a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Size

25.9MB
MD5

0aea3c51224c662a8965507fdcbeabf1
SHA1

cfbf8cfaeca73245fe1dfb3b56f121d26668f185
SHA256

a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc
SHA512

05446f94fbba9bd52ea7b8e9844f9f0ccd1e3dfea835ae78f8875b90f37faeda495f045f0ce41f942b6f4188fb495d8e6893505aaaaeed71e5ba0f4a0ebfdfe1
SSDEEP

196608:GmXXTYoIKX52VJjG8Lo7CeJy5k0gYIek5LlKoq8h02MbPOEq:GIlIKX52VE7WA5LlKoq8JMbG

Score

5^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Control Panel\International\Geo\Nation	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe

Loads dropped DLL 64 IoCs

pid	Process
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
968	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe

Registers COM server for autorun 1 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\InProcServer32	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\InProcServer32	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 32 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance\InitPropertyBag\TargetFolderPath = "C:\\Users\\Admin\\hiveDisk"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance\InitPropertyBag\TargetFolderPath = "C:\\Users\\Admin\\hiveDisk"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\ShellFolder\Attributes = "4034920525"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\InProcServer32	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\hive-desktop\\HiveCloudBridge\\Icons\\Drive.ico"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\System.IsPinnedToNamespaceTree = "1"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance\InitPropertyBag\Attributes = "17"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\ShellFolder	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance\InitPropertyBag	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\ = "hiveDisk"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\DefaultIcon	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\ShellFolder\FolderValueFlags = "552"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance\InitPropertyBag\Attributes = "17"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\ShellFolder	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\hive-desktop\\HiveCloudBridge\\Icons\\Drive.ico"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\DefaultIcon	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\ShellFolder\FolderValueFlags = "552"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\ShellFolder\Attributes = "4034920525"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\System.IsPinnedToNamespaceTree = "1"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\InProcServer32	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\Instance\InitPropertyBag	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\ = "hiveDisk"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\WOW6432Node\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\SortOrderIndex = "66"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{0E1FCA24-FC69-48A5-AB61-AA1CA35CD938}\SortOrderIndex = "66"	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Hive CloudBridge\C\Users\Admin\hiveDisk\ServerDataV5\1688849860408119:ItemIdentity	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
File created	C:\Users\Admin\AppData\Local\Hive CloudBridge\C\Users\Admin\hiveDisk\ServerDataV5\1688849860408119:LocationData	a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe

C:\Users\Admin\AppData\Local\Temp\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe
"C:\Users\Admin\AppData\Local\Temp\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
- NTFS ADS
PID:968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\HiveCloudBridge.dll

Filesize
367KB

MD5
874894201cde2625cb7e27a27a32356c

SHA1
0f2275817e6b784e82d7050eeb1c268f3c54d358

SHA256
c9a238dadb3158f5a0c2aaaae42b5da26bdb6da780b0a6a2301d2d816f72fccd

SHA512
5c8fce1a569ccd53bff01d76e1e2b99343dd08f6767c24647c58baa45d0e29b891fe3cf834c9100da52ed5258218efb8cdfe82de9239f3de23971183c2f7e5af

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\Microsoft.Win32.Primitives.dll

Filesize
8KB

MD5
c09937f68e2e72f86f05797479e173e4

SHA1
b0afbaaa3875542a2578f6d6ca3aaaa50c3b1045

SHA256
b7667eae29090714cab539afb8433ee12e6773563ac773b67cbecaf2bb41c9a8

SHA512
6660382f98bf7cd8f8274785e22da1f4c5c835c2bb812993fdeac866d64873255dbae9f4f3ea5c59347266d6e1e379b9bec689081460e52182586053462842ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Collections.Concurrent.dll

