Overview
overview
10Static
static
10@_136 @828...SM.exe
windows7-x64
7@_136 @828...SM.exe
windows10-2004-x64
7TrashMalwa...in.exe
windows7-x64
8TrashMalwa...in.exe
windows10-2004-x64
8AdStRkJ.exe
windows7-x64
8AdStRkJ.exe
windows10-2004-x64
8Anatralier.exe
windows7-x64
7Anatralier.exe
windows10-2004-x64
7TrashMalwa...er.exe
windows7-x64
3TrashMalwa...er.exe
windows10-2004-x64
8TrashMalwa...nk.exe
windows7-x64
8TrashMalwa...nk.exe
windows10-2004-x64
8TrashMalwa...oN.bat
windows7-x64
8TrashMalwa...oN.bat
windows10-2004-x64
8TrashMalwa...zz.exe
windows7-x64
6TrashMalwa...zz.exe
windows10-2004-x64
6TrashMalwa...de.exe
windows7-x64
7TrashMalwa...de.exe
windows10-2004-x64
7TrashMalwa...20.exe
windows7-x64
4TrashMalwa...20.exe
windows10-2004-x64
7TrashMalwa...ll.exe
windows7-x64
7TrashMalwa...ll.exe
windows10-2004-x64
7TrashMalwa...le.exe
windows7-x64
8TrashMalwa...le.exe
windows10-2004-x64
8TrashMalwa...oe.bat
windows7-x64
8TrashMalwa...oe.bat
windows10-2004-x64
8TrashMalwa....0.exe
windows7-x64
6TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
8TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
7TrashMalwa....0.exe
windows10-2004-x64
7Analysis
-
max time kernel
159s -
max time network
167s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-03-2024 20:26
Behavioral task
behavioral1
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
TrashMalwares-main/AcidRain.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TrashMalwares-main/AcidRain.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
AdStRkJ.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
AdStRkJ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Anatralier.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
Anatralier.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
TrashMalwares-main/FaZoN.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
TrashMalwares-main/FaZoN.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
TrashMalwares-main/Fizz.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
TrashMalwares-main/Fizz.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
TrashMalwares-main/Ginxide.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
TrashMalwares-main/Ginxide.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win10v2004-20240226-en
General
-
Target
TrashMalwares-main/NetPakoe.bat
-
Size
635B
-
MD5
6c5a9741a170d3ac2e2c89d3e91ea6ea
-
SHA1
7034266eefee8c6437d966f5d91ea82e50e10d59
-
SHA256
4d1a5d2255194f08a772aef2363514890ecd620dfc49e5b701fc8f2e2388e616
-
SHA512
9dcf12e971da1c78d92dd7ff824d50e8487ae61bfb9dcbfea6c38f8ebba22994fde19d825e44f4632aba9e0fc34d75cd87e090b75ed78b51b908128cc22ce29c
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 2 IoCs
Processes:
explorer.exeexplorer.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe -
Drops startup file 6 IoCs
Processes:
cmd.execmd.execmd.execmd.execmd.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe -
Kills process with taskkill 64 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exepid process 1552 taskkill.exe 3368 taskkill.exe 2172 taskkill.exe 3160 taskkill.exe 3276 taskkill.exe 2728 taskkill.exe 2884 taskkill.exe 1428 taskkill.exe 2532 taskkill.exe 2436 taskkill.exe 1684 taskkill.exe 2600 taskkill.exe 3180 taskkill.exe 1988 taskkill.exe 2220 taskkill.exe 2272 taskkill.exe 2932 taskkill.exe 3084 taskkill.exe 3724 taskkill.exe 2816 taskkill.exe 3848 taskkill.exe 3884 taskkill.exe 1572 taskkill.exe 2916 taskkill.exe 2832 taskkill.exe 2132 taskkill.exe 2504 taskkill.exe 3772 taskkill.exe 4084 taskkill.exe 1672 taskkill.exe 3416 taskkill.exe 3076 taskkill.exe 3140 taskkill.exe 1252 taskkill.exe 2916 taskkill.exe 1044 taskkill.exe 2060 taskkill.exe 300 taskkill.exe 3036 taskkill.exe 2252 taskkill.exe 2780 taskkill.exe 1284 taskkill.exe 1336 taskkill.exe 2164 taskkill.exe 1336 taskkill.exe 3404 taskkill.exe 2244 taskkill.exe 2164 taskkill.exe 2160 taskkill.exe 3080 taskkill.exe 3996 taskkill.exe 3552 taskkill.exe 2652 taskkill.exe 2424 taskkill.exe 2096 taskkill.exe 3696 taskkill.exe 2752 taskkill.exe 1284 taskkill.exe 2264 taskkill.exe 2456 taskkill.exe 1424 taskkill.exe 520 taskkill.exe 2640 taskkill.exe 1980 taskkill.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exedescription pid process Token: SeDebugPrivilege 2640 taskkill.exe Token: SeDebugPrivilege 1980 taskkill.exe Token: SeDebugPrivilege 1044 taskkill.exe -
Suspicious use of WriteProcessMemory 42 IoCs
Processes:
cmd.execmd.execmd.execmd.execmd.exedescription pid process target process PID 2632 wrote to memory of 2652 2632 cmd.exe taskkill.exe PID 2632 wrote to memory of 2652 2632 cmd.exe taskkill.exe PID 2632 wrote to memory of 2652 2632 cmd.exe taskkill.exe PID 2632 wrote to memory of 2640 2632 cmd.exe taskkill.exe PID 2632 wrote to memory of 2640 2632 cmd.exe taskkill.exe PID 2632 wrote to memory of 2640 2632 cmd.exe taskkill.exe PID 2632 wrote to memory of 3064 2632 cmd.exe cmd.exe PID 2632 wrote to memory of 3064 2632 cmd.exe cmd.exe PID 2632 wrote to memory of 3064 2632 cmd.exe cmd.exe PID 2632 wrote to memory of 2544 2632 cmd.exe cmd.exe PID 2632 wrote to memory of 2544 2632 cmd.exe cmd.exe PID 2632 wrote to memory of 2544 2632 cmd.exe cmd.exe PID 2632 wrote to memory of 2552 2632 cmd.exe explorer.exe PID 2632 wrote to memory of 2552 2632 cmd.exe explorer.exe PID 2632 wrote to memory of 2552 2632 cmd.exe explorer.exe PID 3064 wrote to memory of 2432 3064 cmd.exe taskkill.exe PID 3064 wrote to memory of 2432 3064 cmd.exe taskkill.exe PID 3064 wrote to memory of 2432 3064 cmd.exe taskkill.exe PID 2544 wrote to memory of 3036 2544 cmd.exe taskkill.exe PID 2544 wrote to memory of 3036 2544 cmd.exe taskkill.exe PID 2544 wrote to memory of 3036 2544 cmd.exe taskkill.exe PID 3064 wrote to memory of 1980 3064 cmd.exe taskkill.exe PID 3064 wrote to memory of 1980 3064 cmd.exe taskkill.exe PID 3064 wrote to memory of 1980 3064 cmd.exe taskkill.exe PID 2544 wrote to memory of 1044 2544 cmd.exe taskkill.exe PID 2544 wrote to memory of 1044 2544 cmd.exe taskkill.exe PID 2544 wrote to memory of 1044 2544 cmd.exe taskkill.exe PID 3064 wrote to memory of 536 3064 cmd.exe cmd.exe PID 3064 wrote to memory of 536 3064 cmd.exe cmd.exe PID 3064 wrote to memory of 536 3064 cmd.exe cmd.exe PID 3064 wrote to memory of 1508 3064 cmd.exe cmd.exe PID 3064 wrote to memory of 1508 3064 cmd.exe cmd.exe PID 3064 wrote to memory of 1508 3064 cmd.exe cmd.exe PID 3064 wrote to memory of 1660 3064 cmd.exe explorer.exe PID 3064 wrote to memory of 1660 3064 cmd.exe explorer.exe PID 3064 wrote to memory of 1660 3064 cmd.exe explorer.exe PID 1508 wrote to memory of 2728 1508 cmd.exe taskkill.exe PID 1508 wrote to memory of 2728 1508 cmd.exe taskkill.exe PID 1508 wrote to memory of 2728 1508 cmd.exe taskkill.exe PID 536 wrote to memory of 2752 536 cmd.exe taskkill.exe PID 536 wrote to memory of 2752 536 cmd.exe taskkill.exe PID 536 wrote to memory of 2752 536 cmd.exe taskkill.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\NetPakoe.bat"1⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F2⤵
- Kills process with taskkill
PID:2652
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2640
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat2⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F3⤵PID:2432
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1980
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat3⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:536 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F4⤵
- Kills process with taskkill
PID:2752
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F4⤵
- Kills process with taskkill
PID:1988
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat4⤵PID:1932
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵
- Kills process with taskkill
PID:2264
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Kills process with taskkill
PID:2916
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:868
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:1588
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
PID:520
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:2264
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:2532
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:1304
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:2900
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:2060
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:2816
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:2692
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:2400
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:1428
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
PID:1044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:1584
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:3084
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:3736
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:1696
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:984
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:2060
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:984
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:704
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe4⤵PID:1544
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵PID:2568
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵PID:1796
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:1632
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:1436
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:320
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:2684
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:3160
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:1572
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:2404
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:1484
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:3500
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:464
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:1752
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵
- Kills process with taskkill
PID:2424
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
PID:2252
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:2176
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:3416
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:2396
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:1776
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:3460
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:2896
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:2316
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:2168
-
-
-
C:\Windows\explorer.exeexplorer4⤵PID:1416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe3⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:1508 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F4⤵
- Kills process with taskkill
PID:2728
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F4⤵PID:1640
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat4⤵PID:2812
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵
- Kills process with taskkill
PID:1252
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵PID:2284
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:2736
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:1944
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:2924
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:1416
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:2884
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:1684
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:3212
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:3772
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:2792
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:3696
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:2588
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:1800
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:2272
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:1588
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:3460
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:3804
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:912
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:3436
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:3408
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:2644
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:2712
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵
- Kills process with taskkill
PID:1336
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:1756
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:872
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:1216
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:2160
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:2120
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:3140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:3572
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:3076
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:3528
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:2032
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:2164
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:1428
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:1712
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:3820
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:3308
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:3996
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:3456
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:3060
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:2716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe4⤵PID:568
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵
- Kills process with taskkill
PID:1672
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵PID:532
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:1060
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵
- Kills process with taskkill
PID:2456
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:1896
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:1100
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:3648
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:3276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:1628
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:3724
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:3176
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:2456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:2904
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:1420
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:2656
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:1320
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:3368
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:2172
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:1664
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:3628
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:3884
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:2056
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:2144
-
-
-
C:\Windows\explorer.exeexplorer4⤵PID:3032
-
-
-
C:\Windows\explorer.exeexplorer3⤵
- Modifies Installed Components in the registry
PID:1660
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe2⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F3⤵
- Kills process with taskkill
PID:3036
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat3⤵PID:1900
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F4⤵PID:2056
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F4⤵
- Kills process with taskkill
PID:2244
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat4⤵PID:1568
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵PID:2868
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Kills process with taskkill
PID:2132
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:1732
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵
- Kills process with taskkill
PID:3848
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
PID:4084
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:2008
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:3828
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:924
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:1712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe4⤵PID:1864
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵PID:1828
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Kills process with taskkill
PID:2220
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:3292
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵
- Kills process with taskkill
PID:3180
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:3300
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵
- Kills process with taskkill
PID:3552
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:3916
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:3308
-
-
-
C:\Windows\explorer.exeexplorer4⤵PID:2836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe3⤵PID:1916
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F4⤵
- Kills process with taskkill
PID:1424
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F4⤵PID:1964
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat4⤵PID:2000
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵
- Kills process with taskkill
PID:1284
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵PID:1376
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:1368
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵
- Kills process with taskkill
PID:2164
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
PID:2832
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:612
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:2100
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:2780
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:3668
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:2276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:3680
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:4064
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:300
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:3688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:936
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:2096
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:1376
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:3940
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:3404
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:3948
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:1284
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:3956
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:1072
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:368
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:1904
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
PID:2916
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:2284
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:1552
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:2236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:1576
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:1336
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:2932
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:1556
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:1728
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe4⤵PID:1884
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵PID:968
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵PID:2692
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:424
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:2584
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:1964
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:3224
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:3528
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:3656
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:3240
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:3600
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:3392
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:3248
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:824
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:2668
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:1372
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:2360
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:1664
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:2600
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:2920
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:3844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:3148
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:4016
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:2164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:2636
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:2436
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:2504
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:2084
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:3080
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:1376
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:2740
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:3972
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:2920
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:1980
-
-
-
C:\Windows\explorer.exeexplorer4⤵PID:684
-
-
-
C:\Windows\explorer.exeexplorer3⤵PID:2220
-
-
-
C:\Windows\explorer.exeexplorer2⤵
- Modifies Installed Components in the registry
PID:2552
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
635B
MD56c5a9741a170d3ac2e2c89d3e91ea6ea
SHA17034266eefee8c6437d966f5d91ea82e50e10d59
SHA2564d1a5d2255194f08a772aef2363514890ecd620dfc49e5b701fc8f2e2388e616
SHA5129dcf12e971da1c78d92dd7ff824d50e8487ae61bfb9dcbfea6c38f8ebba22994fde19d825e44f4632aba9e0fc34d75cd87e090b75ed78b51b908128cc22ce29c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e