Analysis
-
max time kernel
23s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/01/2024, 22:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
75aee62ffbb7b0c0b98d0644775cc4d9.exe
Resource
win7-20231215-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
75aee62ffbb7b0c0b98d0644775cc4d9.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
75aee62ffbb7b0c0b98d0644775cc4d9.exe
-
Size
109KB
-
MD5
75aee62ffbb7b0c0b98d0644775cc4d9
-
SHA1
ddd6655529373149cccea439c28e5a0adc032fbb
-
SHA256
77a6c04f23d902ea59fa739f84b626212e8ae294b5ee5339503181ccf82ebfcb
-
SHA512
3be09632553ca1a5b3d1fca00b9512be033ab98877d28beee935f4dc8f7b7e8e1c541fd8ffcfc7717832eee8b9221d0f7e41117a03530e6ca00b973154ec684c
-
SSDEEP
1536:rVqwVs/YkztkBedUltbhZmFqAF1sa6KczkDVP2DfsTE/4yMsBfXh5X8r2JQ:lVsLkPThZ01N6KVO4TK4/sBfR5X8r2JQ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 1712 EXPL0RER.EXE 2752 EXPL0RER.EXE 2680 EXPL0RER.EXE 2224 EXPL0RER.EXE 2720 EXPL0RER.EXE 2604 EXPL0RER.EXE 2404 EXPL0RER.EXE 2616 EXPL0RER.EXE 2796 EXPL0RER.EXE 1644 EXPL0RER.EXE 1904 EXPL0RER.EXE 2028 EXPL0RER.EXE 2468 EXPL0RER.EXE 268 EXPL0RER.EXE 1984 EXPL0RER.EXE 328 EXPL0RER.EXE 1796 EXPL0RER.EXE 1728 EXPL0RER.EXE 1660 EXPL0RER.EXE 2372 EXPL0RER.EXE 2316 EXPL0RER.EXE 2112 EXPL0RER.EXE 2460 EXPL0RER.EXE 2384 EXPL0RER.EXE 1136 EXPL0RER.EXE 1332 EXPL0RER.EXE 1604 EXPL0RER.EXE 1996 EXPL0RER.EXE 2296 EXPL0RER.EXE 1936 EXPL0RER.EXE 1300 EXPL0RER.EXE 840 EXPL0RER.EXE 1500 EXPL0RER.EXE 2204 EXPL0RER.EXE 2196 EXPL0RER.EXE 2200 EXPL0RER.EXE 1588 EXPL0RER.EXE 2700 EXPL0RER.EXE 2748 EXPL0RER.EXE 2840 EXPL0RER.EXE 2716 EXPL0RER.EXE 2552 EXPL0RER.EXE 2676 EXPL0RER.EXE 3068 EXPL0RER.EXE 2816 EXPL0RER.EXE 2884 EXPL0RER.EXE 1808 EXPL0RER.EXE 1304 EXPL0RER.EXE 1920 EXPL0RER.EXE 880 EXPL0RER.EXE 472 cmd.exe 1036 WerFault.exe 756 EXPL0RER.EXE 796 EXPL0RER.EXE 2076 EXPL0RER.EXE 1688 EXPL0RER.EXE 2064 EXPL0RER.EXE 1788 EXPL0RER.EXE 1780 EXPL0RER.EXE 1700 EXPL0RER.EXE 1104 EXPL0RER.EXE 2004 EXPL0RER.EXE 2000 EXPL0RER.EXE 1056 EXPL0RER.EXE -
Loads dropped DLL 64 IoCs
pid Process 2216 75aee62ffbb7b0c0b98d0644775cc4d9.exe 2216 75aee62ffbb7b0c0b98d0644775cc4d9.exe 1712 EXPL0RER.EXE 1712 EXPL0RER.EXE 2752 EXPL0RER.EXE 2752 EXPL0RER.EXE 2680 EXPL0RER.EXE 2680 EXPL0RER.EXE 2224 EXPL0RER.EXE 2224 EXPL0RER.EXE 2720 EXPL0RER.EXE 2720 EXPL0RER.EXE 2604 EXPL0RER.EXE 2604 EXPL0RER.EXE 2404 EXPL0RER.EXE 2404 EXPL0RER.EXE 2616 EXPL0RER.EXE 2616 EXPL0RER.EXE 2796 EXPL0RER.EXE 2796 EXPL0RER.EXE 1644 EXPL0RER.EXE 1644 EXPL0RER.EXE 1904 EXPL0RER.EXE 1904 EXPL0RER.EXE 2028 EXPL0RER.EXE 2028 EXPL0RER.EXE 2468 EXPL0RER.EXE 2468 EXPL0RER.EXE 268 EXPL0RER.EXE 268 EXPL0RER.EXE 1984 EXPL0RER.EXE 1984 EXPL0RER.EXE 328 EXPL0RER.EXE 328 EXPL0RER.EXE 1796 EXPL0RER.EXE 1796 EXPL0RER.EXE 1728 EXPL0RER.EXE 1728 EXPL0RER.EXE 1660 EXPL0RER.EXE 1660 EXPL0RER.EXE 2372 EXPL0RER.EXE 2372 EXPL0RER.EXE 2316 EXPL0RER.EXE 2316 EXPL0RER.EXE 2112 EXPL0RER.EXE 2112 EXPL0RER.EXE 2460 EXPL0RER.EXE 2460 EXPL0RER.EXE 2384 EXPL0RER.EXE 2384 EXPL0RER.EXE 1136 EXPL0RER.EXE 1136 EXPL0RER.EXE 1332 EXPL0RER.EXE 1332 EXPL0RER.EXE 1604 EXPL0RER.EXE 1604 EXPL0RER.EXE 1996 EXPL0RER.EXE 1996 EXPL0RER.EXE 2296 EXPL0RER.EXE 2296 EXPL0RER.EXE 1936 EXPL0RER.EXE 1936 EXPL0RER.EXE 1300 EXPL0RER.EXE 1300 EXPL0RER.EXE -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc conhost.exe File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL conhost.exe File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL cmd.exe File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc cmd.exe File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL conhost.exe File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc WerFault.exe File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE WerFault.exe File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc cmd.exe File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXE EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXEabc cmd.exe File created C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File created C:\Windows\SysWOW64\EXPL0RER.EXE 75aee62ffbb7b0c0b98d0644775cc4d9.exe File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE File created