18f6e9cb00df4285327557a0c28d3d77e4484c36d271105296f22e77202f324a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53667267bb7a5afbb0450900823924f4.exe
Size

11.5MB
MD5

53667267bb7a5afbb0450900823924f4
SHA1

1fa4496f49faaed702cf8b5c5f3c01d8917c2c47
SHA256

18f6e9cb00df4285327557a0c28d3d77e4484c36d271105296f22e77202f324a
SHA512

3f878382e26a083f2e63a23b0b7789e7c8e4133e3ecf8c65dd269c9b40c0046432d6728f60b77979bfefb90859afd5797780ab7b29cf661138ca0c31ce307b49
SSDEEP

98304:RgE2ZBaqaj+uYP4srNnU9k/i+JlzZTRJ19wr7OiBnU9k/i+JlzZTRJ19Axgiod9v:RgtK+XZFU9IjJk7zU9IjJyfTQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4056-0-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/files/0x000a0000000230f9-5.dat	upx
behavioral2/memory/4056-1625-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4056-4271-0x0000000000400000-0x0000000000410000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\pcaui.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\scrnsave.scr	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\credwiz.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\eventvwr.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\LaunchWinApp.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\mobsync.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\winrm.cmd-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\edpnotify.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\fsutil.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\poqexec.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\regini.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\winrs.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\cleanmgr.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\dvdplay.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\SystemUWPLauncher.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\Taskmgr.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\logman.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\MuiUnattend.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\secinit.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\wermgr.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\finger.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\odbcconf.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\odbcconf.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\OneDriveSetup.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\pcaui.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\psr.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\RdpSaUacHelper.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\Com\comrepl.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\gpscript.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\UserAccountBroker.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\tracerpt.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\fontdrvhost.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\logman.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\raserver.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\autofmt.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\icsunattend.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\resmon.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\stordiag.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\TokenBrokerCookies.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\UserAccountBroker.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\Register-CimProvider.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\compact.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\cscript.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\grpconv.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\mmc.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\quickassist.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\wextract.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\expand.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\fltMC.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\shrpubw.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\wlanext.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\forfiles.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\OpenWith.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\setup16.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\setx.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SysWOW64\CloudNotifications.exe-	53667267bb7a5afbb0450900823924f4.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\ielowutil.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Internet Explorer\ielowutil.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Windows Media Player\wmprph.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe-	53667267bb7a5afbb0450900823924f4.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-unifiedwritefilter_31bf3856ad364e35_10.0.19041.1266_none_110072d23cfc00d3\UwfServicingShell.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.153_none_7799fc2afae9a500\f\MDMAppInstaller.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.19041.264_none_8bd2f5fc0c992e06\SearchFilterHost.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_10.0.19041.1_none_1fe438473a878c5c\TapiUnattend.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.19041.1_none_4a6487592c595dd4\wlrmdr.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_netfx4-csc_exe_b03f5f7f11d50a3a_4.0.15805.0_none_76eb13d6387f99ed\csc.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\OOBENetworkConnectionFlow.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.19041.928_none_4621828876257e43\n\certreq.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-coredpussvr_31bf3856ad364e35_10.0.19041.1_none_513ebdc8ffa81e3d\coredpussvr.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_10.0.19041.1_none_5efb81c4b092852b\cvtres.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.19041.1202_none_5b834788c0d17953\r\iexplore.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..