sysmon.exe	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.1288_none_d616f4b76bd7b8a2\CustomInstallExec.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_5aba1063745f6e01\f\autofmt.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_10.0.19041.1_none_b79f30aeb967a64a\dvdplay.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\r\hvix64.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1266_none_aa0661cc14f9fe9a\f\vmwp.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.264_none_3f30ef10158954bf\CustomInstallExec.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_10.0.19041.746_none_11e04cec24452336\r\dwm.exe-	b45cc6e466c6f31b8ba2a01a3d61dca0.exe

C:\Users\Admin\AppData\Local\Temp\b45cc6e466c6f31b8ba2a01a3d61dca0.exe
"C:\Users\Admin\AppData\Local\Temp\b45cc6e466c6f31b8ba2a01a3d61dca0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\odt\office2016setup.exe-

Filesize
6.3MB

MD5
3582eb9e7acb2ab1a4fc8224170eb493

SHA1
b8121706c2d49c213966a01c2a6763790a3b0b91

SHA256
d93a4d1f6d3d7be5b07b4ef6e91d67eb1ee142d4f7da49d1ee8a754a672d5988

SHA512
e5dde2fcfb333256fb8c130806215e844217c66a5238f70cb4d3f319284e284c7c59aad46531bbc430519dbdfa0e070246f6bab40f63e9c01546e7cadb38dc31

Download Submit
memory/2256-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download