C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\SysModule32.DLL EXPL0RER.EXE File opened for modification C:\Windows\SysWOW64\EXPL0RER.EXEabc EXPL0RER.EXE -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL cmd.exe File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL WerFault.exe File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL cmd.exe File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL cmd.exe File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL conhost.exe File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL EXPL0RER.EXE File created C:\Windows\MFCD3O.DLL EXPL0RER.EXE File opened for modification C:\Windows\MFCD3O.DLL conhost.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 3800 2616 WerFault.exe 35 3856 1644 WerFault.exe 37 3148 268 WerFault.exe 41 3628 2372 WerFault.exe 47 4016 2460 WerFault.exe 50 1332 840 WerFault.exe 59 3320 1300 WerFault.exe 58 3584 1500 WerFault.exe 60 1608 2204 WerFault.exe 61 1096 2196 WerFault.exe 62 2296 2200 WerFault.exe 63 3084 2748 WerFault.exe 66 1768 2840 WerFault.exe 67 3220 2700 WerFault.exe 65 4124 2552 WerFault.exe 69 4160 1588 WerFault.exe 64 4232 2716 WerFault.exe 68 4396 2676 WerFault.exe 70 4452 3068 WerFault.exe 71 4580 2816 WerFault.exe 72 4692 2884 WerFault.exe 73 4836 1808 WerFault.exe 74 4868 1304 WerFault.exe 75 5008 1920 WerFault.exe 76 4108 880 WerFault.exe 77 4676 1788 WerFault.exe 85 5116 2004 WerFault.exe 89 5024 2180 WerFault.exe 92 4132 2416 WerFault.exe 93 4336 1496 WerFault.exe 94 4308 2220 WerFault.exe 95 4796 2956 WerFault.exe 96 4500 2664 WerFault.exe 98 1036 2656 WerFault.exe 99 4852 2684 WerFault.exe 97 5136 2636 WerFault.exe 100 5264 1616 WerFault.exe 101 5408 2804 WerFault.exe 103 5524 2776 WerFault.exe 104 5496 828 WerFault.exe 102 5640 2240 WerFault.exe 105 5684 1436 WerFault.exe 106 5720 1060 WerFault.exe 107 5808 1740 WerFault.exe 110 5832 2988 WerFault.exe 111 6004 1308 WerFault.exe 109 6084 2992 WerFault.exe 112 5272 924 WerFault.exe 108 5428 1348 WerFault.exe 113 5700 1776 WerFault.exe 114 5712 2276 WerFault.exe 115 5960 1364 WerFault.exe 116 5224 2212 WerFault.exe 119 5280 1592 WerFault.exe 121 5448 892 WerFault.exe 117 5456 2136 WerFault.exe 118 5436 1612 WerFault.exe 120 6036 2964 WerFault.exe 122 6120 2424 WerFault.exe 123 6112 2692 WerFault.exe 124 5512 2020 WerFault.exe 126 5560 2788 WerFault.exe 127 5516 2628 WerFault.exe 125 5736 1636 WerFault.exe 128 -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2216 wrote to memory of 1712 2216 75aee62ffbb7b0c0b98d0644775cc4d9.exe 28 PID 2216 wrote to memory of 1712 2216 75aee62ffbb7b0c0b98d0644775cc4d9.exe 28 PID 2216 wrote to memory of 1712 2216 75aee62ffbb7b0c0b98d0644775cc4d9.exe 28 PID 2216 wrote to memory of 1712 2216 75aee62ffbb7b0c0b98d0644775cc4d9.exe 28 PID 1712 wrote to memory of 2752 1712 EXPL0RER.EXE 29 PID 1712 wrote to memory of 2752 1712 EXPL0RER.EXE 29 PID 1712 wrote to memory of 2752 1712 EXPL0RER.EXE 29 PID 1712 wrote to memory of 2752 1712 EXPL0RER.EXE 29 PID 2752 wrote to memory of 2680 2752 EXPL0RER.EXE 30 PID 2752 wrote to memory of 2680 2752 EXPL0RER.EXE 30 PID 2752 wrote to memory of 2680 2752 EXPL0RER.EXE 30 PID 2752 wrote to memory of 2680 2752 EXPL0RER.EXE 30 PID 2680 wrote to memory of 2224 2680 EXPL0RER.EXE 31 PID 2680 wrote to memory of 2224 2680 EXPL0RER.EXE 31 PID 2680 wrote to memory of 2224 2680 EXPL0RER.EXE 31 PID 2680 wrote to memory of 2224 2680 EXPL0RER.EXE 31 PID 2224 wrote to memory of 2720 2224 EXPL0RER.EXE 32 PID 2224 wrote to memory of 2720 2224 EXPL0RER.EXE 32 PID 2224 wrote to memory of 2720 2224 EXPL0RER.EXE 32 PID 2224 wrote to memory of 2720 2224 EXPL0RER.EXE 32 PID 2720 wrote to memory of 2604 2720 EXPL0RER.EXE 33 PID 2720 wrote to memory of 2604 2720 EXPL0RER.EXE 33 PID 2720 wrote to memory of 2604 2720 EXPL0RER.EXE 33 PID 2720 wrote to memory of 2604 2720 EXPL0RER.EXE 33 PID 2604 wrote to memory of 2404 2604 EXPL0RER.EXE 34 PID 2604 wrote to memory of 2404 2604 EXPL0RER.EXE 34 PID 2604 wrote to memory of 2404 2604 EXPL0RER.EXE 34 PID 2604 wrote to memory of 2404 2604 EXPL0RER.EXE 34 PID 2404 wrote to memory of 2616 2404 EXPL0RER.EXE 35 PID 2404 wrote to memory of 2616 2404 EXPL0RER.EXE 35 PID 2404 wrote to