8175267aa680322099e8cc8b09e54f5dafe3a7c64ba79dbeda7f9ad0294e6dc0

Analysis

max time kernel
6s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-08_998346be15eaf6ad554f8f2510ec7504_mafia.exe
Size

3.4MB
MD5

998346be15eaf6ad554f8f2510ec7504
SHA1

0e04538300c58cd8e2ed712d296e26e24967e2a3
SHA256

8175267aa680322099e8cc8b09e54f5dafe3a7c64ba79dbeda7f9ad0294e6dc0
SHA512

5f9490c1179de26105917a803074a4bffbb29343aeea855645865bcdcddc49c13e2b42f7e6607439e66fc7221c88bab12d624189949a12ddc75bcdc9a93f8a72
SSDEEP

49152:eZtaC9KtT114hKySSdvnxHDyARWVDO5EYRkB3ANkTTlmSDj0bJHbT:cT9KtT11R/ARWko3AMkqSJn

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4968	explorer.exe
Token: SeCreatePagefilePrivilege	4968	explorer.exe
Token: SeShutdownPrivilege	4968	explorer.exe
Token: SeCreatePagefilePrivilege	4968	explorer.exe

C:\Users\Admin\AppData\Local\Temp\2024-01-08_998346be15eaf6ad554f8f2510ec7504_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_998346be15eaf6ad554f8f2510ec7504_mafia.exe"
1⤵
PID:4416

C:\Windows\explorer.exe
explorer.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4968

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3976

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4324

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4200

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1592

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4916

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4120

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3164

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5116

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1072

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4476

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2356

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4800

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3452

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3448

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3968

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4248

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2760

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2576

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:512

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4956

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3700

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2012

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1804

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3516

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1232

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3168

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3068

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:208

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2912

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3416

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3856

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1668

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2956

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4484

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1668

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3864

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:436

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1028

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1616

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3308

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2864

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3716

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:852

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1708

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3888

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2992

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2596

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:852

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4316

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2172

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:624

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4824

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3292

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2760

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2008

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5004

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4128

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4060

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3556

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5104

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1456

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4236

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5036

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2792

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3700

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1620

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4388

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1332

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4300

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2544

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1648

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4128

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3940

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1064

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5112

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4836

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1508

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4048

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1496

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4868

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3888

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4208

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5072

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:760

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1456

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4764

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4088

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1832

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4372

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4528

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1668

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3328

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4108

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4244

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4104

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1924

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3764

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1920

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
508c3e3282039414fb11e7e5733e0183

SHA1
dc2759133a4b7fb12b86788c8e1dab4c16d6e86b

SHA256
d54d6cb0e7a27687ba0bc6fb32bf700954df6f3007de1065364d35f7209a8f69

SHA512
11270a8907c214fa7c09b8fe7a5873fc6154d0a74e6af373db2365bae34322389d0458aebcd1afe1a4de50a72b1719225058ee90e5cbf743659a5c26c3f3cd92

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\V50TXLKS\microsoft.windows[1].xml

Filesize
97B

MD5
0dd9849d7dcb276fe7952fbef01f27d2

SHA1
696b4212cc8a84291f88203695dbfe81567db0b9

SHA256
ab905cb2e3d901f2d2e2abbe041717c3c220c2fbf8f5a6b84554246918e1ccd0

SHA512
7c9ee87c2c2a4bb137141e1fdf4d5f64e3873c734dc3848bc98d9f4c5511c11124a700ce84c927ad8d76f6afbd3f8fa653a70f744927517249fda132767ca715

Download Submit
memory/512-122-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/624-352-0x0000000004210000-0x0000000004211000-memory.dmp

Filesize
4KB

Download
memory/852-329-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/1028-245-0x000001D857520000-0x000001D857540000-memory.dmp

Filesize
128KB

Download
memory/1028-247-0x000001D857920000-0x000001D857940000-memory.dmp

Filesize
128KB

Download
memory/1028-243-0x000001D857560000-0x000001D857580000-memory.dmp

Filesize
128KB

Download
memory/1072-40-0x000002CD9BE90000-0x000002CD9BEB0000-memory.dmp

Filesize
128KB

Download
memory/1072-38-0x000002CD9BED0000-0x000002CD9BEF0000-memory.dmp

Filesize
128KB

Download
memory/1072-42-0x000002CD9C4A0000-0x000002CD9C4C0000-memory.dmp

Filesize
128KB

Download
memory/1592-8-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/1616-258-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download
memory/1668-226-0x0000015C22510000-0x0000015C22530000-memory.dmp

Filesize
128KB

Download
memory/1668-201-0x000001BBA1C60000-0x000001BBA1C80000-memory.dmp

Filesize
128KB

Download
memory/1668-203-0x000001BBA1C20000-0x000001BBA1C40000-memory.dmp

Filesize
128KB

Download
memory/1668-205-0x000001BBA2030000-0x000001BBA2050000-memory.dmp

Filesize
128KB

Download
memory/1668-222-0x0000015C22140000-0x0000015C22160000-memory.dmp

Filesize
128KB

Download
memory/1668-224-0x0000015C22100000-0x0000015C22120000-memory.dmp

Filesize
128KB

Download
memory/1708-295-0x000002354C090000-0x000002354C0B0000-memory.dmp

Filesize
128KB

Download
memory/1708-293-0x000002354BC80000-0x000002354BCA0000-memory.dmp

Filesize
128KB

Download
memory/1708-291-0x000002354BCC0000-0x000002354BCE0000-memory.dmp

Filesize
128KB

Download
memory/2172-337-0x000002F06E860000-0x000002F06E880000-memory.dmp

Filesize
128KB

Download
memory/2172-339-0x000002F06E820000-0x000002F06E840000-memory.dmp

Filesize
128KB

Download
memory/2172-342-0x000002F06EC60000-0x000002F06EC80000-memory.dmp

Filesize
128KB

Download
memory/2576-111-0x000001DCD27B0000-0x000001DCD27D0000-memory.dmp

Filesize
128KB

Download
memory/2576-109-0x000001DCD23A0000-0x000001DCD23C0000-memory.dmp

Filesize
128KB

Download
memory/2576-107-0x000001DCD23E0000-0x000001DCD2400000-memory.dmp

Filesize
128KB

Download
memory/2596-314-0x0000018E18F70000-0x0000018E18F90000-memory.dmp

Filesize
128KB

Download
memory/2596-316-0x0000018E18F30000-0x0000018E18F50000-memory.dmp

Filesize
128KB

Download
memory/2596-318-0x0000018E19340000-0x0000018E19360000-memory.dmp

Filesize
128KB

Download
memory/2864-268-0x000002045A800000-0x000002045A820000-memory.dmp

Filesize
128KB

Download
memory/2864-270-0x000002045AC00000-0x000002045AC20000-memory.dmp

Filesize
128KB

Download
memory/2864-266-0x000002045A840000-0x000002045A860000-memory.dmp

Filesize
128KB

Download
memory/2912-180-0x0000012E559B0000-0x0000012E559D0000-memory.dmp

Filesize
128KB

Download
memory/2912-182-0x0000012E560C0000-0x0000012E560E0000-memory.dmp

Filesize
128KB

Download
memory/2912-178-0x0000012E55D00000-0x0000012E55D20000-memory.dmp

Filesize
128KB

Download
memory/2956-214-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/3068-170-0x0000000004740000-0x0000000004741000-memory.dmp

Filesize
4KB

Download
memory/3164-30-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/3168-159-0x000001CBD9EE0000-0x000001CBD9F00000-memory.dmp

Filesize
128KB

Download
memory/3168-157-0x000001CBD98D0000-0x000001CBD98F0000-memory.dmp

Filesize
128KB

Download
memory/3168-154-0x000001CBD9910000-0x000001CBD9930000-memory.dmp

Filesize
128KB

Download
memory/3292-362-0x0000029719090000-0x00000297190B0000-memory.dmp

Filesize
128KB

Download
memory/3292-364-0x00000297194A0000-0x00000297194C0000-memory.dmp

Filesize
128KB

Download
memory/3292-360-0x00000297190D0000-0x00000297190F0000-memory.dmp

Filesize
128KB

Download
memory/3416-194-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/3452-76-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/3516-147-0x0000000004560000-0x0000000004561000-memory.dmp

Filesize
4KB

Download
memory/3700-134-0x00000200958C0000-0x00000200958E0000-memory.dmp

Filesize
128KB

Download
memory/3700-130-0x00000200952E0000-0x0000020095300000-memory.dmp

Filesize
128KB

Download
memory/3700-132-0x00000200952A0000-0x00000200952C0000-memory.dmp

Filesize
128KB

Download
memory/3716-283-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/3864-235-0x0000000004DE0000-0x0000000004DE1000-memory.dmp

Filesize
4KB

Download
memory/3888-306-0x0000000003450000-0x0000000003451000-memory.dmp

Filesize
4KB

Download
memory/3968-89-0x0000024149A60000-0x0000024149A80000-memory.dmp

Filesize
128KB

Download
memory/3968-84-0x0000024149490000-0x00000241494B0000-memory.dmp

Filesize
128KB

Download
memory/3968-86-0x0000024149450000-0x0000024149470000-memory.dmp

Filesize
128KB

Download
memory/4120-17-0x00000220936D0000-0x00000220936F0000-memory.dmp

Filesize
128KB

Download
memory/4120-19-0x0000022093CE0000-0x0000022093D00000-memory.dmp

Filesize
128KB

Download
memory/4120-15-0x0000022093710000-0x0000022093730000-memory.dmp

Filesize
128KB

Download
memory/4248-99-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/4476-54-0x00000000041C0000-0x00000000041C1000-memory.dmp

Filesize
4KB

Download
memory/4800-65-0x00000191EB0E0000-0x00000191EB100000-memory.dmp

Filesize
128KB

Download
memory/4800-61-0x00000191EAB10000-0x00000191EAB30000-memory.dmp

Filesize
128KB

Download
memory/4800-63-0x00000191EAAD0000-0x00000191EAAF0000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads