Analysis Overview
SHA256
cad51106a6d51059a9eecae11ce894b2f91840d37d2ba6c2538b712ba46602f1
Threat Level: Known bad
The file 1a3db4962782410edf7c8470046c9616 was found to be: Known bad.
Malicious Activity Summary
Dridex
Dridex Shellcode
Checks whether UAC is enabled
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-30 13:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-30 13:37
Reported
2024-01-01 00:15
Platform
win7-20231215-en
Max time kernel
0s
Max time network
16s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a3db4962782410edf7c8470046c9616.dll,#1
C:\Windows\system32\WFS.exe
C:\Windows\system32\WFS.exe
C:\Users\Admin\AppData\Local\CQQbX\WFS.exe
C:\Users\Admin\AppData\Local\CQQbX\WFS.exe
C:\Windows\system32\rdrleakdiag.exe
C:\Windows\system32\rdrleakdiag.exe
C:\Users\Admin\AppData\Local\WVDcMC\rdrleakdiag.exe
C:\Users\Admin\AppData\Local\WVDcMC\rdrleakdiag.exe
C:\Windows\system32\dpapimig.exe
C:\Windows\system32\dpapimig.exe
C:\Users\Admin\AppData\Local\kVuH3\dpapimig.exe
C:\Users\Admin\AppData\Local\kVuH3\dpapimig.exe
C:\Users\Admin\AppData\Local\6ZI\StikyNot.exe
C:\Users\Admin\AppData\Local\6ZI\StikyNot.exe
C:\Windows\system32\StikyNot.exe
C:\Windows\system32\StikyNot.exe
C:\Users\Admin\AppData\Local\TTm\TpmInit.exe
C:\Users\Admin\AppData\Local\TTm\TpmInit.exe
C:\Windows\system32\TpmInit.exe
C:\Windows\system32\TpmInit.exe
C:\Users\Admin\AppData\Local\ldhsSeUUl\spinstall.exe
C:\Users\Admin\AppData\Local\ldhsSeUUl\spinstall.exe
C:\Windows\system32\spinstall.exe
C:\Windows\system32\spinstall.exe
C:\Users\Admin\AppData\Local\ZsSdo176\dccw.exe
C:\Users\Admin\AppData\Local\ZsSdo176\dccw.exe
C:\Windows\system32\dccw.exe
C:\Windows\system32\dccw.exe
C:\Users\Admin\AppData\Local\D7mhSfNR\MpSigStub.exe
C:\Users\Admin\AppData\Local\D7mhSfNR\MpSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Users\Admin\AppData\Local\axVGlKOn\tabcal.exe
C:\Users\Admin\AppData\Local\axVGlKOn\tabcal.exe
C:\Windows\system32\tabcal.exe
C:\Windows\system32\tabcal.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\sdclt.exe
C:\Users\Admin\AppData\Local\XQBICm\sdclt.exe
C:\Users\Admin\AppData\Local\XQBICm\sdclt.exe
C:\Users\Admin\AppData\Local\Z0doE\sdclt.exe
C:\Users\Admin\AppData\Local\Z0doE\sdclt.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\sdclt.exe
C:\Users\Admin\AppData\Local\sdT6mv\vmicsvc.exe
C:\Users\Admin\AppData\Local\sdT6mv\vmicsvc.exe
C:\Windows\system32\vmicsvc.exe
C:\Windows\system32\vmicsvc.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\consent.exe
C:\Users\Admin\AppData\Local\3e5rl5ha4\consent.exe
C:\Users\Admin\AppData\Local\3e5rl5ha4\consent.exe
C:\Windows\system32\msinfo32.exe
C:\Windows\system32\msinfo32.exe
C:\Users\Admin\AppData\Local\BkzIyw14\msinfo32.exe
C:\Users\Admin\AppData\Local\BkzIyw14\msinfo32.exe
C:\Users\Admin\AppData\Local\8tc3I6b\DeviceDisplayObjectProvider.exe
C:\Users\Admin\AppData\Local\8tc3I6b\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Users\Admin\AppData\Local\RFcOHFiJ\osk.exe
C:\Users\Admin\AppData\Local\RFcOHFiJ\osk.exe
C:\Windows\system32\osk.exe
C:\Windows\system32\osk.exe
C:\Users\Admin\AppData\Local\xd9ldtuKp\SystemPropertiesComputerName.exe
C:\Users\Admin\AppData\Local\xd9ldtuKp\SystemPropertiesComputerName.exe
C:\Windows\system32\SystemPropertiesComputerName.exe
C:\Windows\system32\SystemPropertiesComputerName.exe
C:\Users\Admin\AppData\Local\gs63I\notepad.exe
C:\Users\Admin\AppData\Local\gs63I\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Users\Admin\AppData\Local\cFs27A\DisplaySwitch.exe
C:\Users\Admin\AppData\Local\cFs27A\DisplaySwitch.exe
C:\Windows\system32\DisplaySwitch.exe
C:\Windows\system32\DisplaySwitch.exe
C:\Users\Admin\AppData\Local\NxRB\rdrleakdiag.exe
C:\Users\Admin\AppData\Local\NxRB\rdrleakdiag.exe
C:\Users\Admin\AppData\Local\Hpm\SystemPropertiesPerformance.exe
C:\Users\Admin\AppData\Local\Hpm\SystemPropertiesPerformance.exe
C:\Windows\system32\SystemPropertiesPerformance.exe
C:\Windows\system32\SystemPropertiesPerformance.exe
C:\Windows\system32\rdrleakdiag.exe
C:\Windows\system32\rdrleakdiag.exe
C:\Users\Admin\AppData\Local\0XfZKS\SnippingTool.exe
C:\Users\Admin\AppData\Local\0XfZKS\SnippingTool.exe
C:\Windows\system32\SnippingTool.exe
C:\Windows\system32\SnippingTool.exe
C:\Users\Admin\AppData\Local\DSHMnQwgj\MpSigStub.exe
C:\Users\Admin\AppData\Local\DSHMnQwgj\MpSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Admin\AppData\Local\SEKQ\taskmgr.exe
C:\Users\Admin\AppData\Local\SEKQ\taskmgr.exe
C:\Windows\system32\WFS.exe
C:\Windows\system32\WFS.exe
C:\Users\Admin\AppData\Local\EVY6edE\WFS.exe
C:\Users\Admin\AppData\Local\EVY6edE\WFS.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Admin\AppData\Local\T2LMzM\taskmgr.exe
C:\Users\Admin\AppData\Local\T2LMzM\taskmgr.exe
C:\Users\Admin\AppData\Local\Ajoq\tabcal.exe
C:\Users\Admin\AppData\Local\Ajoq\tabcal.exe
C:\Windows\system32\tabcal.exe
C:\Windows\system32\tabcal.exe
C:\Windows\system32\spinstall.exe
C:\Windows\system32\spinstall.exe
C:\Users\Admin\AppData\Local\GQCMT\spinstall.exe
C:\Users\Admin\AppData\Local\GQCMT\spinstall.exe
C:\Users\Admin\AppData\Local\dyh2rB\TpmInit.exe
C:\Users\Admin\AppData\Local\dyh2rB\TpmInit.exe
C:\Windows\system32\TpmInit.exe
C:\Windows\system32\TpmInit.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\mspaint.exe
C:\Users\Admin\AppData\Local\5gv\mspaint.exe
C:\Users\Admin\AppData\Local\5gv\mspaint.exe
C:\Users\Admin\AppData\Local\om5NZ\notepad.exe
C:\Users\Admin\AppData\Local\om5NZ\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\msdtc.exe
C:\Windows\system32\msdtc.exe
C:\Users\Admin\AppData\Local\8sRwvCTJ\msdtc.exe
C:\Users\Admin\AppData\Local\8sRwvCTJ\msdtc.exe
C:\Users\Admin\AppData\Local\azQt7kt\iexpress.exe
C:\Users\Admin\AppData\Local\azQt7kt\iexpress.exe
C:\Windows\system32\iexpress.exe
C:\Windows\system32\iexpress.exe
C:\Windows\system32\msconfig.exe
C:\Windows\system32\msconfig.exe
C:\Users\Admin\AppData\Local\hXdqwD1\msconfig.exe
C:\Users\Admin\AppData\Local\hXdqwD1\msconfig.exe
C:\Users\Admin\AppData\Local\gnGHDXP\SystemPropertiesAdvanced.exe
C:\Users\Admin\AppData\Local\gnGHDXP\SystemPropertiesAdvanced.exe
C:\Windows\system32\SystemPropertiesAdvanced.exe
C:\Windows\system32\SystemPropertiesAdvanced.exe
C:\Users\Admin\AppData\Local\bdHlcVOT\SystemPropertiesAdvanced.exe
C:\Users\Admin\AppData\Local\bdHlcVOT\SystemPropertiesAdvanced.exe
C:\Windows\system32\SystemPropertiesAdvanced.exe
C:\Windows\system32\SystemPropertiesAdvanced.exe
C:\Users\Admin\AppData\Local\XZIfvLSN\SystemPropertiesProtection.exe
C:\Users\Admin\AppData\Local\XZIfvLSN\SystemPropertiesProtection.exe
C:\Windows\system32\SystemPropertiesProtection.exe
C:\Windows\system32\SystemPropertiesProtection.exe
C:\Users\Admin\AppData\Local\r5i1B\SystemPropertiesProtection.exe
C:\Users\Admin\AppData\Local\r5i1B\SystemPropertiesProtection.exe
C:\Windows\system32\SystemPropertiesProtection.exe
C:\Windows\system32\SystemPropertiesProtection.exe
C:\Users\Admin\AppData\Local\K4bxuugdX\wisptis.exe
C:\Users\Admin\AppData\Local\K4bxuugdX\wisptis.exe
C:\Windows\system32\wisptis.exe
C:\Windows\system32\wisptis.exe
C:\Users\Admin\AppData\Local\7nar\dccw.exe
C:\Users\Admin\AppData\Local\7nar\dccw.exe
C:\Windows\system32\dccw.exe
C:\Windows\system32\dccw.exe
C:\Users\Admin\AppData\Local\7nNzo8\slui.exe
C:\Users\Admin\AppData\Local\7nNzo8\slui.exe
C:\Windows\system32\slui.exe
C:\Windows\system32\slui.exe
C:\Windows\system32\icardagt.exe
C:\Windows\system32\icardagt.exe
C:\Users\Admin\AppData\Local\l0M66mYUu\icardagt.exe
C:\Users\Admin\AppData\Local\l0M66mYUu\icardagt.exe
C:\Users\Admin\AppData\Local\HP1NWlTlX\rrinstaller.exe
C:\Users\Admin\AppData\Local\HP1NWlTlX\rrinstaller.exe
C:\Windows\system32\rrinstaller.exe
C:\Windows\system32\rrinstaller.exe
C:\Windows\system32\eudcedit.exe
C:\Windows\system32\eudcedit.exe
C:\Users\Admin\AppData\Local\rhYnaETx4\eudcedit.exe
C:\Users\Admin\AppData\Local\rhYnaETx4\eudcedit.exe
C:\Users\Admin\AppData\Local\JxC\isoburn.exe
C:\Users\Admin\AppData\Local\JxC\isoburn.exe
C:\Windows\system32\isoburn.exe
C:\Windows\system32\isoburn.exe
C:\Users\Admin\AppData\Local\e4khIc\msdtc.exe
C:\Users\Admin\AppData\Local\e4khIc\msdtc.exe
C:\Windows\system32\msdtc.exe
C:\Windows\system32\msdtc.exe
C:\Users\Admin\AppData\Local\XTN\osk.exe
C:\Users\Admin\AppData\Local\XTN\osk.exe
C:\Windows\system32\osk.exe
C:\Windows\system32\osk.exe
C:\Users\Admin\AppData\Local\RhFkH4\rekeywiz.exe
C:\Users\Admin\AppData\Local\RhFkH4\rekeywiz.exe
C:\Windows\system32\rekeywiz.exe
C:\Windows\system32\rekeywiz.exe
C:\Users\Admin\AppData\Local\JPa1b\osk.exe
C:\Users\Admin\AppData\Local\JPa1b\osk.exe
C:\Windows\system32\osk.exe
C:\Windows\system32\osk.exe
C:\Users\Admin\AppData\Local\v5tXf4n4\mmc.exe
C:\Users\Admin\AppData\Local\v5tXf4n4\mmc.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\SystemPropertiesHardware.exe
C:\Windows\system32\SystemPropertiesHardware.exe
C:\Users\Admin\AppData\Local\Jv5K\SystemPropertiesHardware.exe
C:\Users\Admin\AppData\Local\Jv5K\SystemPropertiesHardware.exe
C:\Users\Admin\AppData\Local\Q6ONspd\BdeUISrv.exe
C:\Users\Admin\AppData\Local\Q6ONspd\BdeUISrv.exe
C:\Windows\system32\BdeUISrv.exe
C:\Windows\system32\BdeUISrv.exe
C:\Users\Admin\AppData\Local\3Gm\ComputerDefaults.exe
C:\Users\Admin\AppData\Local\3Gm\ComputerDefaults.exe
C:\Windows\system32\ComputerDefaults.exe
C:\Windows\system32\ComputerDefaults.exe
C:\Windows\system32\unregmp2.exe
C:\Windows\system32\unregmp2.exe
C:\Users\Admin\AppData\Local\yNBSVk\unregmp2.exe
C:\Users\Admin\AppData\Local\yNBSVk\unregmp2.exe
C:\Users\Admin\AppData\Local\7HgKpOo4D\shrpubw.exe
C:\Users\Admin\AppData\Local\7HgKpOo4D\shrpubw.exe
C:\Windows\system32\shrpubw.exe
C:\Windows\system32\shrpubw.exe
C:\Windows\system32\rdpshell.exe
C:\Windows\system32\rdpshell.exe
C:\Users\Admin\AppData\Local\vKxeuj6c0\rdpshell.exe
C:\Users\Admin\AppData\Local\vKxeuj6c0\rdpshell.exe
C:\Users\Admin\AppData\Local\Tx6\DWWIN.EXE
C:\Users\Admin\AppData\Local\Tx6\DWWIN.EXE
C:\Windows\system32\DWWIN.EXE
C:\Windows\system32\DWWIN.EXE
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Users\Admin\AppData\Local\kLu\MpSigStub.exe
C:\Users\Admin\AppData\Local\kLu\MpSigStub.exe
C:\Windows\system32\wscript.exe
C:\Windows\system32\wscript.exe
C:\Users\Admin\AppData\Local\SO85vKV\wscript.exe
C:\Users\Admin\AppData\Local\SO85vKV\wscript.exe
C:\Users\Admin\AppData\Local\eXojoTLE0\DeviceDisplayObjectProvider.exe
C:\Users\Admin\AppData\Local\eXojoTLE0\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Users\Admin\AppData\Local\Uh51IBbB\rstrui.exe
C:\Users\Admin\AppData\Local\Uh51IBbB\rstrui.exe
C:\Windows\system32\rstrui.exe
C:\Windows\system32\rstrui.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Users\Admin\AppData\Local\uUJMn\MpSigStub.exe
C:\Users\Admin\AppData\Local\uUJMn\MpSigStub.exe
C:\Windows\system32\cmstp.exe
C:\Windows\system32\cmstp.exe
C:\Users\Admin\AppData\Local\iYHO\cmstp.exe
C:\Users\Admin\AppData\Local\iYHO\cmstp.exe
C:\Windows\system32\cttune.exe
C:\Windows\system32\cttune.exe
C:\Users\Admin\AppData\Local\7QIi\cttune.exe
C:\Users\Admin\AppData\Local\7QIi\cttune.exe
C:\Users\Admin\AppData\Local\JCl0l\BitLockerWizard.exe
C:\Users\Admin\AppData\Local\JCl0l\BitLockerWizard.exe
C:\Windows\system32\BitLockerWizard.exe
C:\Windows\system32\BitLockerWizard.exe
C:\Users\Admin\AppData\Local\qvm\rdrleakdiag.exe
C:\Users\Admin\AppData\Local\qvm\rdrleakdiag.exe
C:\Windows\system32\rdrleakdiag.exe
C:\Windows\system32\rdrleakdiag.exe
C:\Users\Admin\AppData\Local\gTMXBWt\SystemPropertiesRemote.exe
C:\Users\Admin\AppData\Local\gTMXBWt\SystemPropertiesRemote.exe
C:\Windows\system32\SystemPropertiesRemote.exe
C:\Windows\system32\SystemPropertiesRemote.exe
C:\Users\Admin\AppData\Local\567aIFhDf\tabcal.exe
C:\Users\Admin\AppData\Local\567aIFhDf\tabcal.exe
C:\Windows\system32\tabcal.exe
C:\Windows\system32\tabcal.exe
C:\Users\Admin\AppData\Local\BPRAubTLU\cttune.exe
C:\Users\Admin\AppData\Local\BPRAubTLU\cttune.exe
C:\Windows\system32\cttune.exe
C:\Windows\system32\cttune.exe
C:\Windows\system32\osk.exe
C:\Windows\system32\osk.exe
C:\Users\Admin\AppData\Local\5MESm\osk.exe
C:\Users\Admin\AppData\Local\5MESm\osk.exe
C:\Windows\system32\lpksetup.exe
C:\Windows\system32\lpksetup.exe
C:\Users\Admin\AppData\Local\iNY\lpksetup.exe
C:\Users\Admin\AppData\Local\iNY\lpksetup.exe
C:\Users\Admin\AppData\Local\hbh5y7K\wusa.exe
C:\Users\Admin\AppData\Local\hbh5y7K\wusa.exe
C:\Windows\system32\wusa.exe
C:\Windows\system32\wusa.exe
C:\Users\Admin\AppData\Local\xiSHS5\psr.exe
C:\Users\Admin\AppData\Local\xiSHS5\psr.exe
C:\Windows\system32\psr.exe
C:\Windows\system32\psr.exe
C:\Windows\system32\irftp.exe
C:\Windows\system32\irftp.exe
C:\Users\Admin\AppData\Local\cZ69OiI\irftp.exe
C:\Users\Admin\AppData\Local\cZ69OiI\irftp.exe
C:\Users\Admin\AppData\Local\UIQTJl\DeviceDisplayObjectProvider.exe
C:\Users\Admin\AppData\Local\UIQTJl\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\EhStorAuthn.exe
C:\Windows\system32\EhStorAuthn.exe
C:\Users\Admin\AppData\Local\JKye\EhStorAuthn.exe
C:\Users\Admin\AppData\Local\JKye\EhStorAuthn.exe
C:\Users\Admin\AppData\Local\5Z2nXkZGI\rekeywiz.exe
C:\Users\Admin\AppData\Local\5Z2nXkZGI\rekeywiz.exe
C:\Windows\system32\rekeywiz.exe
C:\Windows\system32\rekeywiz.exe
C:\Users\Admin\AppData\Local\nKdG\recdisc.exe
C:\Users\Admin\AppData\Local\nKdG\recdisc.exe
C:\Windows\system32\recdisc.exe
C:\Windows\system32\recdisc.exe
C:\Users\Admin\AppData\Local\VUqJ\wbengine.exe
C:\Users\Admin\AppData\Local\VUqJ\wbengine.exe
C:\Windows\system32\wbengine.exe
C:\Windows\system32\wbengine.exe
C:\Users\Admin\AppData\Local\sibjOP\rekeywiz.exe
C:\Users\Admin\AppData\Local\sibjOP\rekeywiz.exe
C:\Windows\system32\rekeywiz.exe
C:\Windows\system32\rekeywiz.exe
C:\Windows\system32\DWWIN.EXE
C:\Windows\system32\DWWIN.EXE
C:\Users\Admin\AppData\Local\XY8W\DWWIN.EXE
C:\Users\Admin\AppData\Local\XY8W\DWWIN.EXE
C:\Users\Admin\AppData\Local\E8foFZ\BitLockerWizard.exe
C:\Users\Admin\AppData\Local\E8foFZ\BitLockerWizard.exe
C:\Windows\system32\BitLockerWizard.exe
C:\Windows\system32\BitLockerWizard.exe
C:\Windows\system32\msinfo32.exe
C:\Windows\system32\msinfo32.exe
C:\Users\Admin\AppData\Local\BdEt\msinfo32.exe
C:\Users\Admin\AppData\Local\BdEt\msinfo32.exe
C:\Users\Admin\AppData\Local\6TaYL6H\p2phost.exe
C:\Users\Admin\AppData\Local\6TaYL6H\p2phost.exe
C:\Windows\system32\p2phost.exe
C:\Windows\system32\p2phost.exe
C:\Windows\system32\SnippingTool.exe
C:\Windows\system32\SnippingTool.exe
C:\Users\Admin\AppData\Local\fIAGhybI\SnippingTool.exe
C:\Users\Admin\AppData\Local\fIAGhybI\SnippingTool.exe
C:\Users\Admin\AppData\Local\Ka7\SystemPropertiesPerformance.exe
C:\Users\Admin\AppData\Local\Ka7\SystemPropertiesPerformance.exe
C:\Windows\system32\SystemPropertiesPerformance.exe
C:\Windows\system32\SystemPropertiesPerformance.exe
C:\Users\Admin\AppData\Local\C6Ff4Dn9M\BdeUISrv.exe
C:\Users\Admin\AppData\Local\C6Ff4Dn9M\BdeUISrv.exe
C:\Windows\system32\BdeUISrv.exe
C:\Windows\system32\BdeUISrv.exe
C:\Users\Admin\AppData\Local\etiz7n\MpSigStub.exe
C:\Users\Admin\AppData\Local\etiz7n\MpSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Users\Admin\AppData\Local\u7OgyyE\SystemPropertiesDataExecutionPrevention.exe
C:\Users\Admin\AppData\Local\u7OgyyE\SystemPropertiesDataExecutionPrevention.exe
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
C:\Windows\system32\wbengine.exe
C:\Windows\system32\wbengine.exe
C:\Users\Admin\AppData\Local\xLSnL\wbengine.exe
C:\Users\Admin\AppData\Local\xLSnL\wbengine.exe
C:\Windows\system32\dialer.exe
C:\Windows\system32\dialer.exe
C:\Users\Admin\AppData\Local\sAoKfMpPW\dialer.exe
C:\Users\Admin\AppData\Local\sAoKfMpPW\dialer.exe
C:\Users\Admin\AppData\Local\KYwMk9zV1\rdpclip.exe
C:\Users\Admin\AppData\Local\KYwMk9zV1\rdpclip.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\shrpubw.exe
C:\Windows\system32\shrpubw.exe
C:\Users\Admin\AppData\Local\Syy\shrpubw.exe
C:\Users\Admin\AppData\Local\Syy\shrpubw.exe
C:\Windows\system32\EhStorAuthn.exe
C:\Windows\system32\EhStorAuthn.exe
C:\Users\Admin\AppData\Local\X1va\EhStorAuthn.exe
C:\Users\Admin\AppData\Local\X1va\EhStorAuthn.exe
C:\Users\Admin\AppData\Local\6GG9Vn7\SystemPropertiesProtection.exe
C:\Users\Admin\AppData\Local\6GG9Vn7\SystemPropertiesProtection.exe
C:\Windows\system32\SystemPropertiesProtection.exe
C:\Windows\system32\SystemPropertiesProtection.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\mspaint.exe
C:\Users\Admin\AppData\Local\PNvCzb4nb\mspaint.exe
C:\Users\Admin\AppData\Local\PNvCzb4nb\mspaint.exe
C:\Windows\system32\slui.exe
C:\Windows\system32\slui.exe
C:\Users\Admin\AppData\Local\K9Ru\slui.exe
C:\Users\Admin\AppData\Local\K9Ru\slui.exe
C:\Users\Admin\AppData\Local\hgBWoLbPj\PresentationSettings.exe
C:\Users\Admin\AppData\Local\hgBWoLbPj\PresentationSettings.exe
C:\Windows\system32\PresentationSettings.exe
C:\Windows\system32\PresentationSettings.exe
C:\Users\Admin\AppData\Local\85v\msdtc.exe
C:\Users\Admin\AppData\Local\85v\msdtc.exe
C:\Windows\system32\msdtc.exe
C:\Windows\system32\msdtc.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msdt.exe
C:\Users\Admin\AppData\Local\gsOkDm\msdt.exe
C:\Users\Admin\AppData\Local\gsOkDm\msdt.exe
C:\Windows\system32\dpapimig.exe
C:\Windows\system32\dpapimig.exe
C:\Users\Admin\AppData\Local\hdwpVyt\dpapimig.exe
C:\Users\Admin\AppData\Local\hdwpVyt\dpapimig.exe
C:\Windows\system32\EhStorAuthn.exe
C:\Windows\system32\EhStorAuthn.exe
C:\Users\Admin\AppData\Local\CGta6Mi84\EhStorAuthn.exe
C:\Users\Admin\AppData\Local\CGta6Mi84\EhStorAuthn.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\winlogon.exe
C:\Users\Admin\AppData\Local\hvr4\winlogon.exe
C:\Users\Admin\AppData\Local\hvr4\winlogon.exe
C:\Users\Admin\AppData\Local\ijfYf\dccw.exe
C:\Users\Admin\AppData\Local\ijfYf\dccw.exe
C:\Windows\system32\dccw.exe
C:\Windows\system32\dccw.exe
C:\Users\Admin\AppData\Local\m2a\raserver.exe
C:\Users\Admin\AppData\Local\m2a\raserver.exe
C:\Windows\system32\raserver.exe
C:\Windows\system32\raserver.exe
Network
Files
memory/2256-1-0x0000000000230000-0x0000000000237000-memory.dmp
memory/2256-0-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-4-0x0000000076EB6000-0x0000000076EB7000-memory.dmp
memory/1196-11-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-23-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-37-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-47-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-52-0x0000000002EC0000-0x0000000002EC7000-memory.dmp
memory/1196-58-0x0000000077120000-0x0000000077122000-memory.dmp
memory/1196-67-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-73-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-57-0x0000000076FC1000-0x0000000076FC2000-memory.dmp
memory/1196-56-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-48-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-46-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-45-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-44-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-43-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-42-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-41-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-40-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-39-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-38-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-36-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-35-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-34-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-33-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-32-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-31-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-30-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-29-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-28-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-27-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-26-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-25-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-24-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-22-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-21-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-20-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-19-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-18-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-17-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-16-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-15-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-14-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-13-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-12-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-10-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-9-0x0000000140000000-0x0000000140247000-memory.dmp
memory/2256-8-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-7-0x0000000140000000-0x0000000140247000-memory.dmp
memory/1196-5-0x0000000002EE0000-0x0000000002EE1000-memory.dmp
memory/1196-327-0x0000000076EB6000-0x0000000076EB7000-memory.dmp
C:\Users\Admin\AppData\Local\JKye\EhStorAuthn.exe
| MD5 | 3abe95d92c80dc79707d8e168d79a994 |
| SHA1 | 64b10c17f602d3f21c84954541e7092bc55bb5ab |
| SHA256 | 2159d9d5c9355521de859d1c40907fcdfef19f8cf68eda7485b89e9aa119e3ad |
| SHA512 | 70fee5e87121229bba5c5e5aaa9f028ac0546dc9d38b7a00a81b882c8f8ce4abfdc364a598976b1463cca05e9400db715f8a4478ec61b03a693bbeee18c6ae5c |
C:\Users\Admin\AppData\Local\nKdG\recdisc.exe
| MD5 | f3b306179f1840c0813dc6771b018358 |
| SHA1 | dec7ce3c13f7a684cb52ae6007c99cf03afef005 |
| SHA256 | dcaeb590394b42d180e23e3cef4dd135513395b026e0ed489aec49848b85b8f0 |
| SHA512 | 9f9ec4c2ca6373bd738bf415d059f3536390e46e5b0a560e9ee1b190407a6d0f481c38664c51b834a9e72d8878f71c3c19e427e3a6b5ca4ec6b02d1156eb9ef4 |
C:\Users\Admin\AppData\Local\VUqJ\wbengine.exe
| MD5 | 78f4e7f5c56cb9716238eb57da4b6a75 |
| SHA1 | 98b0b9db6ec5961dbb274eff433a8bc21f7e557b |
| SHA256 | 46a4e78ce5f2a4b26f4e9c3ff04a99d9b727a82ac2e390a82a1611c3f6e0c9af |
| SHA512 | 1a24ea71624dbbca188ee3b4812e09bc42e7d38ceac02b69940d7693475c792685a23141c8faa85a87ab6aace3f951c1a81facb610d757ac6df37cf2aa65ccd2 |
C:\Users\Admin\AppData\Local\sAoKfMpPW\dialer.exe
| MD5 | 46523e17ee0f6837746924eda7e9bac9 |
| SHA1 | d6b2a9cc6bd3588fa9804ada5197afda6a9e034b |
| SHA256 | 23d8a6a1d847a324c556c30e10c8f63c2004aeb42ac3f5a5ca362077f1517382 |
| SHA512 | c7117c3778650864e685bd89df599d7cdd9319d757344ddc7cfd9403d6673964127f6ff0c5ac48455fd3097af31a6ff09173f85dfa7be2d25f395cdf3692bb9a |
C:\Users\Admin\AppData\Local\KYwMk9zV1\rdpclip.exe
| MD5 | 25d284eb2f12254c001afe9a82575a81 |
| SHA1 | cf131801fdd5ec92278f9e0ae62050e31c6670a5 |
| SHA256 | 837e0d864c474956c0d9d4e7ae5f884007f19b7f420db9afcf0d266aefa6608b |
| SHA512 | 7b4f208fa1681a0a139577ebc974e7acfc85e3c906a674e111223783460585eb989cb6b38f215d79f89e747a0e9224d90e1aa43e091d2042edb8bac7b27b968b |
C:\Users\Admin\AppData\Local\hgBWoLbPj\PresentationSettings.exe
| MD5 | a6f8d318f6041334889481b472000081 |
| SHA1 | b8cf08ec17b30c8811f2514246fcdff62731dd58 |
| SHA256 | 208b94fd66a6ce266c3195f87029a41a0622fff47f2a5112552cb087adbb1258 |
| SHA512 | 60f70fa8a19e6ea6f08f4907dd7fede3665ad3f2e013d49f6649442ea5871a967b9a53ec4d3328a06cb83b69be1b7af1bb14bf122b568bd1f8432ee1d0bfee69 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-30 13:37
Reported
2024-01-01 00:17
Platform
win10v2004-20231215-en