94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a

Analysis

max time kernel
12s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 04:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a.msi
Size

1.5MB
MD5

9c8696dbb48add540a75737327c537d2
SHA1

78b4eb7d363e017eb06e03408d7952bbb843f9a9
SHA256

94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a
SHA512

6ee26ecedd0386eca113e61086f6623b36ca093d24e41d90cf45412072d94d91dddb39c86ce726c3514da3d0221d3cf03455b00cc5d0987ca63d45c12225cf4a
SSDEEP

49152:yErvYpW8zBQSc0ZnSKeZKumZr7Amyq3TGtezO:RYQ0ZncK/AEs

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Loads dropped DLL 6 IoCs

pid	Process
1512	MsiExec.exe
1512	MsiExec.exe
1512	MsiExec.exe
1512	MsiExec.exe
1512	MsiExec.exe
1512	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008bec060def88e6600000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008bec060d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008bec060d000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8bec060d000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008bec060d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5016	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5016	msiexec.exe
Token: SeSecurityPrivilege	4168	msiexec.exe
Token: SeCreateTokenPrivilege	5016	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5016	msiexec.exe
Token: SeLockMemoryPrivilege	5016	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5016	msiexec.exe
Token: SeMachineAccountPrivilege	5016	msiexec.exe
Token: SeTcbPrivilege	5016	msiexec.exe
Token: SeSecurityPrivilege	5016	msiexec.exe
Token: SeTakeOwnershipPrivilege	5016	msiexec.exe
Token: SeLoadDriverPrivilege	5016	msiexec.exe
Token: SeSystemProfilePrivilege	5016	msiexec.exe
Token: SeSystemtimePrivilege	5016	msiexec.exe
Token: SeProfSingleProcessPrivilege	5016	msiexec.exe
Token: SeIncBasePriorityPrivilege	5016	msiexec.exe
Token: SeCreatePagefilePrivilege	5016	msiexec.exe
Token: SeCreatePermanentPrivilege	5016	msiexec.exe
Token: SeBackupPrivilege	5016	msiexec.exe
Token: SeRestorePrivilege	5016	msiexec.exe
Token: SeShutdownPrivilege	5016	msiexec.exe
Token: SeDebugPrivilege	5016	msiexec.exe
Token: SeAuditPrivilege	5016	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5016	msiexec.exe
Token: SeChangeNotifyPrivilege	5016	msiexec.exe
Token: SeRemoteShutdownPrivilege	5016	msiexec.exe
Token: SeUndockPrivilege	5016	msiexec.exe
Token: SeSyncAgentPrivilege	5016	msiexec.exe
Token: SeEnableDelegationPrivilege	5016	msiexec.exe
Token: SeManageVolumePrivilege	5016	msiexec.exe
Token: SeImpersonatePrivilege	5016	msiexec.exe
Token: SeCreateGlobalPrivilege	5016	msiexec.exe
Token: SeCreateTokenPrivilege	5016	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5016	msiexec.exe
Token: SeLockMemoryPrivilege	5016	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5016	msiexec.exe
Token: SeMachineAccountPrivilege	5016	msiexec.exe
Token: SeTcbPrivilege	5016	msiexec.exe
Token: SeSecurityPrivilege	5016	msiexec.exe
Token: SeTakeOwnershipPrivilege	5016	msiexec.exe
Token: SeLoadDriverPrivilege	5016	msiexec.exe
Token: SeSystemProfilePrivilege	5016	msiexec.exe
Token: SeSystemtimePrivilege	5016	msiexec.exe
Token: SeProfSingleProcessPrivilege	5016	msiexec.exe
Token: SeIncBasePriorityPrivilege	5016	msiexec.exe
Token: SeCreatePagefilePrivilege	5016	msiexec.exe
Token: SeCreatePermanentPrivilege	5016	msiexec.exe
Token: SeBackupPrivilege	5016	msiexec.exe
Token: SeRestorePrivilege	5016	msiexec.exe
Token: SeShutdownPrivilege	5016	msiexec.exe
Token: SeDebugPrivilege	5016	msiexec.exe
Token: SeAuditPrivilege	5016	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5016	msiexec.exe
Token: SeChangeNotifyPrivilege	5016	msiexec.exe
Token: SeRemoteShutdownPrivilege	5016	msiexec.exe
Token: SeUndockPrivilege	5016	msiexec.exe
Token: SeSyncAgentPrivilege	5016	msiexec.exe
Token: SeEnableDelegationPrivilege	5016	msiexec.exe
Token: SeManageVolumePrivilege	5016	msiexec.exe
Token: SeImpersonatePrivilege	5016	msiexec.exe
Token: SeCreateGlobalPrivilege	5016	msiexec.exe
Token: SeCreateTokenPrivilege	5016	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5016	msiexec.exe
Token: SeLockMemoryPrivilege	5016	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5016	msiexec.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 1512	4168	msiexec.exe	54
PID 4168 wrote to memory of 1512	4168	msiexec.exe	54
PID 4168 wrote to memory of 1512	4168	msiexec.exe	54

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5016

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 632E885282E458FDF897599A57E1D696 C
  2⤵
  - Loads dropped DLL
  PID:1512
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:2144
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A87D4B06F8A3C82E1FC9A84291743F67
  2⤵
  PID:2560
- C:\Windows\Installer\MSIEB2E.tmp
  "C:\Windows\Installer\MSIEB2E.tmp" /DontWait C:/Windows/System32/rundll32.exe C:\Users\Admin\AppData\Local\Putty/setordinal.dll,bhuf
  2⤵
  PID:4956

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4088

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Local\Putty/setordinal.dll,bhuf
1⤵
PID:4112
- C:\Windows\System32\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Roaming\Custom_update\Update_48ca837.dll", bhuf
  2⤵
  PID:4508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Putty\setordinal.dll

Filesize
158KB

MD5
bccf6b126bab389ebf1558f381438cf4

SHA1
130f502986d4421a3ea22e25610aa85962d421e5

SHA256
c081631d8a93a64e9cbccc8864479b94e3b74815e6a21e952b3f731709d94090

SHA512
70808e224017aeb57e97ff30f4f21ede2532235489b4b1980672881145311e3371a742eb0c1f7b0ac2c643629e4ecd3ca20ffbd1ac499cd91f3e6a1d77c1bbd9

Download Submit
C:\Users\Admin\AppData\Local\Putty\setordinal.dll

Filesize
37KB

MD5
10891284e5f2fdf54b02800a8f224d85

SHA1
cbe84b05ffe1fa5286890c9e4a65283a12caa3c7

SHA256
564daf4d920a32bdc517b2bef617427bf7a644faf84103afcd7bf0ec8131f5a5

SHA512
3ccde73d6d6d05b92bc43e7011e3be6838f54ed1fc824680456f11738bc15fc8a84c61a619d776a802fef2dc25349c5c96df5a1007478306e8f03b837c338122

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI91C0.tmp

Filesize
50KB

MD5
a1d18704827f8c6b0fd0b88a21dd3288

SHA1
9a8e21138e13eb20839fee6814eaa5df7e450844

SHA256
4ec5da9ac30440733b0d8772c06a55ac138136aed6fb1af278fd837029401cb1

SHA512
304c85b71a3bbe601c2cb41bb37a8667235a7e831b3f114a669e7666036afd7598955fd2c1c54de1c3e28bfe046314031ace73e34d4ca2938a7e0bf3ef2a9e73

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI91C0.tmp

Filesize
9KB

MD5
bd55c59943fbf6f53ed94939472e6caa

SHA1
dacdd37995bc3b73c27eb5f20e6a1ead4a2bfe65

SHA256
7483401b16d46993d6e1a3016d6c3b83b4464c02d89ca933674210c49fe9fa84

SHA512
a5dd5a2c4ebf77c3a97f989491183f99877d1278ffb6dcc08ee9eed75bf46e1a92142f08ea04a83234fe01627a618f5821bec5365a913f7b171834502f822638

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9490.tmp

Filesize
21KB

MD5
901036504ad1ca480b86f08a3ce7c055

SHA1
d11298a57c19c68d2a0b6a88def19ee5c6d91612

SHA256
30609c0999f9114a0b3ac1ae44a16eb4ba01763f8eca02643849f455d424b67b

SHA512
473852031ff3196c77f69a55b0c0678327491f89d6f3f12cf9723950cca72900cfa9a37360d8f221a40939348aa8d0bf8de2e73fb2a799c73e698f1a068794a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9490.tmp

Filesize
1KB

MD5
c2327fe5587eb5a4767a2f9c08e6c900

SHA1
670367b6b1acb9462b2da0968ad57a699ebb2d65

SHA256
a6ce41d64b60fc717aa71998978d59827bacf6b86a355bbb6394b5f0dba3e49a

SHA512
84d839600821e0104d5b4ef233550b72b1b4fdfb4bd59591baf0efb3aa1a2f845c5d52c40f032537962744beb65705f5c28717798cf77fc920e62c1f26bb6ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI94D0.tmp

Filesize
63KB

MD5
6a3b31ff9753bc9a056f162c21d3152e

SHA1
e110db53c628ddef36117c7e58bc144a7d52860e

SHA256
10c08a929e692bfb5e37e1e7533991d6ea30915cf069d26c49179c070a21ed23

SHA512
b4f83930d24f0666ed8740df1e8b6be67d2249298ae386e154bf9e0da5df9a67997b8900aec648adae326e6f52b74ad1a7b135a8ba4263cdbfd2a6b498936032

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI94D0.tmp

Filesize
3KB

MD5
331ff453ccaf74d5fb9ad7ebc185ecd0

SHA1
c21a0628c41b2b8d013cc75b22b86a5e4417f533

SHA256
ebc8536ef9b0f4a7acec4a312029f3cdd4945fa95ac797360cfb0f5d07c08e12

SHA512
d63b3ebe281b911e6b93036665088af9e3fc02de25e189b23e696ea82e0c9be60ed8527285f7f53a134cb941f583e680d980b26dc09d392ad190c1e895819081

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI94F0.tmp

Filesize
23KB

MD5
6a8d3a4a2f14982b226851fa47243213

SHA1
22a7b733f85a2c7892fae4ce4fd3e1216db56235

SHA256
92888f80b8a50041a469c861b7f5ecec5159d66b71ec7b216cf8abd672e82817

SHA512
acb9413d730784ba608edc2709e6ea53c5d61b1e73503f91f19e24551fdefbe8f319c30111bed308c5f844624ae0f8961240ea1634013f3cf0910ac5fab709e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI94F0.tmp

Filesize
37KB

MD5
ba68cbea9c5a11592c662aca68444c6c

SHA1
20428eecea71a6056b8fab51005f567c5685f9c6

SHA256
b81c97679cace2e425e79242a12e9fc75f5f22e20db53f110aac7a6910edbce4

SHA512
21a6f64685c6d9d9f6ff6ac91dfa700cdcbbbcd589cd484a67d54fc9f8e8dfdfeb10130fc50464551b10ea0d51fd5900a494c742f9d0c9ff30043e7247ad6220

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI959D.tmp

Filesize
57KB

MD5
307e772557a1847738a69f341d133f8b

SHA1
2d2e90152774652e75dad00177d4175586a16344

SHA256
5f2414730a98998ed03d064adda4d8790b4a2e03e64edfd9aae0d31d98533949

SHA512
831e4ca50d6b0b729704aae5fdda36a7493cc2f6896086eb4bf0ddd87c89a747ab709fbc74550761469272b35cce2cdec642008e7904174ef93dc0ad74154e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI95CD.tmp

Filesize
99KB

MD5
45731f6b01fd8458ec454246f1d38f68

SHA1
29fea9157cd32ef42d65cf0f3c302adc41988b50

SHA256
600342dba0c5fd76e417141a062383b6441d07d78969cd7e013934c909c0e47c

SHA512
67fd088e5a1301d8012789b555f801126a2b77a07f71b01e3228068dd1bd94dfba1efaaa8d4528533b245f9d38de790c7a1b4d2a2fadfc3b149cfaebfeac7b7e

Download Submit
C:\Users\Admin\AppData\Roaming\Custom_update\Update_48ca837.dll

Filesize
92KB

MD5
a30567756b1a1f7dec69d1a1d05cf710

SHA1
0930d46badca3542a4fc14298e37b6dc8875f60e

SHA256
15212795020a00c3db46b9abb7cb4342738449b1baee354fb95d8a23726eacb2

SHA512
2518eda63251ccdc64d57f4da92dd49fda816a52edb4e0a8b5e9fcc5c045542b9cd22dee57cf8bcad88465364e0bf82ac6f5706a87f81eb50d5ad3da240cc4f0

Download Submit
C:\Users\Admin\AppData\Roaming\Custom_update\Update_48ca837.dll

Filesize
54KB

MD5
4298ea3a8e558edb8ec1b4bc4b069500

SHA1
e596870f57a28e6aa35ec3d7c4362d2fefe2308b

SHA256
e22c349d6aad562f81abd023ac59cdb9a8ca14b7a20e25b3543feb48ff645d04

SHA512
60a890fc599152cf6888e2a2de15c4862698da19ab17d52ba8050f80cdb91cf743b749dfcfafa9a239d9cff616f9e62c3cec3772299524e13dba631335ec4593

Download Submit
C:\Windows\Installer\MSIE9C4.tmp

Filesize
86KB

MD5
60eb466919b68f9eb461412905c61f4d

SHA1
2790e8f161a6f8928feffee11fca5af19300f640

SHA256
21fbcf97320adb508ff71033733d84d37f63fe8aea020ee4517b26cc54227a05

SHA512
ab5f3b5b8b1ac4e0b547714dc0aca549baa89603a3b3ce13ae9c1c3c52f1e582af6df9f95e254f4f338785f21c43c2057628dccc71b2c341a32d0c78383c120a

Download Submit
C:\Windows\Installer\MSIEB2E.tmp

Filesize
389KB

MD5
b9545ed17695a32face8c3408a6a3553

SHA1
f6c31c9cd832ae2aebcd88e7b2fa6803ae93fc83

SHA256
1e0e63b446eecf6c9781c7d1cae1f46a3bb31654a70612f71f31538fb4f4729a

SHA512
f6d6dc40dcba5ff091452d7cc257427dcb7ce2a21816b4fec2ee249e63246b64667f5c4095220623533243103876433ef8c12c9b612c0e95fdfffe41d1504e04

Download Submit
C:\Windows\Installer\MSIEB2E.tmp

Filesize
31KB

MD5
b36703f684eace360768e75dbac204fe

SHA1
9cce95adf272b365b10d506b562c172352ba12ff

SHA256
c6de565247517027b3caa4bcef11f35413b68871f3892a7a5a3c5c1b082e50af

SHA512
5fd37c1896bdd922d94b788b1176a876ff181555045a07ca1dd041a31f8b57a3f6f0565f81732ef1d67ecb0bf78f19ac7935ba5c1c195bcf3d7d4a936b977b19

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
157KB

MD5
365ce8065975608cd1ffc2e805778621

SHA1
4c80345556a2be7b761c5272baa4eb2c0c5ca3c0

SHA256
6ee949a9bd1050aa8a4f4e3195197100ba4629846a2020710d871198df2fd349

SHA512
6328c2634abb348f04c03db65ac1f2e99aac244f99ebd057985722a187be984d9969aabc707d3b631844cbb9ab16817c52a3bcfc885015228245bb6bc9551cd7

Download Submit
\??\Volume{0d06ec8b-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{e4880200-29dc-4853-8aee-ac2f9d8de3ae}_OnDiskSnapshotProp

Filesize
6KB

MD5
a4320a23bb6427f50aa6ba651f9e4981

SHA1
9a8ea154a55f858e870f299714a89ad2ce8833e2

SHA256
da23a1e8d2156388c4c77dead0d0c0ad70ce72c2e4cf4ccb6fa40157ce27d853

SHA512
fff10a3e42998c19f50d2f0a8259100d2ad9069900b1af5afb55d4ed941c127e313e4346c3dd7298656fdc4ed0b0ea9cd97b2cd88a37b90fe2cf60a2223f74d9

Download Submit
memory/4112-62-0x0000023B85F00000-0x0000023B85F11000-memory.dmp

Filesize
68KB

Download
memory/4112-66-0x0000023B85F40000-0x0000023B85F53000-memory.dmp

Filesize
76KB

Download
memory/4112-65-0x0000023B85F40000-0x0000023B85F53000-memory.dmp

Filesize
76KB

Download
memory/4112-60-0x0000023B85F20000-0x0000023B85F34000-memory.dmp

Filesize
80KB

Download
memory/4112-68-0x0000023B85F40000-0x0000023B85F53000-memory.dmp

Filesize
76KB

Download
memory/4508-76-0x000001DAE3F60000-0x000001DAE3F73000-memory.dmp

Filesize
76KB

Download
memory/4508-77-0x000001DAE3F60000-0x000001DAE3F73000-memory.dmp

Filesize
76KB

Download
memory/4508-75-0x000001DAE3F60000-0x000001DAE3F73000-memory.dmp

Filesize
76KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads