xmrig | ec822ee9d9bd56c9d3df9571949a29bae217431eb9ec4977460d04f366f1ab68

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bc97522db14d6c6a1006b34912511f2.exe
Size

1.3MB
MD5

0bc97522db14d6c6a1006b34912511f2
SHA1

0fd4f9586eebdd62bec9b3a41a52355b5fd040de
SHA256

ec822ee9d9bd56c9d3df9571949a29bae217431eb9ec4977460d04f366f1ab68
SHA512

9d12eae467ed7d0381904a04fce8f86ea6dd51fbe0c975618d6a013d532b56bc424e8448d707fb27c6d48d89fd472ebc7ce26f26fc326fd0a153432e13dc9002
SSDEEP

24576:RVIl/WDGCi7/qkat6Q5aILMCfmARvKYYwdy2VlmNCQS5eyb+3J57/:ROdWCCi7/raZ5aIwC+Ax4ErLJ61

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/3292-385-0x00007FF6984D0000-0x00007FF698821000-memory.dmp	xmrig
behavioral2/memory/4128-478-0x00007FF7A6830000-0x00007FF7A6B81000-memory.dmp	xmrig
behavioral2/memory/440-530-0x00007FF617490000-0x00007FF6177E1000-memory.dmp	xmrig
behavioral2/memory/3336-526-0x00007FF689A90000-0x00007FF689DE1000-memory.dmp	xmrig
behavioral2/memory/4968-533-0x00007FF629450000-0x00007FF6297A1000-memory.dmp	xmrig
behavioral2/memory/4620-534-0x00007FF6F2450000-0x00007FF6F27A1000-memory.dmp	xmrig
behavioral2/memory/2240-536-0x00007FF7199A0000-0x00007FF719CF1000-memory.dmp	xmrig

