Overview
overview
10Static
static
10@_136 @828...SM.exe
windows7-x64
7@_136 @828...SM.exe
windows10-2004-x64
7TrashMalwa...in.exe
windows7-x64
8TrashMalwa...in.exe
windows10-2004-x64
8AdStRkJ.exe
windows7-x64
8AdStRkJ.exe
windows10-2004-x64
8Anatralier.exe
windows7-x64
7Anatralier.exe
windows10-2004-x64
7TrashMalwa...er.exe
windows7-x64
3TrashMalwa...er.exe
windows10-2004-x64
8TrashMalwa...nk.exe
windows7-x64
8TrashMalwa...nk.exe
windows10-2004-x64
8TrashMalwa...oN.bat
windows7-x64
8TrashMalwa...oN.bat
windows10-2004-x64
8TrashMalwa...zz.exe
windows7-x64
6TrashMalwa...zz.exe
windows10-2004-x64
6TrashMalwa...de.exe
windows7-x64
7TrashMalwa...de.exe
windows10-2004-x64
7TrashMalwa...20.exe
windows7-x64
4TrashMalwa...20.exe
windows10-2004-x64
7TrashMalwa...ll.exe
windows7-x64
7TrashMalwa...ll.exe
windows10-2004-x64
7TrashMalwa...le.exe
windows7-x64
8TrashMalwa...le.exe
windows10-2004-x64
8TrashMalwa...oe.bat
windows7-x64
8TrashMalwa...oe.bat
windows10-2004-x64
8TrashMalwa....0.exe
windows7-x64
6TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
8TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
7TrashMalwa....0.exe
windows10-2004-x64
7Analysis
-
max time kernel
96s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 20:26
Behavioral task
behavioral1
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
TrashMalwares-main/AcidRain.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TrashMalwares-main/AcidRain.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
AdStRkJ.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
AdStRkJ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Anatralier.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
Anatralier.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
TrashMalwares-main/FaZoN.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
TrashMalwares-main/FaZoN.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
TrashMalwares-main/Fizz.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
TrashMalwares-main/Fizz.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
TrashMalwares-main/Ginxide.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
TrashMalwares-main/Ginxide.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win10v2004-20240226-en
General
-
Target
TrashMalwares-main/NetPakoe3.0.exe
-
Size
188KB
-
MD5
912c74cb1e5e132515956f5c8470114a
-
SHA1
71556617096cdb4b70b220568f1d3697362c14a5
-
SHA256
6376111c1c39414187abeae4c6a75ae58351b2202802afc9bde2be5ceae0f400
-
SHA512
c4a0a299d085a33e567ebcc6586c911a130425c805d71175362c09c46eb0739a040c787fa1d3f9e9f06aad14bac686adc10d1bae75602e96f1c7238f3d4e73d6
-
SSDEEP
3072:YhM2idhON/D8259BH1DzJ5PzVNtGgc+F9TBfV0gwzH:Yh3idhONY259BH1DzJ5PzVNtGgc+F9TA
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
NetPakoe3.0.exewscript.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation NetPakoe3.0.exe Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation wscript.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
wscript.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Program = "C:\\TEMP\\NetPakoe3.0.exe /autorun" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 20 IoCs
Processes:
calc.execalc.exeexplorer.exeexplorer.exeexplorer.exeexplorer.execalc.exeexplorer.execalc.execalc.exeexplorer.exeexplorer.exeexplorer.exeexplorer.execalc.execalc.execalc.execalc.exeexplorer.execalc.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
wscript.exepid process 4580 wscript.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1160 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1160 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
OpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exepid process 208 OpenWith.exe 5048 OpenWith.exe 4188 OpenWith.exe 5176 OpenWith.exe 2932 OpenWith.exe 1500 OpenWith.exe 5312 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
NetPakoe3.0.exewscript.exedescription pid process target process PID 844 wrote to memory of 4580 844 NetPakoe3.0.exe wscript.exe PID 844 wrote to memory of 4580 844 NetPakoe3.0.exe wscript.exe PID 4580 wrote to memory of 2868 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 2868 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 3460 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 3460 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 1876 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 1876 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 1284 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 1284 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 4436 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 4436 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 2620 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 2620 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 4456 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 4456 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 4160 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 4160 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 2344 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 2344 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 4488 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 4488 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 2140 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 2140 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 4820 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 4820 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 1556 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 1556 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 548 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 548 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 4960 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 4960 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 488 4580 wscript.exe calc.exe PID 4580 wrote to memory of 488 4580 wscript.exe calc.exe PID 4580 wrote to memory of 1072 4580 wscript.exe calc.exe PID 4580 wrote to memory of 1072 4580 wscript.exe calc.exe PID 4580 wrote to memory of 2524 4580 wscript.exe calc.exe PID 4580 wrote to memory of 2524 4580 wscript.exe calc.exe PID 4580 wrote to memory of 1716 4580 wscript.exe calc.exe PID 4580 wrote to memory of 1716 4580 wscript.exe calc.exe PID 4580 wrote to memory of 4816 4580 wscript.exe calc.exe PID 4580 wrote to memory of 4816 4580 wscript.exe calc.exe PID 4580 wrote to memory of 2748 4580 wscript.exe calc.exe PID 4580 wrote to memory of 2748 4580 wscript.exe calc.exe PID 4580 wrote to memory of 3568 4580 wscript.exe calc.exe PID 4580 wrote to memory of 3568 4580 wscript.exe calc.exe PID 4580 wrote to memory of 3664 4580 wscript.exe explorer.exe PID 4580 wrote to memory of 3664 4580 wscript.exe explorer.exe PID 4580 wrote to memory of 2300 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 2300 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 1632 4580 wscript.exe calc.exe PID 4580 wrote to memory of 1632 4580 wscript.exe calc.exe PID 4580 wrote to memory of 5032 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 5032 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 2752 4580 wscript.exe explorer.exe PID 4580 wrote to memory of 2752 4580 wscript.exe explorer.exe PID 4580 wrote to memory of 4212 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 4212 4580 wscript.exe cmd.exe PID 4580 wrote to memory of 2496 4580 wscript.exe calc.exe PID 4580 wrote to memory of 2496 4580 wscript.exe calc.exe PID 4580 wrote to memory of 1620 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 1620 4580 wscript.exe notepad.exe PID 4580 wrote to memory of 776 4580 wscript.exe explorer.exe PID 4580 wrote to memory of 776 4580 wscript.exe explorer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\NetPakoe3.0.exe"C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\NetPakoe3.0.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:844 -
C:\Windows\system32\wscript.exe"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\A8F2.tmp\A8F3.tmp\A8F4.vbs //Nologo2⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:4580 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:2868
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:3460
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:1876
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:1284
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:4436
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:2620
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:4456
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:4160
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:2344
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:4488
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:2140
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:4820
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:1556
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:548
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:4960
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:488
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:1072
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:2524
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:1716
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:4816
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:2748
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:3568
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:3664
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:2300
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:1632
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:5032
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:2752
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:4212
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:2496
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:1620
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:776
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:872
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:4584
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:2888
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:3932
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:456
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:5184
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:5224
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:5256
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:5296
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:5448
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:5496
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:5556
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:5632
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:5704
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:5760
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:5812
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:5884
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:5952
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:6040
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:6100
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:3864
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:5164
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:5272
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:3416
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:3932
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:4448
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:2668
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
PID:3856
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:4940
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:2992
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:6208
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:6272
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:6320
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:6416
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:6516
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:6552
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:6600
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:6652
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:6736
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:6860
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:6896
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:6976
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:7032
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:7076
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:5944
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:2284
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:1432
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:752
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:2588
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:2068
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:6180
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:5160
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:5176
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:6172
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:4204
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:5564
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:5288
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:1020
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:6556
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:452
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:3960
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:5656
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:5444
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:556
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:720
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:5520
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:5848
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵PID:572
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:1316
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x494 0x5041⤵
- Suspicious use of AdjustPrivilegeToken
PID:1160
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:208
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:2932
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:1500
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4188
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5048
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5176
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5312
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5420
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5516
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5656
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5800
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5900
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6028
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5260
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3964
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6296
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6488
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6676
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6960
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5124
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1908
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3404
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5864
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6188
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD536072dc09cf0a99e3936b50bacd9a3e5
SHA1731ede51ad7869ae0b01248267b0354a5fe52cba
SHA256a8dd0c012506f5ec41f90909e88de316ce3cbdb294db2b925c832af104e8b94f
SHA512c4d9858e67295ef124218e2493e9990427df16bc722df621ffebbcc4229e270f42fbccd9a2376448c19319ab18c1982f6d9a7371a77c148d434a64b8fe0a874d