Overview
overview
10Static
static
8samples (2) (4).zip
windows7-x64
1samples (2) (4).zip
windows10-2004-x64
110d1a82f3c...61.exe
windows7-x64
110d1a82f3c...61.exe
windows10-2004-x64
1133dd26c0a...f0.exe
windows7-x64
10133dd26c0a...f0.exe
windows10-2004-x64
101ab3aad04e...7d.exe
windows7-x64
61ab3aad04e...7d.exe
windows10-2004-x64
11ad4c9e3d0...7d.exe
windows7-x64
11ad4c9e3d0...7d.exe
windows10-2004-x64
127cc1f6adc...35.wsf
windows7-x64
827cc1f6adc...35.wsf
windows10-2004-x64
835b7dbc8a3...31.exe
windows7-x64
935b7dbc8a3...31.exe
windows10-2004-x64
103716dc17e9...c6.dll
windows7-x64
13716dc17e9...c6.dll
windows10-2004-x64
35e94c0f064...2e.exe
windows7-x64
65e94c0f064...2e.exe
windows10-2004-x64
770f166f51e...ad.exe
windows7-x64
170f166f51e...ad.exe
windows10-2004-x64
193dc1dee6b...1a.chm
windows7-x64
1093dc1dee6b...1a.chm
windows10-2004-x64
10a37f77fafa...58.ps1
windows7-x64
1a37f77fafa...58.ps1
windows10-2004-x64
1b875cc39a6...395.js
windows7-x64
8b875cc39a6...395.js
windows10-2004-x64
8b906da71fe...be.exe
windows7-x64
1b906da71fe...be.exe
windows10-2004-x64
1bae7ee765f...c.docm
windows7-x64
1bae7ee765f...c.docm
windows10-2004-x64
1c3fdcec878...07.exe
windows7-x64
4c3fdcec878...07.exe
windows10-2004-x64
4Analysis
-
max time kernel
25s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01-01-2024 15:12
Behavioral task
behavioral1
Sample
samples (2) (4).zip
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
samples (2) (4).zip
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
10d1a82f3c458f2a84c28d6b01cab731904f62a1f0a07c3797aadaad05cf4a61.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
10d1a82f3c458f2a84c28d6b01cab731904f62a1f0a07c3797aadaad05cf4a61.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
133dd26c0a6bfbbbe309a845d6f0f382345bdb31595474eb57138ea34c4ddbf0.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
133dd26c0a6bfbbbe309a845d6f0f382345bdb31595474eb57138ea34c4ddbf0.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
1ab3aad04e0eb2c5a15d3e5a576cd3d3e6b1546852ea653cd4369da19a940e7d.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
1ab3aad04e0eb2c5a15d3e5a576cd3d3e6b1546852ea653cd4369da19a940e7d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
1ad4c9e3d0e04e7f1e32e196ea1e87ed64237485baab4cfa4b07eed44d4b347d.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral10
Sample
1ad4c9e3d0e04e7f1e32e196ea1e87ed64237485baab4cfa4b07eed44d4b347d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
27cc1f6adc3a24ab7dc29c38082e69b0e3993e8a88d91804f88282c240fcac35.wsf
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
27cc1f6adc3a24ab7dc29c38082e69b0e3993e8a88d91804f88282c240fcac35.wsf
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
35b7dbc8a3f456bdafd02383b8a849a6f5fea5f541b3f0c8502e31c2370e8f31.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
35b7dbc8a3f456bdafd02383b8a849a6f5fea5f541b3f0c8502e31c2370e8f31.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
3716dc17e97ffefeeec3508acb79e19beda5d030220c070f62309cafc7a3fac6.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
3716dc17e97ffefeeec3508acb79e19beda5d030220c070f62309cafc7a3fac6.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
5e94c0f064264dffaee5d98e03eaf558c5945475d38162aefc022abc1c4b682e.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
5e94c0f064264dffaee5d98e03eaf558c5945475d38162aefc022abc1c4b682e.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
70f166f51e58ef7651a6e567404c71e499d9c2b6e01fc6ae176fd290e91f3aad.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
70f166f51e58ef7651a6e567404c71e499d9c2b6e01fc6ae176fd290e91f3aad.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
93dc1dee6b92da2fe38858162e039eb54ce5e109286432cb3a55c06818eff61a.chm
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
93dc1dee6b92da2fe38858162e039eb54ce5e109286432cb3a55c06818eff61a.chm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
a37f77fafa3df072332dcf2b15d5d91182b3a1a430912e13320cd6148ca8f458.ps1
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
a37f77fafa3df072332dcf2b15d5d91182b3a1a430912e13320cd6148ca8f458.ps1
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
b875cc39a6933b5a96ec292403ea2fa59788658f825b7fd0b66bffc1a6b09395.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
b875cc39a6933b5a96ec292403ea2fa59788658f825b7fd0b66bffc1a6b09395.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
b906da71fe22e6e987afe2a70b14aa64cbff3b1049e7779db392b542856452be.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
b906da71fe22e6e987afe2a70b14aa64cbff3b1049e7779db392b542856452be.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
bae7ee765f1ec70ca4a9a734abecca822860c67ed6b42f8bab49ab2b34808eac.docm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
bae7ee765f1ec70ca4a9a734abecca822860c67ed6b42f8bab49ab2b34808eac.docm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral32
Sample
c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe
-
Size
29KB
-
MD5
77cbd091343b10c2be75931a0ce4f1ab
-
SHA1
45ec8ff2ff454638e75796575e2468b0ea2fb182
-
SHA256
c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07
-
SHA512
f3355d91d5ff74e46e0fd68abbd8b8c126e0b3391a4916b41c9c2005008ae6104c01c12b1512d2ee729ab379c2e61be755424f27da90a2b2964a8758f4b0b2dd
-
SSDEEP
768:Mef5bWAYY9njfp7pq7nD3kFkNXwrSBh0pPSEON9g74Y:h5x9u7nD0FkNArSBCvOe4
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\VideoLAN\VLC\locale\ach\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Common Files\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Mozilla Firefox\browser\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\da-DK\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\gl\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\or\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Windows Defender\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office 15\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk-1.8\include\win32\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\fur\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\sq\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\as_IN\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\bg\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\cgg\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\ms\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\hu\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fi-FI\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk-1.8\include\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Windows Security\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\th-TH\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Java\jdk-1.8\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fa-IR\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office\root\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\plugins\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office\Updates\Apply\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hu-HU\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Common Files\System\Ole DB\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\de\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-MX\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ms-MY\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\VideoLAN\VLC\locale\ckb\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File created C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\RESTORE_YOUR_FILES.txt c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3364 wrote to memory of 4796 3364 c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe 26 PID 3364 wrote to memory of 4796 3364 c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe 26 PID 3364 wrote to memory of 4796 3364 c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe"C:\Users\Admin\AppData\Local\Temp\c3fdcec878ac032f4bb4c73a8ba9b08dd546e931d6f0f24bf905207501ba0b07.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3364 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\delself.bat2⤵PID:4796
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
292B
MD54749876eec0450c2ca869428da5db7b5
SHA16d591510911ac2315702c1ea3705b8115653b873
SHA25631163fcae4314f3e67a38597c93ae8f30d5d1d2c97ee95ccbac447aa1ba95ac0
SHA51294e29db75377845e4355e3f401a99e9cb8f7a0150fb4cec51fdd4ea8187ab17561c1161b62af54ba36dbd809bbec28123d86212ba3884c5500ab00399658b4bd