Overview
overview
10Static
static
8samples (2) (4).zip
windows7-x64
1samples (2) (4).zip
windows10-2004-x64
110d1a82f3c...61.exe
windows7-x64
110d1a82f3c...61.exe
windows10-2004-x64
1133dd26c0a...f0.exe
windows7-x64
10133dd26c0a...f0.exe
windows10-2004-x64
101ab3aad04e...7d.exe
windows7-x64
61ab3aad04e...7d.exe
windows10-2004-x64
11ad4c9e3d0...7d.exe
windows7-x64
11ad4c9e3d0...7d.exe
windows10-2004-x64
127cc1f6adc...35.wsf
windows7-x64
827cc1f6adc...35.wsf
windows10-2004-x64
835b7dbc8a3...31.exe
windows7-x64
935b7dbc8a3...31.exe
windows10-2004-x64
103716dc17e9...c6.dll
windows7-x64
13716dc17e9...c6.dll
windows10-2004-x64
35e94c0f064...2e.exe
windows7-x64
65e94c0f064...2e.exe
windows10-2004-x64
770f166f51e...ad.exe
windows7-x64
170f166f51e...ad.exe
windows10-2004-x64
193dc1dee6b...1a.chm
windows7-x64
1093dc1dee6b...1a.chm
windows10-2004-x64
10a37f77fafa...58.ps1
windows7-x64
1a37f77fafa...58.ps1
windows10-2004-x64
1b875cc39a6...395.js
windows7-x64
8b875cc39a6...395.js
windows10-2004-x64
8b906da71fe...be.exe
windows7-x64
1b906da71fe...be.exe
windows10-2004-x64
1bae7ee765f...c.docm
windows7-x64
1bae7ee765f...c.docm
windows10-2004-x64
1c3fdcec878...07.exe
windows7-x64
4c3fdcec878...07.exe
windows10-2004-x64
4Analysis
-
max time kernel
0s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
01-01-2024 15:12
Behavioral task
behavioral1
Sample
samples (2) (4).zip
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
samples (2) (4).zip
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
10d1a82f3c458f2a84c28d6b01cab731904f62a1f0a07c3797aadaad05cf4a61.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
10d1a82f3c458f2a84c28d6b01cab731904f62a1f0a07c3797aadaad05cf4a61.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
133dd26c0a6bfbbbe309a845d6f0f382345bdb31595474eb57138ea34c4ddbf0.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
133dd26c0a6bfbbbe309a845d6f0f382345bdb31595474eb57138ea34c4ddbf0.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
1ab3aad04e0eb2c5a15d3e5a576cd3d3e6b1546852ea653cd4369da19a940e7d.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
1ab3aad04e0eb2c5a15d3e5a576cd3d3e6b1546852ea653cd4369da19a940e7d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
1ad4c9e3d0e04e7f1e32e196ea1e87ed64237485baab4cfa4b07eed44d4b347d.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral10
Sample
1ad4c9e3d0e04e7f1e32e196ea1e87ed64237485baab4cfa4b07eed44d4b347d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
27cc1f6adc3a24ab7dc29c38082e69b0e3993e8a88d91804f88282c240fcac35.wsf
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
27cc1f6adc3a24ab7dc29c38082e69b0e3993e8a88d91804f88282c240fcac35.wsf
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
35b7dbc8a3f456bdafd02383b8a849a6f5fea5f541b3f0c8502e31c2370e8f31.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
35b7dbc8a3f456bdafd02383b8a849a6f5fea5f541b3f0c8502e31c2370e8f31.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
3716dc17e97ffefeeec3508acb79e19beda5d030220c070f62309cafc7a3fac6.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
3716dc17e97ffefeeec3508acb79e19beda5d030220c070f62309cafc7a3fac6.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
5e94c0f064264dffaee5d98e03eaf558c5945475d38162aefc022abc1c4b682e.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
5e94c0f064264dffaee5d98e03eaf558c5945475d38162aefc022abc1c4b682e.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
70f166f51e58ef7651a6e567404c71e499d9c2b6e01fc6ae176fd290e91f3aad.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
70f166f51e58ef7651a6e567404c71e499d9c2b6e01fc6ae176fd290e91f3aad.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
93dc1dee6b92da2fe38858162e039eb54ce5e109286432cb3a55c06818eff61a.chm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
93dc1dee6b92da2fe38858162e039eb54ce5e109286432cb3a55c06818eff61a.chm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
a37f77fafa3df072332dcf2b15d5d91182b3a1a430912e13320cd6148ca8f458.ps1
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
a37f77fafa3df072332dcf2b15d5d91182b3a1a430912e13320cd6148ca8f458.ps1
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
b875cc39a6933b5a96ec292403ea2fa59788658f825b7fd0b66bffc1a6b09395.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
b875cc39a6933b5a96ec292403ea2fa59788658f825b7fd0b66bffc1a6b09395.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
b906da71fe22e6e987afe2a70b14aa64cbff3b1049e7779db392b542856452be.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
b906da71fe22e6e987afe2a70b14aa64cbff3b1049e7779db392b542856452be.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
bae7ee765f1ec70ca4a9a734abecca822860c67ed6b42f8bab49ab2b34808eac.docm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
bae7ee765f1ec70ca4a9a734abecca822860c67ed6b42f8bab49ab2b34808eac.docm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral32
Sample
c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe
-
Size
29KB
-
MD5
77cbd091343b10c2be75931a0ce4f1ab
-
SHA1
45ec8ff2ff454638e75796575e2468b0ea2fb182
-
SHA256
c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07
-
SHA512
f3355d91d5ff74e46e0fd68abbd8b8c126e0b3391a4916b41c9c2005008ae6104c01c12b1512d2ee729ab379c2e61be755424f27da90a2b2964a8758f4b0b2dd
-
SSDEEP
768:Mef5bWAYY9njfp7pq7nD3kFkNXwrSBh0pPSEON9g74Y:h5x9u7nD0FkNArSBCvOe4
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\az\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\km\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Windows Defender\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Common Files\Microsoft Shared\TextConv\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\uk\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\et\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\lg\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\ml\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Windows Mail\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Games\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Microsoft Games\Minesweeper\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Games\Purble Place\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\hu\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Common Files\System\msadc\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Google\Chrome\Application\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Common Files\System\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Windows NT\Accessories\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Common Files\System\ado\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\en_GB\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\ga\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Java\jre7\lib\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\mai\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\zu\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\cy\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\da\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jre7\lib\zi\America\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\tet\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2888 wrote to memory of 2316 2888 c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe 16 PID 2888 wrote to memory of 2316 2888 c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe 16 PID 2888 wrote to memory of 2316 2888 c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe 16 PID 2888 wrote to memory of 2316 2888 c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe"C:\Users\Admin\AppData\Local\Temp\c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2888 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\delself.bat2⤵PID:2316
-