Executes dropped EXE 1 IoCs

pid	Process
1012	nEqFZlq.exe

UPX packed file 44 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2176-0-0x00007FF6D7960000-0x00007FF6D7CB1000-memory.dmp	upx
behavioral2/files/0x000d00000002315a-4.dat	upx
behavioral2/files/0x000600000002321b-21.dat	upx
behavioral2/memory/3292-385-0x00007FF6984D0000-0x00007FF698821000-memory.dmp	upx
behavioral2/memory/4128-478-0x00007FF7A6830000-0x00007FF7A6B81000-memory.dmp	upx
behavioral2/memory/440-530-0x00007FF617490000-0x00007FF6177E1000-memory.dmp	upx
behavioral2/memory/3336-526-0x00007FF689A90000-0x00007FF689DE1000-memory.dmp	upx
behavioral2/memory/4968-533-0x00007FF629450000-0x00007FF6297A1000-memory.dmp	upx
behavioral2/memory/4620-534-0x00007FF6F2450000-0x00007FF6F27A1000-memory.dmp	upx
behavioral2/memory/2240-536-0x00007FF7199A0000-0x00007FF719CF1000-memory.dmp	upx
behavioral2/memory/8656-1921-0x00007FF604FA0000-0x00007FF6052F1000-memory.dmp	upx
behavioral2/memory/10436-2025-0x00007FF7691D0000-0x00007FF769521000-memory.dmp	upx
behavioral2/memory/12220-2072-0x00007FF7334B0000-0x00007FF733801000-memory.dmp	upx
behavioral2/memory/11396-2144-0x00007FF614D90000-0x00007FF6150E1000-memory.dmp	upx
behavioral2/memory/2176-2142-0x00007FF6D7960000-0x00007FF6D7CB1000-memory.dmp	upx
behavioral2/memory/9800-2138-0x00007FF6B0990000-0x00007FF6B0CE1000-memory.dmp	upx
behavioral2/memory/6564-2137-0x00007FF7CA290000-0x00007FF7CA5E1000-memory.dmp	upx
behavioral2/memory/8584-2135-0x00007FF65A5B0000-0x00007FF65A901000-memory.dmp	upx
behavioral2/memory/10580-2134-0x00007FF789900000-0x00007FF789C51000-memory.dmp	upx
behavioral2/memory/8604-2132-0x00007FF7226B0000-0x00007FF722A01000-memory.dmp	upx
behavioral2/memory/10632-2131-0x00007FF652DE0000-0x00007FF653131000-memory.dmp	upx
behavioral2/memory/10492-2130-0x00007FF6C19A0000-0x00007FF6C1CF1000-memory.dmp	upx
behavioral2/memory/10228-2129-0x00007FF7EA9C0000-0x00007FF7EAD11000-memory.dmp	upx
behavioral2/memory/6700-2128-0x00007FF7DA890000-0x00007FF7DABE1000-memory.dmp	upx
behavioral2/memory/10252-2127-0x00007FF6F3200000-0x00007FF6F3551000-memory.dmp	upx
behavioral2/memory/1556-2125-0x00007FF7534D0000-0x00007FF753821000-memory.dmp	upx
behavioral2/memory/11720-2124-0x00007FF639C60000-0x00007FF639FB1000-memory.dmp	upx
behavioral2/memory/7652-2122-0x00007FF6A3470000-0x00007FF6A37C1000-memory.dmp	upx
behavioral2/memory/9612-2121-0x00007FF61B9F0000-0x00007FF61BD41000-memory.dmp	upx
behavioral2/memory/10176-2133-0x00007FF71F320000-0x00007FF71F671000-memory.dmp	upx
behavioral2/memory/12168-2126-0x00007FF673840000-0x00007FF673B91000-memory.dmp	upx
behavioral2/memory/10308-2113-0x00007FF697940000-0x00007FF697C91000-memory.dmp	upx
behavioral2/memory/5780-2091-0x00007FF7FDEE0000-0x00007FF7FE231000-memory.dmp	upx
behavioral2/memory/10212-2078-0x00007FF7A8550000-0x00007FF7A88A1000-memory.dmp	upx
behavioral2/memory/12024-2040-0x00007FF645DF0000-0x00007FF646141000-memory.dmp	upx
behavioral2/memory/11808-1987-0x00007FF6C6320000-0x00007FF6C6671000-memory.dmp	upx
behavioral2/memory/11652-1985-0x00007FF6269F0000-0x00007FF626D41000-memory.dmp	upx
behavioral2/memory/7988-1984-0x00007FF7F6320000-0x00007FF7F6671000-memory.dmp	upx
behavioral2/memory/8968-1963-0x00007FF763510000-0x00007FF763861000-memory.dmp	upx
behavioral2/memory/7572-1929-0x00007FF63F080000-0x00007FF63F3D1000-memory.dmp	upx
behavioral2/memory/10508-1927-0x00007FF69D3B0000-0x00007FF69D701000-memory.dmp	upx
behavioral2/memory/9420-1912-0x00007FF68B530000-0x00007FF68B881000-memory.dmp	upx
behavioral2/memory/7048-1960-0x00007FF6FE410000-0x00007FF6FE761000-memory.dmp	upx
behavioral2/memory/11188-1959-0x00007FF7057C0000-0x00007FF705B11000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System\nEqFZlq.exe	0bc97522db14d6c6a1006b34912511f2.exe
File created	C:\Windows\System\NbaUvIx.exe	0bc97522db14d6c6a1006b34912511f2.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1012	2176	0bc97522db14d6c6a1006b34912511f2.exe	88
PID 2176 wrote to memory of 1012	2176	0bc97522db14d6c6a1006b34912511f2.exe	88