Filesize
48KB

MD5
81323fe98eb0e7d47989896c564dd639

SHA1
82daccc9800b310a75b5418929c12c8e12374bb1

SHA256
f4bf911df2f0e9c8e0679635a3ddbf48e0ec962ba8b06180258b738b77575e51

SHA512
d78eaedfb8220efb6c351cf99568dc80a85ac810b1d368cde44aa5abac3df060a30efbcb780616c512cec939fcb1479f0969408e85b0934c02cf988d41d6900a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Collections.dll

Filesize
27KB

MD5
c69b0202cc53956649e95e3aacb1e58d

SHA1
680f0b6e45837ab5fccf3cfc972e1c1d0115e924

SHA256
39ef2bd6e74523991dd242994f0316fdba1c36c4f1777fd6fab30183b1046576

SHA512
10970b5837032d39fc0132f30d0e40a5ddd3ac9fafd1b7624010d39bfa51d595d10895cf0bc444c59935cd89fa0f09a73ff4723ac1cdfe5361b182ed7e85088c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.ComponentModel.Primitives.dll

Filesize
19KB

MD5
be1d3c5f75f9074fa7bc5cd932b718e3

SHA1
19c89a6aa658c1b80196379811e06424464d92a3

SHA256
d75b9620fc98e635ed1ad82d8ba309fdf8442cf3ce9cb807be314afbf610d079

SHA512
8e6618b2c4a70527df57d20716985dd2d947b48f49a76f03240ad387f9ce8a2d4f98e5c05b6eea609bfa254e270b78d8b3a858b8bee8811b982ddca87e6c2427

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.ComponentModel.dll

Filesize
5KB

MD5
5f8e5b26890865b3a77fe6e58ebd8e85

SHA1
5ffe4a168a60b304e03618bd5a1c072fdd89a664

SHA256
257c7d0abf221767e29d0fb622c2848682b835afeae35ce9640c93d9f309a2d8

SHA512
ced04d77b6eedc5f7e5ef4e38f97c84ef28a8daefbf38370352c026544d34b8521e0eecdba3f75fcc14ca5514fbd1d7df33fe824536f20d743f46f12792d8616

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.IO.FileSystem.AccessControl.dll

Filesize
16KB

MD5
1997bae367f86e53dbe9dd0cf4bdf10b

SHA1
d4e31efc5e4cee1dd3767c16181436677bb5b7e4

SHA256
5cc66c6a2347d09939d777061b9bcc3a9a2bb55d93f8a03799b728b718cfd4c2

SHA512
546c776e5f6d60bbfe98f0964cb7f8bed6308a7c9db8799ae14611b0e400a25dda90dba60c9e8d71350484829298631519dee4b91134bc3826f0d38596ab15dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.IO.FileSystem.DriveInfo.dll

Filesize
16KB

MD5
331b2c746f5e0d8d23ae4b72a845564b

SHA1
4adf1a27d234a82828dd9d72c4973499df6d971c

SHA256
ced4e9a148cc3a2704bb3a6d1e393fa31864aa0da9e3e6752102d46a4fd9dc1a

SHA512
00e14b55a0df5a1edf831c655f4e9ba19a25a7f1daad33749a8efbac9c52383c2543a530b5bdd567f922ff5d5905b90b145f2fa5c38e2f0eee80e48acbc679c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.IO.FileSystem.Watcher.dll

Filesize
26KB

MD5
1b3db28af96e04e7efa3ab5cab413358

SHA1
e900cd1163c71ec602534b6b1ddcf4ce2c802b44

SHA256
c578ccd9a56d29eb914b6ede2127092e5978edb59e3525f6ef17b2dea85fc238

SHA512
8a64cd372d3f5c646f3c84a1ba0ed311fa9c52e6c14f6a97d43fa84c48acb9fa869f0b8f25736e2967af6e13591be37c310d643dcb49248e596cde2421c11eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.IO.Pipes.dll

Filesize
42KB

MD5
0d5b8734b795513ec258319e69aa2ef6

SHA1
eb9bbccc4c7c9f9b917c96605bf30a6586654cf0

SHA256
7e129aa7e87d73e82451a23b2fd03a67d63ab20a08cab4e8a4daa0b404ed4bf4

SHA512
051b9dfcf503b3685e07a70a9c5899ffcc658d8d00626f8f06af23202c8b798c36ea94a60a8d06a2da5ae15778539d86c79b3b6dcd6b1c802abf1e0feb803ba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Linq.Expressions.dll

Filesize
88KB

MD5
feb0345bc7a60f656d9ff2bf88411150

SHA1
b14d9d8532669c014e266dcd1405014d3de609e2

SHA256
67aa639eee4c830450282c0d407c3814bd30cf60aed76cef1fa159e3018bcd9d

SHA512
4e31e27fa309678951b3bfb8a41a480f208f117a009394a4946a55a129f95a4c58c66c861bf60a6b5967fc8fd9bba22ac940b4e452deca010f23c1fa00d7246d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Linq.Expressions.dll

Filesize
50KB

MD5
35caeb316430c0c23ea492a538f89b36

SHA1
7f08304c26f0bb28f4e2a5013578274ffa669ec9

SHA256
05bfd61b72fb01aeac5756e78b639e4bff09293e308e56e269da0cb89bd62d95

SHA512
4a74ed6c1d20ba52dfb2391e78502c9fefad2eb74ed0bf707607600c57fb57985bbcabf1b9082981f2350424ea2c8b33f9711d7803159a90781a48a152ace2ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Linq.dll

Filesize
72KB

MD5
d38a7302712d3b9f2944b97c17bd46fa

SHA1
562999522af534370582c333b7634c931a9ed3e7

SHA256
8752df977be8766c4ae4f57196e056d4387ccfd35c5c10652ab262802ee3af7f

SHA512
346057466dbb0305e0e82b4c10409f55fc0ac63c099e74906c65d92ecfc953bb4fc5fd2bf81fe41393fb0cfd322e03e2682ba5c765efe09f9f7c236fc1e14385

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Http.dll

Filesize
57KB

MD5
11546f862887708ca78216842daea667

SHA1
4fa08884471943ba4b2096e918b11f16d7d0b4db

SHA256
0e54cbc6f6ffeb10a41e2dea7b513f6a0e60ab6ef79d3215ff6f943ac61906a0

SHA512
b5c77b3483370d5cd76214aa18ed26e87be91e2dd0206257a6bde0727873832878bf72befa8f67388992ae2507e949f3e5bab37b05cc659060788d8e262d9d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Http.dll

Filesize
24KB

MD5
b344cb592b574121ed96ed4ce7ee40e5

SHA1
93bcabb293820a8cc8fd7e73431fd870dbfef47e

SHA256
7457aa26a5c93a8ddc4694146aef2b4bf9c2bdd02aa80540bd9d3f6839f7cb39

SHA512
65001436cbc3dd41d2a855e0f473a58fd4e1a37b3c9b233d2a20ec5cfea02c41f8391a37ba51202a5013ea755e659338bc6a735cece8d34a0d76ccc122be9e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Mail.dll

Filesize
131KB

MD5
c5a40b62e83a191e342637219a3290f4

SHA1
6c800bf3d8c482aeb1e6cb3af8cd70a8b3164d6c

SHA256
a45a0eab0ec2dd731cedc213d9992e5f701d34450ef028276ead3c61525fad5a

SHA512
0f7d6bb078c731c3fd1545b5c038e0ac821fa510ddb43339296f67d0a4f0a3b606d673983f8e996547b4cab5b17ed6221f9241915eceb0c3c33644c4414ec1c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Mail.dll

Filesize
145KB

MD5
3488e37131d92f6cb12061f96b53aef1

SHA1
1ff028e2e29dd77402419a94e381d6511b06db6b

SHA256
bf6604041b87ddeae77b651bc49acb1dd741029761e4ae5c3014caa58b7289dc

SHA512
8ab123bf4bdfe86b147dd21ac71e3d2d423770d94ae2d3f7f2e42959f9a7c657a4e82dfe8050aae88178066c7773bc58ce2f069f9c0b902915894e39b94aff55

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.NameResolution.dll

Filesize
31KB

MD5
ac628edcf7503d7a596069fdb0193ac2

SHA1
11ea9278b811f146539614487dc5dec66f51db8e

SHA256
9ea609edc3ab4d94b27372fd640b248be3f20f651efe2aa725eda36bb25c8b91

SHA512
0fe221df67c20ff8c263a36e0a07a03109af1132b424c8b19eae73159769bb2cab2fdaaf0ff7bfc32505652d8169ac46dbdfc95f0b357e9df4eea84d7bd25df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.NetworkInformation.dll

Filesize
33KB

MD5
83bfbb9275fdaf9966c85c347c013ff9

SHA1
48e3fc249a68075a2a8552c246f411e41eb6d465

SHA256
ba389134fadf58df36efc54ddd0da01d3fdcba5a8e94df5be539b853a144a9c0

SHA512
651fac41573359bf9106e550a2b826f0a6fcf4c9bc8c25af03e1eec1db0fcb497a974e9d00cde2a784fd0ae16a8b9d340d16b9cfe554a64a3669f20b046cbf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Primitives.dll

Filesize
67KB

MD5
468a3fc55e01642000acee0b075f378c

SHA1
5c7f5400e0c2dfd5948bef19b39b031db848f15b

SHA256
71a62e2ea3abf557ec5708623ad81fac83e51b49ddfa06e136c27a3364ae1534

SHA512
7871e3edfbd200a4b6d6a3d9825a6370ab40790916df0503f902b65cc674d983a23c41b57600b1f3096e37451ab09534fc866d994c93637af491545b09010646

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Quic.dll

Filesize
92KB

MD5
a566dc6f828e0260c0e0da4dad969d9d

SHA1
3ef6d2ab5b1e7add6006c12b4dfd63ec6fe0d629

SHA256
b615b34bfaaace61f6b82819e4ad421003b8638a5da28e5c14e39a10f59c51ac

SHA512
ef7d264dc50d63c9a2ab607c7db6099d450f5a9fc05c83b66ab09ce2e41b93063c66e5bb62fa4e5e609dcf6ef07d57c0cfcc7601f9a19f308ec9b9af21f2635b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Security.dll

Filesize
173KB

MD5
b127573cb12d4d553a6c561d55e32cea

SHA1
88e8b27d340ddd030ff8c7a0a42bbf4d8875ca77

SHA256
3ad71dbf4b25dd31e2c6b2247c3c907747e139a64609f1398abb33894d15ee4c

SHA512
10b38e5dd64325bff1ff1b5fe0324614c06bb1572911418aab777611a8b76f9c682c4284b436eaa308fba1e19d12ee9e5f4a57ccaa375479378b1b233c463284

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Sockets.dll

Filesize
109KB

MD5
f2a57ef8b46b963b7977c15ba4dbf897

SHA1
535555d555bd82902f7060daf36c9c7b47c1031e

SHA256
a1fd75325b1072381a94dbec91a7919f1acffe56839f20dbe0ebfc9f599450fd

SHA512
0fb3a2c49430596e7be65c503149741a05db2281a690a20808c617496fae1ef6fdb81a2dcbd317fdc9cdbd1a53d85b9e8817a3eab5ebfe8c5ac3d8e595415095

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.ObjectModel.dll

Filesize
29KB

MD5
f378685a9cd096dae1d1d3cb0073a8f1

SHA1
7dacaf279361bc81e24b87d2811135691cc675ac

SHA256
372ca80aa606cf3f77dbd7c2446f34f1e7296f23ed19d3ff1c5f760dcb0a9d1b

SHA512
4d6643a91a5e9e0b877f3e3cbc04eb6dc12d8d81b5e9309756625c227a27467dd6cc84a7f3fcfa36750416550ae0813217a09e0f8a40d4fd6a0cbc24939869d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Private.CoreLib.dll

Filesize
1.2MB

MD5
8fe1bd960bb326b8e30982252ca37041

SHA1
59e9c7249e22305f84283d9a0dfebecf67f39fd1

SHA256
28a8ac4792e94e18bf87d83f0f503a5dcc1187f390ba6d67405284006bb6c3c3

SHA512
cbf5a18eb6f128a34a73b7113f571aca9491c836d71fe6f89f9f43f77b59d81f11759c2fc5163c0a599ab46827121d42991c694626c86ec0521593ab7033d6bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Private.CoreLib.dll

Filesize
1.3MB

MD5
d9dae2061f67ea145fe764da52ee2259

SHA1
d254c6267cd46d278d9c2d8fad16b2cd03fddd6c

SHA256
87c20ad68df4ab940bf2ee2e6d7a92cd5bb89158d253690ca0ef4873e026670a

SHA512
d9dba0b4d4b4225dbbd30d412c7c1f0272f4b5f09337b62155c54219e1e0e9b00f56d75fe4913adfc97e31ff2a79aa46a5730715fd3d2143ce5e14081a8f6630

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Private.Uri.dll

Filesize
75KB

MD5
a76d091e4759af1ba34fd90b25d99dbb

SHA1
6badeb9fbd8e216905e392635790b25f4f1234a8

SHA256
17efa5a20ca97f7994701193efd7758aa827c147e94c96ed2cadba4fd1a24553

SHA512
dcae0db95cb8ac92c3786d907736bdb584167399c9656d23172c6ce87a4d0e873d3319be745cf177af7295c8fccac9c9a2a122aac96d30bed4a12b3c5e326584

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Private.Uri.dll

Filesize
56KB

MD5
caff4e1efb7f8abd586ebf0affe67bb0

SHA1
e4a0dc478a57afde091211cd3d36ae5fb5471a22

SHA256
d9af90e3a43806fe7e0ffd93ddf4cec4b8b86e654f11ee9c1086086685c91ff0

SHA512
bd19d89e4af8f5e0fb460dd6a7e3013d1533ffa49e757a6e4807ce69be978cdd33990a01a3a878c3ebc73f5c65d8d22802a09484430ec1309cdcefd8a18316a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Runtime.CompilerServices.Unsafe.dll

Filesize
5KB

MD5
c1e547308016f27679bcceda279e398d

SHA1
403a073ca5fb43e7dd868cf535735bb78b137c49

SHA256
f894ec740edade3bd17e90a3fbcdf918c1ef9c41234b42494ecea5ea4d84c048

SHA512
ed5f96201c4c5ea109d909331f84ab604fd36e7db285bb0b045cdf4852578452bb2c320bf78289bf6f5b14878be58550f98dd7e9cf5dff6bf6b79a8726cea51e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Runtime.InteropServices.RuntimeInformation.dll

Filesize
10KB

MD5
b0e7b51ea6e32b6e1954df99e7e55bf6

SHA1
fddd99335165cc7ecb2400d0ed70a3b261c94e82

SHA256
269b9f5239434cb56349bf141cb45753bb3ec7ee3c875db9b74f928247b4bcfc

SHA512
a78dbd0e0aef7d66b54c230ce221a00640d3485485b038f8003167be931e526d8b840a025243826ab79a0c80486348b9a583d55e7aacdc341d5773571765dd3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Runtime.InteropServices.dll

Filesize
7KB

MD5
1d481995e34773c17d7af590cbb915d3

SHA1
dc1c2d542ddc4849a9085c09f944beeabb45e2f1

SHA256
be4816d230e686cf961c22d62e00eb375047908201fda7e73411b00b7679ab08

SHA512
f28da768ad28af2050d039384cb0f84c629f7c2ccbf5f99607867f6b8eb7637c64be9d3856d9e2139f4814127d2b28cee9ec9959d04c5e9cf43a1ca4d7b21e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Claims.dll