-network-management_31bf3856ad364e35_10.0.19041.1_none_7a53549f2797bc70\nmbind.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.19041.153_none_6ef8a222ac00dbc2\TrustedInstaller.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winre-recoverytools_31bf3856ad364e35_10.0.19041.572_none_b322aa88d0148356\ReAgentc.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.19041.572_none_4d40b8e902f83dd6\gpscript.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-cloudnotifications_31bf3856ad364e35_10.0.19041.746_none_7a559100246cff2b\r\CloudNotifications.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.19041.1_none_03029e85abc99279\bitsadmin.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..te-orchestratorcore_31bf3856ad364e35_10.0.19041.1266_none_fb98272b39a47240\r\usocoreworker.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_windows-application..egistrationverifier_31bf3856ad364e35_10.0.19041.746_none_64e9b1de23df7cf4\AppHostRegistrationVerifier.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-settingsynchost_31bf3856ad364e35_10.0.19041.1_none_4028e460f6e7e25b\SettingSyncHost.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wow64-legacy_31bf3856ad364e35_10.0.19041.1023_none_6aeab5d4bd0371a8\r\setup16.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core_31bf3856ad364e35_10.0.19041.1110_none_29d8ec742bfd8b13\r\fhmanagew.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.1237_none_4b16fb7fab206eb1\r\printui.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.19041.1_none_2f8c879e7c6f8b16\rasdial.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.19041.1_none_e341aee7030e39c4\MigRegDB.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tzutil_31bf3856ad364e35_10.0.19041.1_none_f4898caed6e558be\tzutil.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..es-inputredirection_31bf3856ad364e35_10.0.19041.1_none_ba15c535035058c0\rdpinput.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..te-musnotifyiconexe_31bf3856ad364e35_10.0.19041.153_none_1721bd4ad34c0544\MusNotifyIcon.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_76e6fb38a70dbd6d\GameBarPresenceWriter.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.173_none_38fc88f8cb913df1\f\winresume.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ttings-removedevice_31bf3856ad364e35_10.0.19041.1_none_69523ba694c053ca\SystemSettingsRemoveDevice.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-u..onwakesettingflyout_31bf3856ad364e35_10.0.19041.746_none_949b3f6674b404fa\PasswordOnWakeSettingFlyout.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\f\ApplySettingsTemplateCatalog.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.19041.1_none_fbaeb6d5afb287f7\gpupdate.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.1_none_216932a6d29366ce\relog.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1081_none_e3f87355251e8c43\notepad.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.19041.1266_none_c2a2211ad648e627\mstsc.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_windows-gaming-xbox..e-service-component_31bf3856ad364e35_10.0.19041.789_none_3136b8d712da0334\r\XblGameSaveTask.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..eldebugger-recorder_31bf3856ad364e35_10.0.19041.1_none_1a55178fad503598\tttracer.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.19041.1_none_6a9f2a3a3265ab31\nfsadmin.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_3d62a57d3b12dcf1\print.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_10.0.19041.1_none_4406801793afabed\CompMgmtLauncher.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\tree.com-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmplayer.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main_31bf3856ad364e35_10.0.19041.264_none_29367e02ede71097\f\wbadmin.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.746_none_3db5b5ee37a4dee7\r\CompPkgSrv.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-com-surrogate_31bf3856ad364e35_10.0.19041.1_none_0469a68bc74049ec\dllhst3g.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.19041.1202_none_05cd606e025d0d96\TrustedInstaller.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wusa_31bf3856ad364e35_10.0.19041.1_none_6d464952ec5b23a2\wusa.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.264_none_13222f28beaa00a7\f\vmwp.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..periencehost-broker_31bf3856ad364e35_10.0.19041.746_none_1ce3c0f12fb5f8ec\f\CloudExperienceHostBroker.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.19041.844_none_c5675ea732c2eaa0\r\LockApp.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-gamecallableui.appxmain_31bf3856ad364e35_10.0.19041.1_none_d910ec4e86b0552b\XBox.TCUI.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1266_none_7d1b4a535854fe42\f\quickassist.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\DismHost.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.19041.1_none_5f22b28b2f384ed0\TRACERT.EXE-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.19041.844_none_9b62a70f9278f2cd\r\ofdeploy.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\ssh-add.exe-	53667267bb7a5afbb0450900823924f4.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.19041.1_none_2305f6cf48d996c7\sethc.exe-	53667267bb7a5afbb0450900823924f4.exe

C:\Users\Admin\AppData\Local\Temp\53667267bb7a5afbb0450900823924f4.exe
"C:\Users\Admin\AppData\Local\Temp\53667267bb7a5afbb0450900823924f4.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\odt\office2016setup.exe-

Filesize
3.3MB

MD5
856814bdf339e20cb4c16b09a06d9854

SHA1
a029c41ebd3d860cd05f357d12b97e4f8afa3107

SHA256
17c345cd475263e8007d0e0b23d1e5a9b91f4d0c30996bd3750b6c31b887c8f2

SHA512
6159b830efb2ea690696b862d0ab09e11b1d84b77e77022c152e962c9c6996dd45571dc1952581e321aeae078e2dca947da9ff46b9c798d95e8f8ef193fc33ce

Download Submit
memory/4056-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4056-1625-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4056-4271-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download