C:\Users\Admin\AppData\Local\Temp\0bc97522db14d6c6a1006b34912511f2.exe
"C:\Users\Admin\AppData\Local\Temp\0bc97522db14d6c6a1006b34912511f2.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\System\nEqFZlq.exe
  C:\Windows\System\nEqFZlq.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\WcgrxAl.exe
  C:\Windows\System\WcgrxAl.exe
  2⤵
  PID:64
- C:\Windows\System\NbaUvIx.exe
  C:\Windows\System\NbaUvIx.exe
  2⤵
  PID:3804
- C:\Windows\System\irgixnG.exe
  C:\Windows\System\irgixnG.exe
  2⤵
  PID:3536
- C:\Windows\System\gmqkVcd.exe
  C:\Windows\System\gmqkVcd.exe
  2⤵
  PID:4128
- C:\Windows\System\JwVfJDp.exe
  C:\Windows\System\JwVfJDp.exe
  2⤵
  PID:3412
- C:\Windows\System\yiPJpvx.exe
  C:\Windows\System\yiPJpvx.exe
  2⤵
  PID:3508
- C:\Windows\System\kYDiZEN.exe
  C:\Windows\System\kYDiZEN.exe
  2⤵
  PID:5408
- C:\Windows\System\dUiBdoy.exe
  C:\Windows\System\dUiBdoy.exe
  2⤵
  PID:5392
- C:\Windows\System\PkFnGqt.exe
  C:\Windows\System\PkFnGqt.exe
  2⤵
  PID:4196
- C:\Windows\System\HcCrZnh.exe
  C:\Windows\System\HcCrZnh.exe
  2⤵
  PID:6184
- C:\Windows\System\rZujcAl.exe
  C:\Windows\System\rZujcAl.exe
  2⤵
  PID:6688
- C:\Windows\System\mmuiodu.exe
  C:\Windows\System\mmuiodu.exe
  2⤵
  PID:7124
- C:\Windows\System\yvKaVwo.exe
  C:\Windows\System\yvKaVwo.exe
  2⤵
  PID:7524
- C:\Windows\System\qWQEkXc.exe
  C:\Windows\System\qWQEkXc.exe
  2⤵
  PID:8076
- C:\Windows\System\AZPWXwH.exe
  C:\Windows\System\AZPWXwH.exe
  2⤵
  PID:8784
- C:\Windows\System\bkkJMbc.exe
  C:\Windows\System\bkkJMbc.exe
  2⤵
  PID:8968
- C:\Windows\System\kLHNSiJ.exe
  C:\Windows\System\kLHNSiJ.exe
  2⤵
  PID:11420
- C:\Windows\System\gquivtr.exe
  C:\Windows\System\gquivtr.exe
  2⤵
  PID:13820
- C:\Windows\System\ijyPGYg.exe
  C:\Windows\System\ijyPGYg.exe
  2⤵
  PID:14804
- C:\Windows\System\nDisMKF.exe
  C:\Windows\System\nDisMKF.exe
  2⤵
  PID:14784
- C:\Windows\System\NFVXEvL.exe
  C:\Windows\System\NFVXEvL.exe
  2⤵
  PID:14764
- C:\Windows\System\hmvptfI.exe
  C:\Windows\System\hmvptfI.exe
  2⤵
  PID:14748
- C:\Windows\System\wDgdAMc.exe
  C:\Windows\System\wDgdAMc.exe
  2⤵
  PID:14732
- C:\Windows\System\LVYnXPt.exe
  C:\Windows\System\LVYnXPt.exe
  2⤵
  PID:14708
- C:\Windows\System\xCDobap.exe
  C:\Windows\System\xCDobap.exe
  2⤵
  PID:14688
- C:\Windows\System\MKbfIXP.exe
  C:\Windows\System\MKbfIXP.exe
  2⤵
  PID:14672
- C:\Windows\System\KgZFiVA.exe
  C:\Windows\System\KgZFiVA.exe
  2⤵
  PID:14656
- C:\Windows\System\JHQdJok.exe
  C:\Windows\System\JHQdJok.exe
  2⤵