memory of 2616 2404 EXPL0RER.EXE 35 PID 2404 wrote to memory of 2616 2404 EXPL0RER.EXE 35 PID 2616 wrote to memory of 2796 2616 EXPL0RER.EXE 36 PID 2616 wrote to memory of 2796 2616 EXPL0RER.EXE 36 PID 2616 wrote to memory of 2796 2616 EXPL0RER.EXE 36 PID 2616 wrote to memory of 2796 2616 EXPL0RER.EXE 36 PID 2796 wrote to memory of 1644 2796 EXPL0RER.EXE 37 PID 2796 wrote to memory of 1644 2796 EXPL0RER.EXE 37 PID 2796 wrote to memory of 1644 2796 EXPL0RER.EXE 37 PID 2796 wrote to memory of 1644 2796 EXPL0RER.EXE 37 PID 1644 wrote to memory of 1904 1644 EXPL0RER.EXE 38 PID 1644 wrote to memory of 1904 1644 EXPL0RER.EXE 38 PID 1644 wrote to memory of 1904 1644 EXPL0RER.EXE 38 PID 1644 wrote to memory of 1904 1644 EXPL0RER.EXE 38 PID 1904 wrote to memory of 2028 1904 EXPL0RER.EXE 39 PID 1904 wrote to memory of 2028 1904 EXPL0RER.EXE 39 PID 1904 wrote to memory of 2028 1904 EXPL0RER.EXE 39 PID 1904 wrote to memory of 2028 1904 EXPL0RER.EXE 39 PID 2028 wrote to memory of 2468 2028 EXPL0RER.EXE 40 PID 2028 wrote to memory of 2468 2028 EXPL0RER.EXE 40 PID 2028 wrote to memory of 2468 2028 EXPL0RER.EXE 40 PID 2028 wrote to memory of 2468 2028 EXPL0RER.EXE 40 PID 2468 wrote to memory of 268 2468 EXPL0RER.EXE 41 PID 2468 wrote to memory of 268 2468 EXPL0RER.EXE 41 PID 2468 wrote to memory of 268 2468 EXPL0RER.EXE 41 PID 2468 wrote to memory of 268 2468 EXPL0RER.EXE 41 PID 268 wrote to memory of 1984 268 EXPL0RER.EXE 42 PID 268 wrote to memory of 1984 268 EXPL0RER.EXE 42 PID 268 wrote to memory of 1984 268 EXPL0RER.EXE 42 PID 268 wrote to memory of 1984 268 EXPL0RER.EXE 42 PID 1984 wrote to memory of 328 1984 EXPL0RER.EXE 43 PID 1984 wrote to memory of 328 1984 EXPL0RER.EXE 43 PID 1984 wrote to memory of 328 1984 EXPL0RER.EXE 43 PID 1984 wrote to memory of 328 1984 EXPL0RER.EXE 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\75aee62ffbb7b0c0b98d0644775cc4d9.exe"C:\Users\Admin\AppData\Local\Temp\75aee62ffbb7b0c0b98d0644775cc4d9.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2680 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE9⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2616 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1904 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE13⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE14⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE15⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:268 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE16⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE17⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:328 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE18⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1796 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE19⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1728 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE20⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
PID:1660 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE21⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
PID:2372 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE22⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:2316 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE23⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2112 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2460 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE25⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
PID:2384 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE26⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:1136 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE27⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:1332 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE28⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:1604 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE29⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1996 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE30⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:2296 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE31⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1936 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE32⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1300 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE33⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:840 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE34⤵
- Executes dropped EXE
PID:1500 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE35⤵
- Executes dropped EXE
PID:2204 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE36⤵
- Executes dropped EXE
PID:2196 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE37⤵
- Executes dropped EXE
PID:2200 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE38⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1588 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE39⤵
- Executes dropped EXE
PID:2700 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE40⤵
- Executes dropped EXE
PID:2748 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE41⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2840 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE42⤵
- Executes dropped EXE
PID:2716 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE43⤵
- Executes dropped EXE
PID:2552 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE44⤵
- Executes dropped EXE
PID:2676 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE45⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3068 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE46⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2816 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE47⤵
- Executes dropped EXE
PID:2884 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE48⤵
- Executes dropped EXE
PID:1808 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE49⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1304 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE50⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1920 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE51⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:880 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE52⤵PID:472
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE53⤵PID:1036
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE54⤵
- Executes dropped EXE
PID:756 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE55⤵
- Executes dropped EXE
PID:796 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE56⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2076 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE57⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1688 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE58⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2064 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE59⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1788 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE60⤵PID:1780
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE61⤵
- Executes dropped EXE
PID:1700 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE62⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1104 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE63⤵
- Executes dropped EXE
PID:2004 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE64⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2000 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE65⤵
- Executes dropped EXE
PID:1056 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE66⤵
- Drops file in System32 directory
PID:2180 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE67⤵PID:2416
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE68⤵
- Drops file in Windows directory
PID:1496 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE69⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2220 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE70⤵PID:2956
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE71⤵PID:2684
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE72⤵
- Drops file in Windows directory
PID:2664 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE73⤵
- Drops file in Windows directory
PID:2656 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE74⤵PID:2636
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE75⤵
- Drops file in System32 directory
PID:1616 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE76⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:828 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE77⤵
- Drops file in System32 directory
PID:2804 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE78⤵
- Drops file in Windows directory
PID:2776 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE79⤵
- Drops file in Windows directory
PID:2240 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE80⤵
- Drops file in Windows directory
PID:1436 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE81⤵
- Drops file in System32 directory
PID:1060 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE82⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:924 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE83⤵
- Drops file in Windows directory
PID:1308 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE84⤵
- Drops file in Windows directory
PID:1740 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE85⤵PID:2988
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE86⤵PID:2992
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE87⤵PID:1348
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE88⤵PID:1776
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE89⤵PID:2276
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE90⤵PID:1364
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE91⤵PID:892
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE92⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2136 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE93⤵PID:2212
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE94⤵
- Drops file in Windows directory
PID:1612 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE95⤵
- Drops file in System32 directory
PID:1592 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE96⤵PID:2964
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE97⤵
- Drops file in System32 directory
PID:2424 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE98⤵
- Drops file in Windows directory
PID:2692 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE99⤵
- Drops file in Windows directory
PID:2628 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE100⤵PID:2020
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE101⤵
- Drops file in Windows directory
PID:2788 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE102⤵PID:1636
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE103⤵PID:1944
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE104⤵PID:524
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE105⤵PID:900
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE106⤵
- Drops file in Windows directory
PID:2948 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE107⤵
- Drops file in Windows directory
PID:2420 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE108⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2732 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE109⤵
- Drops file in Windows directory
PID:984 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE110⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2440 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE111⤵
- Drops file in Windows directory
PID:1992 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE112⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1972 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE113⤵PID:1976
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE114⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:768 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE115⤵PID:868
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE116⤵PID:1680
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE117⤵PID:2084
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE118⤵
- Drops file in System32 directory
PID:2984 -
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE119⤵PID:2580
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE120⤵PID:2500
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE121⤵
- Drops file in System32 directory
PID:2792
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-