8cc12ee9b2f09003ded9ca3e1846ed23b63325fe8d867e735a3388a9087bd87c

Resubmissions

15/01/2024, 21:02

240115-zvt8magaf4 10

13/01/2024, 00:34

31/12/2023, 01:14

21/12/2023, 21:01

13/12/2023, 01:28

Analysis

max time kernel
26s
max time network
69s
platform
windows10-1703_x64
resource
win10-20231220-en
resource tags

arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
submitted
21/12/2023, 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.exe
Size

4KB
MD5

9ce4aaffc0cddb25b759e1ec9ab7102a
SHA1

72e78508b65d61d4ae9620d180f4aa8dddb85399
SHA256

8cc12ee9b2f09003ded9ca3e1846ed23b63325fe8d867e735a3388a9087bd87c
SHA512

8f966188af4cb25368a6636f9a973e5c0aaf583bc89009c6604ed9a5e67451d7e417e0067b5c8a517835ab977355dde37c2c5495d7616aa7f82750a65dcab55f
SSDEEP

48:6fWIcJ9lFEyU+zYGJZZJO66OulbfSqXSfbNtm:eVq9jnnEpf6zNt

Score

8^/10

themida vmprotect

Malware Config

Signatures

Downloads MZ/PE file

.NET Reactor proctector 5 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/4128-317-0x0000000002780000-0x00000000027D4000-memory.dmp	net_reactor
behavioral1/memory/4128-320-0x0000000002AB0000-0x0000000002B00000-memory.dmp	net_reactor
behavioral1/memory/4128-323-0x0000000002AB0000-0x0000000002AFC000-memory.dmp	net_reactor
behavioral1/memory/4128-328-0x0000000002AB0000-0x0000000002AFC000-memory.dmp	net_reactor
behavioral1/memory/4128-324-0x0000000002AB0000-0x0000000002AFC000-memory.dmp	net_reactor

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000600000001abe6-216.dat	themida
behavioral1/files/0x000600000001abe6-218.dat	themida
behavioral1/memory/4244-232-0x0000000000E10000-0x00000000016B4000-memory.dmp	themida
behavioral1/files/0x000600000001abee-278.dat	themida

VMProtect packed file 7 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x000700000001ab8e-186.dat	vmprotect
behavioral1/memory/3552-188-0x0000000000400000-0x0000000000F67000-memory.dmp	vmprotect
behavioral1/files/0x000700000001ab8e-185.dat	vmprotect
behavioral1/memory/3552-189-0x0000000000400000-0x0000000000F67000-memory.dmp	vmprotect
behavioral1/memory/3552-194-0x0000000000400000-0x0000000000F67000-memory.dmp	vmprotect
behavioral1/memory/3552-199-0x0000000000400000-0x0000000000F67000-memory.dmp	vmprotect
behavioral1/files/0x000600000001ac09-571.dat	vmprotect

AutoIT Executable 5 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000600000001abe0-204.dat	autoit_exe
behavioral1/memory/2124-206-0x0000000000E40000-0x00000000012E4000-memory.dmp	autoit_exe
behavioral1/files/0x000600000001abe0-203.dat	autoit_exe
behavioral1/files/0x000600000001abe4-211.dat	autoit_exe
behavioral1/files/0x000600000001abe4-214.dat	autoit_exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4908	3160	WerFault.exe	78
2332	4724	WerFault.exe	75

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
5096	schtasks.exe
3260	schtasks.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
4008	timeout.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5024	New Text Document.exe

C:\Users\Admin\AppData\Local\Temp\New Text Document.exe
"C:\Users\Admin\AppData\Local\Temp\New Text Document.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5024
- C:\Users\Admin\AppData\Local\Temp\New folder\ww.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\ww.exe"
  2⤵
  PID:4724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 524
    3⤵
    - Program crash
    PID:2332
- C:\Users\Admin\AppData\Local\Temp\New folder\adobe.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\adobe.exe"
  2⤵
  PID:1748
- - C:\Users\Admin\AppData\Local\Temp\is-2BE3J.tmp\adobe.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-2BE3J.tmp\adobe.tmp" /SL5="$D0068,6845033,54272,C:\Users\Admin\AppData\Local\Temp\New folder\adobe.exe"
    3⤵
    PID:3164
  - - C:\Program Files (x86)\RButtonTRAY\rbuttontray.exe
      "C:\Program Files (x86)\RButtonTRAY\rbuttontray.exe" -i
      4⤵
      PID:3160
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 684
        5⤵
        Program crash
        
        PID:4908
- C:\Users\Admin\AppData\Local\Temp\New folder\brg.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\brg.exe"
  2⤵
  PID:3552
- C:\Users\Admin\AppData\Local\Temp\New folder\rest.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\rest.exe"
  2⤵
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\tmp8F7F.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp8F7F.exe"
    3⤵
    PID:4244
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
      4⤵
      PID:208
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
        5⤵
        Creates scheduled task(s)
        
        PID:5096
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
      4⤵
      PID:4584
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
        5⤵
        Creates scheduled task(s)
        
        PID:3260
- - C:\Users\Admin\AppData\Local\Temp\tmp8F40.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp8F40.exe"
    3⤵
    PID:2580
- C:\Users\Admin\AppData\Local\Temp\New folder\setup294.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\setup294.exe"
  2⤵
  PID:3224
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\7zS89C79887\OU.CPL",
    3⤵
    PID:3004
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS89C79887\OU.CPL",
      4⤵
      PID:2444
- C:\Users\Admin\AppData\Local\Temp\New folder\sl.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\sl.exe"
  2⤵
  PID:3852
- - C:\Windows\winsvc.exe
    C:\Windows\winsvc.exe
    3⤵
    PID:2824
- C:\Users\Admin\AppData\Local\Temp\New folder\frreebeeie.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\frreebeeie.exe"
  2⤵
  PID:200
- C:\Users\Admin\AppData\Local\Temp\New folder\build_2023-12-19_21-29.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\build_2023-12-19_21-29.exe"
  2⤵
  PID:4128
- C:\Users\Admin\AppData\Local\Temp\New folder\ma.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\ma.exe"
  2⤵
  PID:3260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpB3CF.tmp.bat""
    3⤵
    PID:2576
  - - C:\Windows\system32\timeout.exe
      timeout 3
      4⤵
      Delays execution with timeout.exe
      PID:4008
- C:\Users\Admin\AppData\Local\Temp\New folder\cp.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\cp.exe"
  2⤵
  PID:4800
- C:\Users\Admin\AppData\Local\Temp\New folder\againn.exe
  "C:\Users\Admin\AppData\Local\Temp\New folder\againn.exe"
  2⤵
  PID:1660

C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
1⤵
PID:2576

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:4448

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4996

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\RButtonTRAY\rbuttontray.exe

Filesize
182KB

MD5
5e8114ff42e8e756ff955407b3a3b718

SHA1
6e0919cb3cad43e86c53b9cfdb191cc4242655e7

SHA256
c8458afdd6ea8a5299cf10c8fa24b7820f689ea8d23d4989ac0f8be35271316b

SHA512
23324d6a1bb39fce5fec83446016f6697e0c50072c8ee781ec35a76b9b129dcba3b5118abf07faa7714ac7c925291bb6ff7ed55544aabc4684435f800ecad732

Download Submit
C:\Program Files (x86)\RButtonTRAY\rbuttontray.exe

Filesize
177KB

MD5
b04b4a4de58c646ba0235d5766a8281f

SHA1
46171c72987ece94bcd704d0c4683fc56a5461b9

SHA256
7e02d10e00ad7ad53965e2521b0abf3e206bcc1dcb9b3d9a9807b5ef6e37f4f2

SHA512
3f7cec426c36eb7bc470c0657b517360012851a580fe7a7c35d31e4fbf4234ab2c04789cb5b77bfb67f357941a1e8102fc9e9b49b97894f6ccbe9b20947f2613

Download Submit
C:\ProgramData\SystemPropertiesDataExecutionPrevention\OneDrive.exe

Filesize
32KB

MD5
be00ec0d9851994d65a7fcbf96279d07

SHA1
293af348ac0ab3393fe532b5234e4c27dac6bf82

SHA256
89b7f7b4467f466c3ed371b67fbdd6771ca4909066d6f39271e0905c5c8b589b

SHA512
26c35b3fc6095bcfc2983ab6188c1f9f37907773c24d45e9e0fd1de1616d11a62c7bb9a9049baccc2322ddbe223bcd30570506eb7b874faa981ea04ef3321b3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS89C79887\OU.CPL

Filesize
137KB

MD5
4a7694aa2d7f8c05012e478cc6cc2e97

SHA1
edf95651f6e418cee71e59a1e8350ee10408b572

SHA256
d409f437c0fc54c2df77567977e96a5a0e7ae4459b98f33a3f7e430f4c9403bb

SHA512
edcdc6c8720c48f8c3956963d3d9bc895e869baa9ba2ca7c9a10e6136ebea8e79664f2ee299dc8bad0a3202b1588bb3381da92f8946170bb5cfe21727e911fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\FANBooster131\FANBooster131.exe

Filesize
169KB

MD5
1a2753919c92fa883b8f0a4c22a4fd5c

SHA1
d5941d16251b13e14e49dc47281a6c618df0acdf

SHA256
92cacc5de3eba53765f361bc80a39bbef250abb7333c8a3f6eeceef621f3b583

SHA512
82aa481716ecee7d7ab30b8fe0d00bbea7b9cdafc0e9b0387728beacd0e3ad4ed9fb7e8774a263dd8d86a2aee5257d4b3ec9ecbb88d88e75e959a476e54fbd88

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\adobe.exe

Filesize
492KB

MD5
e714f01a98796d4bff6595a69aacde8f

SHA1
865608ce725b42567e35cbb6fa8b79e2e0a8a9ef

SHA256
8d4b99a4ac0e89e9754c6bb27c2fef0eaa9883d6f31486adeb887513de089804

SHA512
cace422b765a2dd84f4a058d0c202c50e7dd9b6903e5ffc2641005d8d8168588b631b6f0df06112c38cb0074576a7b0e3516ee7300874e7dddeb990be32dd48a

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\adobe.exe

Filesize
392KB

MD5
e8f69467e803f2f4202580b1c32d92a4

SHA1
623fdc4e57db1463680fe883f8e5b592403b5bae

SHA256
4c7b32acf68fa338a5af52be7c34bdf36e98e41dbb4cfe9107c5b107f9976dd2

SHA512
fb90e3c086c3fe1d848c52daba01de428d4880be3ed39fddbad426ef0345ec8e6010cf3073799124c120140f7dbcfd3e9af86a06beaebaa6b14a0669b7215e81

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\brg.exe

Filesize
57KB

MD5
22929082c905d0fdf37c543d82e27056

SHA1
be1c6c9cca274c4f06d5bac100e324f33a8fa6e0

SHA256
16643f0d8e9044953937649bd8269c587342495e95fcd8639bd3a2da25ef97af

SHA512
697655394e4a5ad30c7b1c993f0d021b0d0b95f1e756d5062c35b4d7352468f2cd8a738f145aa81567a32691c42d6d8c6c005452e22889c3e28b66596d426a43

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\brg.exe

Filesize
14KB

MD5
16c1531b8dbe2bd51f85da8b1873cfba

SHA1
b6365a666cd4a03a602b48589971877433b88566

SHA256
dadc60a3af8111b62f3cbc56aef4e5893e80dd40d4f7f73537b5ef981942d586

SHA512
6e11784e83b295ac71dc892b3c3e99930a4299a7b2e38a727e061276df4a4ec36f6cf919a5c94d89c24c50b0e2806111dced7388b11ba5c0c09ea516c0de0efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\build_2023-12-19_21-29.exe

Filesize
36KB

MD5
2cbdb18d9f2ba53dea27d51905d01605

SHA1
fe9208e8e9bed91ebe9e16e4a11a55672017bdbc

SHA256
7ad6b51d87eaa6011e12908cfc66a8b179c2d4d267120a9f1c0eda5897beffde

SHA512
0bd13666d6dda85505ebbb2b412dd2639ff72dbfc5c833e804ceb19ad592ae4033d2f092bc042adfaf3f1dc5610fdb0ec401792cd388691ea439785afa3d52e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\build_2023-12-19_21-29.exe

Filesize
13KB

MD5
b5894386e0355ebee078b93b19591347

SHA1
d06bfc932695a29f26bbc712115fcb7d99b4acab

SHA256
bc1b84bee5606b9d4652190a3de019310a36d5786a6d72cee6c9f1dabf864fd0

SHA512
11303754e8d61fa7c1c302984d809d021a78e458818939fab522eda1b58c8cb3dd5aaad9e76e64da69157797e104c9c2555b5e2314bd52a097b8788d3e7e8fc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\cp.exe

Filesize
6KB

MD5
9d195e28823682d8fc1b75c6186363c4

SHA1
ed32c3c999163b15cc7efda6085cb0feb4777ff4

SHA256
844b19f2dbbc04d11f9367ef2cfa5fad818ae19b9c4e5db91383abfbd2a0b6e6

SHA512
fc546389894edc2b24eb7208a406236c1e885f9910f05516c27864d211f30daa1ce0ef665ad18d8056a4bb85c24b8927cf0a1941a8f5458e08be4f8255eaaff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\frreebeeie.exe

Filesize
35KB

MD5
2c8bf6e42f2195c8256d91f5007a1219

SHA1
8522f1970144b3bee059df28d7be6d9b07208b51

SHA256
c83802e36a693b7ec24c23b175516c136a2938218b3543e11c372bcd1dba9b2d

SHA512
fa45bd58fead0e6c6f068ee73952253a6e5fe73779cd4f891ad1dc1cfda0174c6ba3ee19428a3b2b328c52535eff8983450d763ebfea1e6258423ab26646108d

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\ma.exe

Filesize
71KB

MD5
5c41b866617e5705024c24f3ec269214

SHA1
4f5f9d99e60fe9f1b145f9b7f897a9881204d9c8

SHA256
06120ba2ecd948277501caf6135895f37bbb760a82c3ae7dad8cf25dc846e095

SHA512
203585a837c5d5e3abb29f745b5a528e9ad5aeb4865b124eee0f2193512b69c24f96359403d3b7045e1f83f4225f24e8c59baf101dcc6719a6b11158d47c045a

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\ma.exe

Filesize
59KB

MD5
bf75eee69dcab6292583c6e91bf28a9c

SHA1
5bd20f9f028aa173b3e6eaf9ca0ae60918f012ea

SHA256
c360b28cdae87462604bc5cd29832f890568cff53eac8d275a184c71b05a5147

SHA512
9c767fd27b6283d94dd2576198679a7a16c89bc08d95fe6eaf89fc4abad5eb54a2375ec5657667074f03d54df499a000725daa3a7fc3949b03a31c0b4f4412eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\rest.exe

Filesize
68KB

MD5
70c303bce28e64a83229fdfa92aaef76

SHA1
2134371bf79457a8dd71a315eb205076a23b4e02

SHA256
dd8df653d71fd35e5483bcf09facbf0e61bd7f9186b59595767ca46e62910bff

SHA512
c9bc4106c7dca5468f527c26b0820b13b323f99525431ada37a2d9c883cd0f348672c8875c17e7af553632392ab2fdb6b52e338c9527787f663f1c3c74165838

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\rest.exe

Filesize
15KB

MD5
8d93a5dbc5dd526b52203cb9333eea33

SHA1
a1c4afb33731ef81e0f24d12443ce57d8dbbcf29

SHA256
29f383cb785b02637dc7a911c5002f3d5343bd3de12a8d2121a493bce9726195

SHA512
0b90940b73729fc4003233065e601ecf6d10c68a37b394112006dd5d1cbbd1798f5838f057bb5e6a35a52d3e75d563106df3b70737249282dc31e7a9e9d802ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\setup294.exe

Filesize
171KB

MD5
36bf6e849ed8c45ad36cd392859832db

SHA1
b284f348b622d466e7ae74b6635c589b9ee2f74b

SHA256
0900c5dd3cf5a09981819f914cde15434ef4ae47137fa906060ddf9200a91576

SHA512
3ccb8b147a5e9f66d7ccef5f810030725a4081a74d1ffd9ccd30509f6a1d2d978e94fb41712ea461d8175f07650f1c0d62fddc941b72028689639d8b1cf26883

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\setup294.exe

Filesize
112KB

MD5
8c8cc15a3e3829440e0aafb733ade85a

SHA1
3d8f1f7fae4abb912d7a74be4830057f1b443633

SHA256
cb5213445a9df7a38819146fc1627d18a1130edd8936796ac09ca2bebaa7c520

SHA512
a5d5274b6a2aee1d50c7aba9b8996d46c8f7cff483f19b4012d258ea5221410a4e9708fc209d8b8718955cf111a987a8fe1739f13cfc05dd9327086782ecdb88

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\sl.exe

Filesize
15KB

MD5
a6f1e6b5775a94219b69a6261b36244a

SHA1
d06367278656d2df01112a0aff5ec845d952a201

SHA256
82d16b1428721a69501776eb26e14ecf76fe6e82a1d19c5fae6705a1cc0a4319

SHA512
f8210038b9303301bdd6f00c3b48681f798c5834ea04f8a0f5bc7f4070937727c54143ae702b3ae0298afab26e975c674c64e0c9c45250cdbee395f31f187848

Download Submit
C:\Users\Admin\AppData\Local\Temp\New folder\ww.exe

Filesize
494KB

MD5
ca582fafbbb257ccf1bf91dac47fcf4f

SHA1
1047ab96ce3c42db48e876f5e5f2c419bc3994b3

SHA256
b0c34116121eb910abfa1b9a462b70bab59faa0800c779496fbb528f0b183b7c

SHA512
80c8999d2796d56a18b6d3af85dd118731055f90f05bb0986b3d667de7f81cbcabcba7b28e7e8410ca81418777a2121a6d591217617cfc0cd7f0207e2ce8e368

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2BE3J.tmp\adobe.tmp

Filesize
613KB

MD5
053ddbe473f085ac2236ece7cbeb9e30

SHA1
57b7d081d311a40fbe4c081c4061ee31ab1c773a

SHA256
3088ba7dfb34729671d4e81e7dd5a8e3c3204b7e908d7d1090a56758951cd850

SHA512
0e5f82c57b3022d29633652343b53d873120cc6b36d6d449cffcb55537f7f690c94d0fd1b4205c53e48cfcf4a850cd5595f268cc5abc138a8210112a54a6b87b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2BE3J.tmp\adobe.tmp

Filesize
393KB

MD5
849014f784598de41a38f3ba6105f28a

SHA1
8fbd3820ee1dcf2593b0b29511bcf104f5e196e2

SHA256
b29ded11033494ab30b6bde1ff33b428e4bd529d43ddea6826277025e75c1ff7

SHA512
b3bd10c7c48ebf704e4aceae107768e3d61dd82b27df06e8b7013a6a0ee58693f686ebd6c86d14a7032ff034db6e3b2c762e00bb1c30344936a90d2b84e372d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp8F40.exe

Filesize
81KB

MD5
d816cd7c34cada62e38cdf22fb5ae798

SHA1
872d8e918758263bd5b556a305dca5baa8daab08

SHA256
d87760253701c394155475ec5458cfa62db42c86c8b08c62bd166731fedca45e

SHA512
5bcef76c691902dd2c52ecd87c210bec3966474314373ef2af562c66a4efb8bf9c1273e5b190cbbcfe8bb841407cf2792ee3788ccd035db8f82095203e87a800

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp8F40.exe

Filesize
44KB

MD5
f377afd0cbab0012eb0463a807cccb31

SHA1
142912adfef44ee3cdf3043eb2961a62c9c096db

SHA256
08741a401f210d399125525c2cbf357ce251d5f39a050e905c8cf4c609558abc

SHA512
160958ffc9daec4d86c4518cfe2ef7f617d82c27535a33186b3a92a12af407b289eecbc2c61867bb6ea2934be1f54493d435df43773551ae24ed716142bf0bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp8F7F.exe

Filesize
94KB

MD5
cc6a985d6fd0558c8c451a853a118ec0

SHA1
83296e7914d9ac3b43d5393e4fb4e951b3d8a329

SHA256
39b7d453f515bec2df60a77d96c79f1bb5c71957170346d739249a1537b04c83

SHA512
bd78d5351a4f676d7f96d6eeee8ad7c6c5fe6d2daf94738a878e7dd53e4ef90cca8ec49701c0308a0490ec7f5b6733a84361a4c04d021fe22b10079c4202bb5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp8F7F.exe

Filesize
44KB

MD5
fb10198a8de285d06fc61733b7a68f52

SHA1
6827371056c2d8ad7feeb1d8eafb8975924cc5c7

SHA256
182bab43ac426a109abbc97d82ab22f994d14d70466027b5b1297d30f2ca33a0

SHA512
f7d57d0b5f2c224ea9e0672f5e98a1de42550fdad0601f8f1b57e6c4b702a1690c2a60e8dc5a8218881fdfd10e1643e983e1acaabced1c68418465d39290ba64

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB3CF.tmp.bat

Filesize
176B

MD5
b9dc7b8f073fe3d4c571d9cd9c017e0b

SHA1
8487b7aeb909f4d5a33932a0f80a6457375503b6

SHA256
49a5e4fbed73975d3bd02a3352d718718962abc9d38d686f2e85bd524606f479

SHA512
3bdcc3f7b4841fbfac74cd1ef1d5a05f2878a63cf66263f16939038f4c35870c245bdd209a7e5fccda811e512d8f55a204a5cc602f1e9b7d7d17c457b55c6ea9

Download Submit
C:\Windows\winsvc.exe

Filesize
6KB

MD5
b80978bcdaec770876289d92d9c8ecae

SHA1
56ae81e1acae80c3c2e9b47685b98cefd6450eba

SHA256
f489b675b70c63966423bb31312ec7af503812f1bf842a4ff02fc7fa1d6858e2

SHA512
3dcfbbce62c217553cafe9fbb6ccbe3277c03bf5e2acb59fb8acca3a30404e84ea9fc9683513986c6d8ab8fce75f8cf109ae4732eb9ab4462bf1ebda70342e40

Download Submit
\Users\Admin\AppData\Local\Temp\7zS89C79887\OU.CPL

Filesize
85KB

MD5
81f50c08398e0ad846d100414b160272

SHA1
a555f30c2ec1848aa773ffc9fe21cc4961380c63

SHA256
fc47df5f4bbad7c1c0ab02ee91c3fe2b1edf7dfd21e7a25b28a23562af6e77ab

SHA512
b3e3ea06bdcab1ca955b16ffc6e63b5ec52506c953b0c20f457f1a7424dfac61c3ef8d61cd1e8a8d209f027f7407a7dea0cca7b8426611a464a696d1fad08f50

Download Submit
\Users\Admin\AppData\Local\Temp\is-0NUB7.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
\Users\Admin\AppData\Local\Temp\is-0NUB7.tmp\_isetup\_isdecmp.dll

Filesize
19KB

MD5
3adaa386b671c2df3bae5b39dc093008

SHA1
067cf95fbdb922d81db58432c46930f86d23dded

SHA256
71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

SHA512
bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

Download Submit
\Users\Admin\AppData\Local\Temp\tempAVSLWxIv9snuikN\sqlite3.dll

Filesize
57KB

MD5
cac52309826d87f195142b4a379e56a0

SHA1
545c0570d078478637008def0032f3d881cadc4f

SHA256
8606bad0574c834d028948d0db1f63cb472aa1277ae4c4cd724102242b56a7d7

SHA512
62bd08d08553a2e7239eaa9b167eb77f42721b10ead220e4a4fe33fee540a0b382396fac746560e4e81ad4a0a1ca33b695e768ecec7f433debf421546f01b945

Download Submit
memory/200-308-0x00007FF966280000-0x00007FF966C6C000-memory.dmp

Filesize
9.9MB

Download
memory/200-296-0x0000026FB0470000-0x0000026FB047E000-memory.dmp

Filesize
56KB

Download
memory/200-301-0x0000026FB0830000-0x0000026FB0840000-memory.dmp

Filesize
64KB

Download
memory/200-297-0x00007FF966280000-0x00007FF966C6C000-memory.dmp

Filesize
9.9MB

Download
memory/1748-17-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1748-205-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2124-221-0x00007FF966280000-0x00007FF966C6C000-memory.dmp

Filesize
9.9MB

Download
memory/2124-208-0x00007FF966280000-0x00007FF966C6C000-memory.dmp

Filesize
9.9MB

Download
memory/2124-206-0x0000000000E40000-0x00000000012E4000-memory.dmp

Filesize
4.6MB

Download
memory/2444-299-0x0000000000C50000-0x0000000000C56000-memory.dmp

Filesize
24KB

Download
memory/2444-298-0x0000000010000000-0x0000000010239000-memory.dmp

Filesize
2.2MB

Download
memory/2576-181-0x00007FF982E60000-0x00007FF98303B000-memory.dmp

Filesize
1.9MB

Download
memory/2576-173-0x0000000004760000-0x0000000004B60000-memory.dmp

Filesize
4.0MB

Download
memory/2576-187-0x0000000004760000-0x0000000004B60000-memory.dmp

Filesize
4.0MB

Download
memory/2576-170-0x00000000008C0000-0x00000000008C9000-memory.dmp

Filesize
36KB

Download
memory/2576-179-0x0000000004760000-0x0000000004B60000-memory.dmp

Filesize
4.0MB

Download
memory/2576-175-0x00007FF982E60000-0x00007FF98303B000-memory.dmp

Filesize
1.9MB

Download
memory/2576-180-0x0000000076FD0000-0x0000000077192000-memory.dmp

Filesize
1.8MB

Download
memory/3160-158-0x0000000000400000-0x000000000069E000-memory.dmp

Filesize
2.6MB

Download
memory/3160-157-0x0000000000400000-0x000000000069E000-memory.dmp

Filesize
2.6MB

Download
memory/3160-161-0x0000000000400000-0x000000000069E000-memory.dmp

Filesize
2.6MB

Download
memory/3164-25-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/3164-219-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/3164-318-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3260-383-0x00007FF6DC950000-0x00007FF6DCB64000-memory.dmp

Filesize
2.1MB

Download
memory/3260-510-0x00007FF6DC950000-0x00007FF6DCB64000-memory.dmp

Filesize
2.1MB

Download
memory/3260-391-0x00000000031F0000-0x0000000003235000-memory.dmp

Filesize
276KB

Download
memory/3260-516-0x00007FF966280000-0x00007FF966C6C000-memory.dmp

Filesize
9.9MB

Download
memory/3260-417-0x00007FF6DC950000-0x00007FF6DCB64000-memory.dmp

Filesize
2.1MB

Download
memory/3260-422-0x00007FF966280000-0x00007FF966C6C000-memory.dmp

Filesize
9.9MB

Download
memory/3260-414-0x00007FF6DC950000-0x00007FF6DCB64000-memory.dmp

Filesize
2.1MB

Download
memory/3260-513-0x00000000031F0000-0x0000000003235000-memory.dmp

Filesize
276KB

Download
memory/3552-189-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/3552-197-0x0000000003DC0000-0x00000000041C0000-memory.dmp

Filesize
4.0MB

Download
memory/3552-198-0x0000000003DC0000-0x00000000041C0000-memory.dmp

Filesize
4.0MB

Download
memory/3552-194-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/3552-199-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/3552-188-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4128-323-0x0000000002AB0000-0x0000000002AFC000-memory.dmp

Filesize
304KB

Download
memory/4128-315-0x00000000025D0000-0x0000000002635000-memory.dmp

Filesize
404KB

Download
memory/4128-321-0x0000000000400000-0x0000000000923000-memory.dmp

Filesize
5.1MB

Download
memory/4128-322-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/4128-324-0x0000000002AB0000-0x0000000002AFC000-memory.dmp

Filesize
304KB

Download
memory/4128-328-0x0000000002AB0000-0x0000000002AFC000-memory.dmp

Filesize
304KB

Download
memory/4128-327-0x00000000708D0000-0x0000000070FBE000-memory.dmp

Filesize
6.9MB

Download
memory/4128-325-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/4128-320-0x0000000002AB0000-0x0000000002B00000-memory.dmp