Filesize
15KB

MD5
4fc3f15c149085f68ab0f138ba139985

SHA1
60db45338b4c347141b9aecf999bb1119853d5b5

SHA256
73fe08c2a568fef8962d1ba2faeb7165ac8182922b27dc9e9667bb468eb5877e

SHA512
e772d4ad752347ab6f619140fc74c651fb34f48c68589d3da3939ceee1e2b07ff830a3edf1c174e8059323ff68bcfd6ede446e7a2b104402c19b1f420fbb0c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Cryptography.Algorithms.dll

Filesize
98KB

MD5
3f5dfcfb1cec24cc466fe0c23cb83ed9

SHA1
92505430b0a6536cc221fb28d9febac62ac1e587

SHA256
0307a4241e4bbdea814e0b689d8e598b8ad544f98ea705a7da2549174d8d2bc8

SHA512
667037110881bb720326fa3d867ffd8e3a910bcdf1fd07c5898d00cb88edc7f6a752eab0d79b35dd645b942141529bc81d9c04420fad9cc93271740849355f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Cryptography.Primitives.dll

Filesize
36KB

MD5
aafefae8a72a879ddc76bdd193c8f06c

SHA1
2a177ead7a114e7adec3c2e878a60cb5dc79eb02

SHA256
9b969f88010c5556456b27ff86f306c05d51e4e20c7d1225c2d114cc15e40398

SHA512
c840e0bfaa72a4d7288fe4474e27d38e65b59a40c0d7194d46e2bf42f7bd5da73e477750467a1a52be21c0e6eee33f1372f34c4f936b2d33a2f6e88168b8059c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Cryptography.X509Certificates.dll

Filesize
91KB

MD5
0a585a3381227ee1b4c50cf374b3ff78

SHA1
1fd1ca1649aeabe62ec79cd202a88966b5bc871a

SHA256
7d970e059043cc5f05f78d3c44b12afad7a54496ddc2a3cd95320d1331d04f8b

SHA512
6afb85af6d5d74587b9e2c3fca2ef72c2b23d6a2a4773bf389b198c2988b5f90411d95f34c70c8ef0c6843940609a2e32754f07ef948e3807e744d4077484896

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Cryptography.X509Certificates.dll

Filesize
135KB

MD5
c015c6f22fc6ccc962b755308d82c166

SHA1
6cccc476383995a0dc0a5c131c3eeb7de471977e

SHA256
4e1604b4c7d7184be47989d2893b3499233a22b61ac2e0728e59ab1070e71663

SHA512
40ea4f97392985129c976af22487273f4ae3905c22a388d2ed70bbaf603c6925efd5312c41689504ac18f74bd88b0ec3b8e5c98bd00c565a2a414094db5c8e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Principal.Windows.dll

Filesize
50KB

MD5
1929e96aa80adc6c922f5c3d4c4d385c

SHA1
2de667cd0cbe3508e71ea069ba74b683d08ba76f

SHA256
fe9c9cac9ec6688843de8d91af66f6a2e63ee6f0863b26b2916e26c4b2e7a643

SHA512
5b74479850c4dd96c23327d985337fbcbe33fc64c86d014ba6fa088b7a55611a77848ef57fe68f1d905ee434eae8bf7489cfb5d67fdbca59bb1bf8b4c8d3d828

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\a89a1925eb9c5d6b83b56bb1fce9018c76bb718b5407fb6f32d259c8f23094dc\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Threading.dll

Filesize
17KB

MD5
09c570d3fd6c709ad55cf90e5691d007

SHA1
dd1ee219093f2e48797cc9f24ad6a50a07e838d5

SHA256
f922614d39c635d1d18eccc03c82ddb4b10a9988a3eb7c359191dae304e0ea0b

SHA512
2c684422ec97d7a37890897e9bd723501774935b276c65395d0011fa62df8cee0a82a222105dc2fe8f31ee103155e57d50b7f17356ea7bee143f48e78f1439d2

Download Submit
memory/968-154-0x00007FF70B450000-0x00007FF70BDC1000-memory.dmp

Filesize
9.4MB

Download
memory/968-341-0x00007FF70B450000-0x00007FF70BDC1000-memory.dmp

Filesize
9.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads