78253dfea1888d645790b81c1252d290492addfeb508fa31ed0b9fe5bed1ba46

Analysis

max time kernel
112s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 12:06 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe
Size

192KB
MD5

1f3e224395c2e3e5894781513d05b648
SHA1

3de5cd65f014e8eafa4dddefd71acfea077cb133
SHA256

78253dfea1888d645790b81c1252d290492addfeb508fa31ed0b9fe5bed1ba46
SHA512

e206afc3c9758837531e0a91a514425ef0f953c8e1cc0a854ffa581b8ffc5e1877a62f2de30726c79719444730a04e9ab606cbaa8d9d2e31affa8fdb94fe6a9f
SSDEEP

1536:1EGh0oQl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0oQl1OPOe2MUVg3Ve+rXfMUa

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 18 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ADA4CF04-7C25-4c9f-9832-FFFD631EAB7B}\stubpath = "C:\\Windows\\{ADA4CF04-7C25-4c9f-9832-FFFD631EAB7B}.exe"	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}\stubpath = "C:\\Windows\\{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe"	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C2296308-19C9-493f-BCE1-2E8F4C743D59}\stubpath = "C:\\Windows\\{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe"	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}\stubpath = "C:\\Windows\\{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe"	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}\stubpath = "C:\\Windows\\{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe"	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}\stubpath = "C:\\Windows\\{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe"	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}\stubpath = "C:\\Windows\\{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe"	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ADA4CF04-7C25-4c9f-9832-FFFD631EAB7B}	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}\stubpath = "C:\\Windows\\{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe"	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C2296308-19C9-493f-BCE1-2E8F4C743D59}	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}\stubpath = "C:\\Windows\\{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe"	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe

Executes dropped EXE 9 IoCs

pid	Process
4980	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe
4060	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe
4444	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe
352	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe
4724	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe
220	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe
2316	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe
2864	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe
4564	{ADA4CF04-7C25-4c9f-9832-FFFD631EAB7B}.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe
File created	C:\Windows\{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe
File created	C:\Windows\{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe
File created	C:\Windows\{ADA4CF04-7C25-4c9f-9832-FFFD631EAB7B}.exe	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe
File created	C:\Windows\{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe
File created	C:\Windows\{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe
File created	C:\Windows\{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe
File created	C:\Windows\{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe
File created	C:\Windows\{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	3988	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe
Token: SeIncBasePriorityPrivilege	4980	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe
Token: SeIncBasePriorityPrivilege	4060	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe
Token: SeIncBasePriorityPrivilege	4444	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe
Token: SeIncBasePriorityPrivilege	352	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe
Token: SeIncBasePriorityPrivilege	4724	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe
Token: SeIncBasePriorityPrivilege	220	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe
Token: SeIncBasePriorityPrivilege	2316	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe
Token: SeIncBasePriorityPrivilege	2864	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 4980	3988	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe	99
PID 3988 wrote to memory of 4980	3988	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe	99
PID 3988 wrote to memory of 4980	3988	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe	99
PID 3988 wrote to memory of 3812	3988	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe	98
PID 3988 wrote to memory of 3812	3988	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe	98
PID 3988 wrote to memory of 3812	3988	2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe	98
PID 4980 wrote to memory of 4060	4980	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe	103
PID 4980 wrote to memory of 4060	4980	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe	103
PID 4980 wrote to memory of 4060	4980	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe	103
PID 4980 wrote to memory of 768	4980	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe	102
PID 4980 wrote to memory of 768	4980	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe	102
PID 4980 wrote to memory of 768	4980	{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe	102
PID 4060 wrote to memory of 4444	4060	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe	106
PID 4060 wrote to memory of 4444	4060	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe	106
PID 4060 wrote to memory of 4444	4060	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe	106
PID 4060 wrote to memory of 1252	4060	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe	105
PID 4060 wrote to memory of 1252	4060	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe	105
PID 4060 wrote to memory of 1252	4060	{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe	105
PID 4444 wrote to memory of 352	4444	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe	108
PID 4444 wrote to memory of 352	4444	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe	108
PID 4444 wrote to memory of 352	4444	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe	108
PID 4444 wrote to memory of 1636	4444	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe	109
PID 4444 wrote to memory of 1636	4444	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe	109
PID 4444 wrote to memory of 1636	4444	{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe	109
PID 352 wrote to memory of 4724	352	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe	112
PID 352 wrote to memory of 4724	352	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe	112
PID 352 wrote to memory of 4724	352	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe	112
PID 352 wrote to memory of 1988	352	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe	111
PID 352 wrote to memory of 1988	352	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe	111
PID 352 wrote to memory of 1988	352	{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe	111
PID 4724 wrote to memory of 220	4724	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe	115
PID 4724 wrote to memory of 220	4724	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe	115
PID 4724 wrote to memory of 220	4724	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe	115
PID 4724 wrote to memory of 4712	4724	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe	114
PID 4724 wrote to memory of 4712	4724	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe	114
PID 4724 wrote to memory of 4712	4724	{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe	114
PID 220 wrote to memory of 2316	220	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe	117
PID 220 wrote to memory of 2316	220	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe	117
PID 220 wrote to memory of 2316	220	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe	117
PID 220 wrote to memory of 932	220	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe	116
PID 220 wrote to memory of 932	220	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe	116
PID 220 wrote to memory of 932	220	{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe	116
PID 2316 wrote to memory of 2864	2316	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe	119
PID 2316 wrote to memory of 2864	2316	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe	119
PID 2316 wrote to memory of 2864	2316	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe	119
PID 2316 wrote to memory of 4560	2316	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe	118
PID 2316 wrote to memory of 4560	2316	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe	118
PID 2316 wrote to memory of 4560	2316	{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe	118
PID 2864 wrote to memory of 4564	2864	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe	129
PID 2864 wrote to memory of 4564	2864	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe	129
PID 2864 wrote to memory of 4564	2864	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe	129
PID 2864 wrote to memory of 760	2864	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe	128
PID 2864 wrote to memory of 760	2864	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe	128
PID 2864 wrote to memory of 760	2864	{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe	128

C:\Users\Admin\AppData\Local\Temp\2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe"
1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
  2⤵
  PID:3812
- C:\Windows\{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe
  C:\Windows\{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe
  2⤵
  - Modifies Installed Components in the registry
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4980
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\{0F3E9~1.EXE > nul
    3⤵
    PID:768
- - C:\Windows\{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe
    C:\Windows\{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4060
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Windows\{B8F7E~1.EXE > nul
      4⤵
      PID:1252
  - - C:\Windows\{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe
      C:\Windows\{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe
      4⤵
      Modifies Installed Components in the registry
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4444
    - - C:\Windows\{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe
        
        C:\Windows\{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe
        5⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:352
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{D10FD~1.EXE > nul
        6⤵
        
        PID:1988
      - C:\Windows\{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe
        
        C:\Windows\{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{F20F6~1.EXE > nul
        7⤵
        
        PID:4712
        
        C:\Windows\{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe
        
        C:\Windows\{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe
        7⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{3F1AF~1.EXE > nul
        8⤵
        
        PID:932
        
        C:\Windows\{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe
        
        C:\Windows\{7A88C7D5-8BB4-49fc-B241-F289B739A7F7}.exe
        8⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{7A88C~1.EXE > nul
        9⤵
        
        PID:4560
        
        C:\Windows\{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe
        
        C:\Windows\{DF7DEC44-B3E9-440c-985C-7FF47FFEC269}.exe
        9⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2864
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{DF7DE~1.EXE > nul
        10⤵
        
        PID:760
        
        C:\Windows\{ADA4CF04-7C25-4c9f-9832-FFFD631EAB7B}.exe
        
        C:\Windows\{ADA4CF04-7C25-4c9f-9832-FFFD631EAB7B}.exe
        10⤵
        Executes dropped EXE
        
        PID:4564
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{ADA4C~1.EXE > nul
        11⤵
        
        PID:4612
        
        C:\Windows\{AFACED03-622D-4c9a-991E-457EC0C0D382}.exe
        
        C:\Windows\{AFACED03-622D-4c9a-991E-457EC0C0D382}.exe
        11⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{AFACE~1.EXE > nul
        12⤵
        
        PID:4656
        
        C:\Windows\{494C2004-A41F-4573-8246-A050A04AA2BF}.exe
        
        C:\Windows\{494C2004-A41F-4573-8246-A050A04AA2BF}.exe
        12⤵
        
        PID:4036
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{C2296~1.EXE > nul
        5⤵
        
        PID:1636

Network

DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

148.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

148.177.190.20.in-addr.arpa

IN PTR

Response
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

104.241.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.241.123.92.in-addr.arpa

IN PTR

Response

104.241.123.92.in-addr.arpa

IN PTR

a92-123-241-104deploystaticakamaitechnologiescom
DNS

104.241.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.241.123.92.in-addr.arpa

IN PTR
DNS

104.241.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.241.123.92.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

211.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.135.221.88.in-addr.arpa

IN PTR

Response

211.135.221.88.in-addr.arpa

IN PTR

a88-221-135-211deploystaticakamaitechnologiescom
DNS

204.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.178.17.96.in-addr.arpa

IN PTR

Response

204.178.17.96.in-addr.arpa

IN PTR

a96-17-178-204deploystaticakamaitechnologiescom
DNS

204.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.178.17.96.in-addr.arpa

IN PTR
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301492_19VWK67ER2VBBOLMY&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301492_19VWK67ER2VBBOLMY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 321569
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BEFB08C476344EE798A46E80AFE41865 Ref B: LON04EDGE0814 Ref C: 2024-01-07T12:14:52Z
date: Sun, 07 Jan 2024 12:14:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301304_1KWQNFDZMYS43H6WK&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301304_1KWQNFDZMYS43H6WK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 355353
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C5A6C4216ED14540B4B0549EB3330EB9 Ref B: LON04EDGE0814 Ref C: 2024-01-07T12:14:52Z
date: Sun, 07 Jan 2024 12:14:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301348_1IGED3LPK164UYK70&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301348_1IGED3LPK164UYK70&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 333147
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9ED805C8B0D84D5293EB9CDF76F0049A Ref B: LON04EDGE0814 Ref C: 2024-01-07T12:14:53Z
date: Sun, 07 Jan 2024 12:14:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300915_11PL293NENO2DA53I&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300915_11PL293NENO2DA53I&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 288710
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DBB6C39983CD4EFFB3C21047570CA0BF Ref B: LON04EDGE0814 Ref C: 2024-01-07T12:14:53Z
date: Sun, 07 Jan 2024 12:14:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301059_1P6JR4ZMHWPBH8OVK&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301059_1P6JR4ZMHWPBH8OVK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 315531
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4B31E5EF214F4BD68B9CED92C423E924 Ref B: LON04EDGE0814 Ref C: 2024-01-07T12:14:53Z
date: Sun, 07 Jan 2024 12:14:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301713_1BAGKMP8PJ38B402W&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301713_1BAGKMP8PJ38B402W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

20.231.121.79:80

46 B
1
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
8.2kB
16
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.3kB
17
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
15
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301713_1BAGKMP8PJ38B402W&pid=21.2&w=1080&h=1920&c=4

tls, http2

57.3kB
1.5MB
1077
1078

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301492_19VWK67ER2VBBOLMY&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301304_1KWQNFDZMYS43H6WK&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301348_1IGED3LPK164UYK70&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300915_11PL293NENO2DA53I&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301059_1P6JR4ZMHWPBH8OVK&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301713_1BAGKMP8PJ38B402W&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

148.177.190.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

148.177.190.20.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

59.128.231.4.in-addr.arpa

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

146.78.124.51.in-addr.arpa

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

104.241.123.92.in-addr.arpa

dns

219 B
139 B
3
1

DNS Request

104.241.123.92.in-addr.arpa

DNS Request

104.241.123.92.in-addr.arpa

DNS Request

104.241.123.92.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

360 B
158 B
5
1

DNS Request

119.110.54.20.in-addr.arpa

DNS Request

119.110.54.20.in-addr.arpa

DNS Request

119.110.54.20.in-addr.arpa

DNS Request

119.110.54.20.in-addr.arpa

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

211.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

211.135.221.88.in-addr.arpa
8.8.8.8:53

204.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

204.178.17.96.in-addr.arpa

DNS Request

204.178.17.96.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

11.227.111.52.in-addr.arpa

DNS Request

11.227.111.52.in-addr.arpa

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

142 B
2

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe

Filesize
149KB

MD5
4fab151698780bd83c72c1b117a61636

SHA1
878517a278248540e018a14864b4f2e71a33dc80

SHA256
0ac4f372715ebd510395b9a4731011f77e4ff68e466b5dd688a92886f5eed3b8

SHA512
ef0cb026a4505be535b4b9a8e95003bdcf14b5b3b35bc450b7ce6ecf1097066ebb9de982afee39ccc2b4270bc8890004fa37c5416d59cd7a7124e6e1577320b9

Download Submit
C:\Windows\{0F3E988F-BCBF-4a72-8645-6DA73B1C2CFE}.exe

Filesize
155KB

MD5
7d03b6cbdbabefdd1d86ea1c6c2fe720

SHA1
2f2a1cba55cb94748702b6d88910629523afba91

SHA256
2b8222f4e9cc9bd2b3b3e0ba4e8ebdb3d570eff988f31024d41b485ee1337fef

SHA512
1d7cebd8da169ba228dc972192a83a330865e735665a68e5a78fea9b2be1be9f006518e2720835ba4a9d02174c2d286bef0a68a380d2d857bae6c807dbdb1054

Download Submit
C:\Windows\{3F1AF019-0EF1-4de0-B30B-D293C81DC69E}.exe

Filesize
192KB

MD5
bb6312e94a6d0e8ba233c412bd920a68

SHA1
ec9682251dbc6808cff3feb60b13ddd0b8fc6b41

SHA256
e3882b0520de31be59ef3818ee21e69b09371d46a915d4b74fcbafb178ad1210

SHA512
fd5dc212dcad7888d5cc695f92aa91e7d657d07fafbf330c2f88a54bc43db0fd7387cf955491650173f9a60ced101429db18c61dcabeee95e610540b9b257174

Download Submit
C:\Windows\{B8F7ED4F-E9C4-4a73-B142-CB3E3EB107B2}.exe

Filesize
192KB

MD5
d8ad2e018ea5a51981c893f7c48f0483

SHA1
0de8ec2743de77011b6cee8dd45cc97bd50a9199

SHA256
0777b54c26ecd6f2959fe3dba7320b06ef80b983d9793aca4d08c16df42c022d

SHA512
b485c0cc143c31d4b27f227079ec843569149b3366d7282ed17b1b82020e43447b4bd6e4e312ea8d00797fda55632979414c926c4acabcbe2168c099dffb9404

Download Submit
C:\Windows\{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe

Filesize
192KB

MD5
e10b7b7356aa0c1b72da46e51bbb82f4

SHA1
654b030ca4b28c33f669df5f311bba0d96ee89e7

SHA256
9f53611555d168f1dd293c18572631f9634d52eaf7c0fecec9340ed6ddf2ce37

SHA512
d5fab68ed3fe94bab4b4ac35e8d67404887249623ebd79e815e7e083b5da8737a0a8839eb5c4bd30a3b693ad4edd66e702a1ae24bcb29f20f7cd0282f228c0d8

Download Submit
C:\Windows\{C2296308-19C9-493f-BCE1-2E8F4C743D59}.exe

Filesize
92KB

MD5
c05abeda0b4265eadd540d48688cc681

SHA1
87a09f0bf5b90bbb0eea37eafbbe51b08bdb75dd

SHA256
7f003eab52644559250872a875d8d3109d81a60b63aa82c469b34fce0f43015e

SHA512
3fad5c5baf6a10a3fe267d0a39c4fe943edc88ae3db679841de1d8f1d18ae72c1c317d5f51054006d86b73f2b4d739df26d71cf81b0dbdd3c7e0fd01ceccf77a

Download Submit
C:\Windows\{D10FD76C-6B7F-45b8-9915-A59B1FB35C06}.exe

Filesize
192KB

MD5
6adfd9c4198ccaa57c0c996c84d5d64e

SHA1
e970f3eabb7f80aaa472db7d5d87bcf62249d25c

SHA256
c3526af325a05f44fa55a722c7bee2d08400eb95b05c6efe04857d668e882daa

SHA512
3014daf2c8675dd974c3e6b0430b466c01f79181026e82c07ae49c4329f406887c0525f0d6254c6ac707986e4dff209920efb836958c014270fd053766d7dcef

Download Submit
C:\Windows\{F20F63C6-EAF3-4af5-9EF3-28C4BC7989F3}.exe

Filesize
192KB

MD5
fca2074afe0b4a5d0c1fffb88fee247c

SHA1
e50af9a4549685c197809c9b85c3a988fbd51bb1

SHA256
49a192ab9678b1b516408e2c10496e20d45fcef8ba867e63490141f4812f4ecb

SHA512
4fa506d5d780e2ff82c840598f9d43ea662ffce0df3ea94e4368046d9223319f8f72da24e00cca925e29cd6d2065dfeefd8dabdbe12bb41a633af82e8ca2c8c9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.