  PID:14636
- C:\Windows\System\yHMUzGE.exe
  C:\Windows\System\yHMUzGE.exe
  2⤵
  PID:14616
- C:\Windows\System\zFIwkFx.exe
  C:\Windows\System\zFIwkFx.exe
  2⤵
  PID:14600
- C:\Windows\System\uJMWUjj.exe
  C:\Windows\System\uJMWUjj.exe
  2⤵
  PID:14580
- C:\Windows\System\OIOMqTP.exe
  C:\Windows\System\OIOMqTP.exe
  2⤵
  PID:14560
- C:\Windows\System\wvERpjn.exe
  C:\Windows\System\wvERpjn.exe
  2⤵
  PID:14536
- C:\Windows\System\FqYVeGR.exe
  C:\Windows\System\FqYVeGR.exe
  2⤵
  PID:14520
- C:\Windows\System\crwLWqD.exe
  C:\Windows\System\crwLWqD.exe
  2⤵
  PID:14504
- C:\Windows\System\PBsyTSn.exe
  C:\Windows\System\PBsyTSn.exe
  2⤵
  PID:14488
- C:\Windows\System\gowgCrn.exe
  C:\Windows\System\gowgCrn.exe
  2⤵
  PID:14472
- C:\Windows\System\NVIiCnB.exe
  C:\Windows\System\NVIiCnB.exe
  2⤵
  PID:14452
- C:\Windows\System\iuTFsIN.exe
  C:\Windows\System\iuTFsIN.exe
  2⤵
  PID:14436
- C:\Windows\System\vHFcveJ.exe
  C:\Windows\System\vHFcveJ.exe
  2⤵
  PID:14416
- C:\Windows\System\dnnRELz.exe
  C:\Windows\System\dnnRELz.exe
  2⤵
  PID:14396
- C:\Windows\System\nuwcRFW.exe
  C:\Windows\System\nuwcRFW.exe
  2⤵
  PID:14376
- C:\Windows\System\ChTvXAE.exe
  C:\Windows\System\ChTvXAE.exe
  2⤵
  PID:14360
- C:\Windows\System\RHrjwHq.exe
  C:\Windows\System\RHrjwHq.exe
  2⤵
  PID:14344
- C:\Windows\System\aaKXNuV.exe
  C:\Windows\System\aaKXNuV.exe
  2⤵
  PID:12176
- C:\Windows\System\SKbdaSy.exe
  C:\Windows\System\SKbdaSy.exe
  2⤵
  PID:7872
- C:\Windows\System\RILiSNN.exe
  C:\Windows\System\RILiSNN.exe
  2⤵
  PID:7772
- C:\Windows\System\PtLluYk.exe
  C:\Windows\System\PtLluYk.exe
  2⤵
  PID:12092
- C:\Windows\System\yizLzcU.exe
  C:\Windows\System\yizLzcU.exe
  2⤵
  PID:7564
- C:\Windows\System\JYLervk.exe
  C:\Windows\System\JYLervk.exe
  2⤵
  PID:12000
- C:\Windows\System\sTgKnRs.exe
  C:\Windows\System\sTgKnRs.exe
  2⤵
  PID:8008
- C:\Windows\System\cleHJpd.exe
  C:\Windows\System\cleHJpd.exe
  2⤵
  PID:11916
- C:\Windows\System\mDzlRxc.exe
  C:\Windows\System\mDzlRxc.exe
  2⤵
  PID:11876
- C:\Windows\System\gNXMxRh.exe
  C:\Windows\System\gNXMxRh.exe
  2⤵
  PID:7836
- C:\Windows\System\hZJMLsK.exe
  C:\Windows\System\hZJMLsK.exe
  2⤵
  PID:7656
- C:\Windows\System\ipSkdXG.exe
  C:\Windows\System\ipSkdXG.exe
  2⤵
  PID:11768
- C:\Windows\System\wSytjpt.exe
  C:\Windows\System\wSytjpt.exe
  2⤵
  PID:6180
- C:\Windows\System\nVyLjbl.exe
  C:\Windows\System\nVyLjbl.exe
  2⤵
  PID:7112
- C:\Windows\System\jExkwhn.exe
  C:\Windows\System\jExkwhn.exe
  2⤵
  PID:11596
- C:\Windows\System\JDuLFxI.exe
  C:\Windows\System\JDuLFxI.exe
  2⤵
  PID:6384
- C:\Windows\System\CuAUuvs.exe
  C:\Windows\System\CuAUuvs.exe
  2⤵
  PID:8952
- C:\Windows\System\APwRrwJ.exe
  C:\Windows\System\APwRrwJ.exe
  2⤵
  PID:8940
- C:\Windows\System\DCNLKiU.exe
  C:\Windows\System\DCNLKiU.exe
  2⤵
  PID:8920
- C:\Windows\System\HgqxYlc.exe
  C:\Windows\System\HgqxYlc.exe
  2⤵
  PID:8904
- C:\Windows\System\TsaNOmC.exe
  C:\Windows\System\TsaNOmC.exe
  2⤵
  PID:11444
- C:\Windows\System\oKriwfX.exe
  C:\Windows\System\oKriwfX.exe
  2⤵
  PID:11356
- C:\Windows\System\IkeVHSP.exe
  C:\Windows\System\IkeVHSP.exe
  2⤵
  PID:11320
- C:\Windows\System\tserOJw.exe
  C:\Windows\System\tserOJw.exe
  2⤵
  PID:7180
- C:\Windows\System\cwXfaVS.exe
  C:\Windows\System\cwXfaVS.exe
  2⤵
  PID:8180
- C:\Windows\System\TpqwbIA.exe
  C:\Windows\System\TpqwbIA.exe
  2⤵
  PID:14324
- C:\Windows\System\yjwhgiF.exe
  C:\Windows\System\yjwhgiF.exe
  2⤵
  PID:14308
- C:\Windows\System\XakGmKE.exe
  C:\Windows\System\XakGmKE.exe
  2⤵
  PID:14292
- C:\Windows\System\MBnweUu.exe
  C:\Windows\System\MBnweUu.exe
  2⤵
  PID:14276
- C:\Windows\System\CShmnxe.exe
  C:\Windows\System\CShmnxe.exe
  2⤵
  PID:14256
- C:\Windows\System\doXMtNJ.exe
  C:\Windows\System\doXMtNJ.exe
  2⤵
  PID:14240
- C:\Windows\System\nKVeajH.exe
  C:\Windows\System\nKVeajH.exe
  2⤵
  PID:14224
- C:\Windows\System\sjWuqDW.exe
  C:\Windows\System\sjWuqDW.exe
  2⤵
  PID:14208
- C:\Windows\System\RqBEuCE.exe
  C:\Windows\System\RqBEuCE.exe
  2⤵
  PID:14188
- C:\Windows\System\nhbFAgB.exe
  C:\Windows\System\nhbFAgB.exe
  2⤵
  PID:14172
- C:\Windows\System\preLhIS.exe
  C:\Windows\System\preLhIS.exe
  2⤵
  PID:14156
- C:\Windows\System\teFhgdH.exe
  C:\Windows\System\teFhgdH.exe
  2⤵
  PID:14136
- C:\Windows\System\JFUFybq.exe
  C:\Windows\System\JFUFybq.exe
  2⤵
  PID:14120
- C:\Windows\System\hTDRhSL.exe
  C:\Windows\System\hTDRhSL.exe
  2⤵
  PID:14100
- C:\Windows\System\JuIruoz.exe
  C:\Windows\System\JuIruoz.exe
  2⤵
  PID:14084
- C:\Windows\System\VCNBOOI.exe
  C:\Windows\System\VCNBOOI.exe
  2⤵
  PID:14068
- C:\Windows\System\bBlJfkC.exe
  C:\Windows\System\bBlJfkC.exe
  2⤵
  PID:14052
- C:\Windows\System\Okmmeiw.exe
  C:\Windows\System\Okmmeiw.exe
  2⤵
  PID:14036
- C:\Windows\System\gzYwHcE.exe
  C:\Windows\System\gzYwHcE.exe
  2⤵
  PID:14020
- C:\Windows\System\krvxWaO.exe
  C:\Windows\System\krvxWaO.exe
  2⤵
  PID:13996
- C:\Windows\System\YSianVV.exe
  C:\Windows\System\YSianVV.exe
  2⤵
  PID:13980
- C:\Windows\System\MkWofFE.exe
  C:\Windows\System\MkWofFE.exe
  2⤵
  PID:13964
- C:\Windows\System\fnRvOMr.exe
  C:\Windows\System\fnRvOMr.exe
  2⤵
  PID:13948
- C:\Windows\System\HtLdFzu.exe
  C:\Windows\System\HtLdFzu.exe
  2⤵
  PID:13932
- C:\Windows\System\sIukAkI.exe
  C:\Windows\System\sIukAkI.exe
  2⤵
  PID:13916
- C:\Windows\System\PEkLhEw.exe
  C:\Windows\System\PEkLhEw.exe
  2⤵
  PID:13900
- C:\Windows\System\lqiWMHk.exe
  C:\Windows\System\lqiWMHk.exe
  2⤵
  PID:13880
- C:\Windows\System\KhHsdKV.exe
  C:\Windows\System\KhHsdKV.exe
  2⤵
  PID:13856
- C:\Windows\System\gnHPjtO.exe
  C:\Windows\System\gnHPjtO.exe
  2⤵
  PID:13796
- C:\Windows\System\DZWviaA.exe
  C:\Windows\System\DZWviaA.exe
  2⤵
  PID:13780
- C:\Windows\System\xSQPMCS.exe
  C:\Windows\System\xSQPMCS.exe
  2⤵
  PID:13760
- C:\Windows\System\OAvOlMm.exe
  C:\Windows\System\OAvOlMm.exe
  2⤵
  PID:13736
- C:\Windows\System\zJHRAAi.exe
  C:\Windows\System\zJHRAAi.exe
  2⤵
  PID:13720
- C:\Windows\System\iwtNfnz.exe
  C:\Windows\System\iwtNfnz.exe
  2⤵
  PID:13700
- C:\Windows\System\McAMJsx.exe
  C:\Windows\System\McAMJsx.exe
  2⤵
  PID:13684
- C:\Windows\System\hGDYvwT.exe
  C:\Windows\System\hGDYvwT.exe
  2⤵
  PID:13656
- C:\Windows\System\aCwNvWd.exe
  C:\Windows\System\aCwNvWd.exe
  2⤵
  PID:13632
- C:\Windows\System\iZFBDSV.exe
  C:\Windows\System\iZFBDSV.exe
  2⤵
  PID:13612
- C:\Windows\System\evElmvQ.exe
  C:\Windows\System\evElmvQ.exe
  2⤵
  PID:13596
- C:\Windows\System\YMtVeAD.exe
  C:\Windows\System\YMtVeAD.exe
  2⤵
  PID:13576
- C:\Windows\System\GeqMpmi.exe
  C:\Windows\System\GeqMpmi.exe
  2⤵
  PID:13556
- C:\Windows\System\GPYjeQB.exe
  C:\Windows\System\GPYjeQB.exe
  2⤵
  PID:13540
- C:\Windows\System\OsbfAoi.exe
  C:\Windows\System\OsbfAoi.exe
  2⤵
  PID:13520
- C:\Windows\System\hzvPiOv.exe
  C:\Windows\System\hzvPiOv.exe
  2⤵
  PID:13504
- C:\Windows\System\FakyovG.exe
  C:\Windows\System\FakyovG.exe
  2⤵
  PID:13488
- C:\Windows\System\IEHEjwz.exe
  C:\Windows\System\IEHEjwz.exe
  2⤵
  PID:13468
- C:\Windows\System\HnMMdff.exe
  C:\Windows\System\HnMMdff.exe
  2⤵
  PID:13444
- C:\Windows\System\qBlnHMX.exe
  C:\Windows\System\qBlnHMX.exe
  2⤵
  PID:13428
- C:\Windows\System\ooYaShJ.exe
  C:\Windows\System\ooYaShJ.exe
  2⤵
  PID:13408
- C:\Windows\System\wrMHkUM.exe
  C:\Windows\System\wrMHkUM.exe
  2⤵
  PID:13384
- C:\Windows\System\ZyTgcRW.exe
  C:\Windows\System\ZyTgcRW.exe
  2⤵
  PID:13364
- C:\Windows\System\UvDfjQl.exe
  C:\Windows\System\UvDfjQl.exe
  2⤵
  PID:13348

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:13916

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:8956

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:11648

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:14228

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:3668

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:3636

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:10904

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:9424

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2912

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:4556

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:12172

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:11808

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:10512

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:4340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:4884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\nEqFZlq.exe

Filesize
128KB

MD5
79ed7369315fb2aa363e2b15500a571f

SHA1
929f102ae43f9ba5e3f24d1d0a817f97bc0e1513

SHA256
75ead97724680ee34ae99ce5d361574b2d0435406b7b6e8c3aee4ca389e3e388

SHA512
c64406c2a3dc466b1e12f28fb832da78da75d257c21ff524279fca8f41148f0ea5327d9009bc76009cd210bc1e900d18cdb3f92608ca3f3e31ea467eef0a92a8

Download Submit
C:\Windows\System\qvxYbqn.exe

Filesize
85KB

MD5
5a7f65f4c709d6f1da8e0aa0aea84a13

SHA1
59dd21770c8a402b907a82b84d79986db47c32e7

SHA256
37256845319bb57b42fada8d8816eaf3a0c3ed31547f888fca2b078ae7fa4b74

SHA512
59e1e8d965ddd6ffa755799842043aa8ef121014836d3d1a0b293b05e94a9b60d9bb2b2038be1b6a7cbddfea245859e52c48fb3256f5aab5c279ce03dc60a076

Download Submit
memory/440-530-0x00007FF617490000-0x00007FF6177E1000-memory.dmp

Filesize
3.3MB

Download
memory/1556-2125-0x00007FF7534D0000-0x00007FF753821000-memory.dmp

Filesize
3.3MB

Download
memory/2176-1-0x000001EB92590000-0x000001EB925A0000-memory.dmp

Filesize
64KB

Download
memory/2176-2142-0x00007FF6D7960000-0x00007FF6D7CB1000-memory.dmp

Filesize
3.3MB

Download
memory/2176-0-0x00007FF6D7960000-0x00007FF6D7CB1000-memory.dmp

Filesize
3.3MB

Download
memory/2240-536-0x00007FF7199A0000-0x00007FF719CF1000-memory.dmp

Filesize
3.3MB

Download
memory/3292-385-0x00007FF6984D0000-0x00007FF698821000-memory.dmp

Filesize
3.3MB

Download
memory/3336-526-0x00007FF689A90000-0x00007FF689DE1000-memory.dmp

Filesize
3.3MB

Download
memory/4128-478-0x00007FF7A6830000-0x00007FF7A6B81000-memory.dmp

Filesize
3.3MB

Download
memory/4620-534-0x00007FF6F2450000-0x00007FF6F27A1000-memory.dmp

Filesize
3.3MB

Download
memory/4968-533-0x00007FF629450000-0x00007FF6297A1000-memory.dmp

Filesize
3.3MB

Download
memory/5780-2091-0x00007FF7FDEE0000-0x00007FF7FE231000-memory.dmp

Filesize
3.3MB

Download
memory/6440-2177-0x00007FF624DF0000-0x00007FF625141000-memory.dmp

Filesize
3.3MB

Download
memory/6564-2137-0x00007FF7CA290000-0x00007FF7CA5E1000-memory.dmp

Filesize
3.3MB

Download
memory/6700-2128-0x00007FF7DA890000-0x00007FF7DABE1000-memory.dmp

Filesize
3.3MB

Download
memory/7048-1960-0x00007FF6FE410000-0x00007FF6FE761000-memory.dmp

Filesize
3.3MB

Download
memory/7572-1929-0x00007FF63F080000-0x00007FF63F3D1000-memory.dmp

Filesize
3.3MB

Download
memory/7652-2122-0x00007FF6A3470000-0x00007FF6A37C1000-memory.dmp

Filesize
3.3MB

Download
memory/7988-1984-0x00007FF7F6320000-0x00007FF7F6671000-memory.dmp

Filesize
3.3MB

Download
memory/8584-2135-0x00007FF65A5B0000-0x00007FF65A901000-memory.dmp

Filesize
3.3MB

Download
memory/8604-2132-0x00007FF7226B0000-0x00007FF722A01000-memory.dmp

Filesize
3.3MB

Download
memory/8656-1921-0x00007FF604FA0000-0x00007FF6052F1000-memory.dmp

Filesize
3.3MB

Download
memory/8968-1963-0x00007FF763510000-0x00007FF763861000-memory.dmp

Filesize
3.3MB

Download
memory/9420-1912-0x00007FF68B530000-0x00007FF68B881000-memory.dmp

Filesize
3.3MB

Download
memory/9612-2121-0x00007FF61B9F0000-0x00007FF61BD41000-memory.dmp

Filesize
3.3MB

Download
memory/9800-2138-0x00007FF6B0990000-0x00007FF6B0CE1000-memory.dmp

Filesize
3.3MB

Download
memory/10176-2133-0x00007FF71F320000-0x00007FF71F671000-memory.dmp

Filesize
3.3MB

Download
memory/10212-2078-0x00007FF7A8550000-0x00007FF7A88A1000-memory.dmp

Filesize
3.3MB

Download
memory/10228-2129-0x00007FF7EA9C0000-0x00007FF7EAD11000-memory.dmp

Filesize
3.3MB

Download
memory/10252-2127-0x00007FF6F3200000-0x00007FF6F3551000-memory.dmp

Filesize
3.3MB

Download
memory/10308-2113-0x00007FF697940000-0x00007FF697C91000-memory.dmp

Filesize
3.3MB

Download
memory/10436-2025-0x00007FF7691D0000-0x00007FF769521000-memory.dmp

Filesize
3.3MB

Download
memory/10492-2130-0x00007FF6C19A0000-0x00007FF6C1CF1000-memory.dmp

Filesize
3.3MB

Download
memory/10508-1927-0x00007FF69D3B0000-0x00007FF69D701000-memory.dmp

Filesize
3.3MB

Download
memory/10580-2134-0x00007FF789900000-0x00007FF789C51000-memory.dmp

Filesize
3.3MB

Download
memory/10632-2131-0x00007FF652DE0000-0x00007FF653131000-memory.dmp

Filesize
3.3MB

Download
memory/10668-2173-0x00007FF7E8200000-0x00007FF7E8551000-memory.dmp

Filesize
3.3MB

Download
memory/11188-1959-0x00007FF7057C0000-0x00007FF705B11000-memory.dmp

Filesize
3.3MB

Download
memory/11380-2170-0x00007FF750000000-0x00007FF750351000-memory.dmp

Filesize
3.3MB

Download
memory/11396-2144-0x00007FF614D90000-0x00007FF6150E1000-memory.dmp

Filesize
3.3MB

Download
memory/11652-1985-0x00007FF6269F0000-0x00007FF626D41000-memory.dmp

Filesize
3.3MB

Download
memory/11720-2124-0x00007FF639C60000-0x00007FF639FB1000-memory.dmp

Filesize
3.3MB

Download
memory/11752-2162-0x00007FF6C1DD0000-0x00007FF6C2121000-memory.dmp

Filesize
3.3MB

Download
memory/11808-1987-0x00007FF6C6320000-0x00007FF6C6671000-memory.dmp

Filesize
3.3MB

Download
memory/12024-2040-0x00007FF645DF0000-0x00007FF646141000-memory.dmp

Filesize
3.3MB

Download
memory/12168-2126-0x00007FF673840000-0x00007FF673B91000-memory.dmp

Filesize
3.3MB

Download
memory/12220-2072-0x00007FF7334B0000-0x00007FF733801000-memory.dmp

Filesize
3.3MB

Download