Filesize
320KB

Download
memory/4128-319-0x0000000005180000-0x000000000567E000-memory.dmp

Filesize
5.0MB

Download
memory/4128-317-0x0000000002780000-0x00000000027D4000-memory.dmp

Filesize
336KB

Download
memory/4128-314-0x0000000000BC0000-0x0000000000CC0000-memory.dmp

Filesize
1024KB

Download
memory/4244-388-0x0000000000E10000-0x00000000016B4000-memory.dmp

Filesize
8.6MB

Download
memory/4244-225-0x0000000076FD0000-0x0000000077192000-memory.dmp

Filesize
1.8MB

Download
memory/4244-227-0x0000000077ED4000-0x0000000077ED5000-memory.dmp

Filesize
4KB

Download
memory/4244-489-0x0000000005660000-0x00000000056C6000-memory.dmp

Filesize
408KB

Download
memory/4244-224-0x0000000076A20000-0x0000000076AF0000-memory.dmp

Filesize
832KB

Download
memory/4244-232-0x0000000000E10000-0x00000000016B4000-memory.dmp

Filesize
8.6MB

Download
memory/4244-448-0x0000000008E70000-0x00000000091C0000-memory.dmp

Filesize
3.3MB

Download
memory/4244-231-0x00000000708D0000-0x0000000070FBE000-memory.dmp

Filesize
6.9MB

Download
memory/4244-223-0x0000000076A20000-0x0000000076AF0000-memory.dmp

Filesize
832KB

Download
memory/4244-247-0x0000000007A50000-0x0000000007AC6000-memory.dmp

Filesize
472KB

Download
memory/4244-222-0x0000000076A20000-0x0000000076AF0000-memory.dmp

Filesize
832KB

Download
memory/4244-419-0x0000000076A20000-0x0000000076AF0000-memory.dmp

Filesize
832KB

Download
memory/4244-220-0x0000000000E10000-0x00000000016B4000-memory.dmp

Filesize
8.6MB

Download
memory/4244-434-0x0000000008830000-0x000000000884E000-memory.dmp

Filesize
120KB

Download
memory/4244-416-0x0000000076A20000-0x0000000076AF0000-memory.dmp

Filesize
832KB

Download
memory/4448-252-0x000001DA059E0000-0x000001DA059F0000-memory.dmp

Filesize
64KB

Download
memory/4448-276-0x000001DA04820000-0x000001DA04822000-memory.dmp

Filesize
8KB

Download
memory/4448-233-0x000001DA05720000-0x000001DA05730000-memory.dmp

Filesize
64KB

Download
memory/4724-163-0x0000000003920000-0x0000000003D20000-memory.dmp

Filesize
4.0MB

Download
memory/4724-162-0x0000000003920000-0x0000000003D20000-memory.dmp

Filesize
4.0MB

Download
memory/4724-168-0x0000000076FD0000-0x0000000077192000-memory.dmp

Filesize
1.8MB

Download
memory/4724-9-0x0000000000A70000-0x0000000000B70000-memory.dmp

Filesize
1024KB

Download
memory/4724-165-0x00007FF982E60000-0x00007FF98303B000-memory.dmp

Filesize
1.9MB

Download
memory/4724-169-0x0000000003920000-0x0000000003D20000-memory.dmp

Filesize
4.0MB

Download
memory/4724-174-0x0000000000400000-0x000000000089D000-memory.dmp

Filesize
4.6MB

Download
memory/4724-10-0x00000000009E0000-0x0000000000A52000-memory.dmp

Filesize
456KB

Download
memory/4724-11-0x0000000000400000-0x000000000089D000-memory.dmp

Filesize
4.6MB

Download
memory/4724-164-0x0000000003920000-0x0000000003D20000-memory.dmp

Filesize
4.0MB

Download
memory/4724-178-0x0000000003920000-0x0000000003D20000-memory.dmp

Filesize
4.0MB

Download
memory/5024-0-0x0000000000290000-0x0000000000298000-memory.dmp

Filesize
32KB

Download
memory/5024-167-0x00007FF966280000-0x00007FF966C6C000-memory.dmp

Filesize
9.9MB

Download
memory/5024-176-0x000000001AF80000-0x000000001AF90000-memory.dmp

Filesize
64KB

Download
memory/5024-1-0x00007FF966280000-0x00007FF966C6C000-memory.dmp

Filesize
9.9MB

Download
memory/5024-2-0x000000001AF80000-0x000000001AF90000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads