Overview
overview
10Static
static
7TheMalware...20.exe
windows7-x64
4TheMalware...20.exe
windows10-2004-x64
7TheMalware...om.bat
windows7-x64
1TheMalware...om.bat
windows10-2004-x64
1TheMalware...er.exe
windows7-x64
TheMalware...er.exe
windows10-2004-x64
TheMalware.../1.vbs
windows7-x64
1TheMalware.../1.vbs
windows10-2004-x64
1TheMalware...ad.exe
windows7-x64
8TheMalware...ad.exe
windows10-2004-x64
8TheMalware...os.vbs
windows7-x64
1TheMalware...os.vbs
windows10-2004-x64
1TheMalware...er.hta
windows7-x64
1TheMalware...er.hta
windows10-2004-x64
3TheMalware...r.html
windows7-x64
1TheMalware...r.html
windows10-2004-x64
1TheMalware...in.bat
windows7-x64
TheMalware...in.bat
windows10-2004-x64
TheMalware...ix.bat
windows7-x64
1TheMalware...ix.bat
windows10-2004-x64
1TheMalware...er.exe
windows7-x64
1TheMalware...er.exe
windows10-2004-x64
1TheMalware...er.exe
windows7-x64
5TheMalware...er.exe
windows10-2004-x64
5TheMalware.../o.vbs
windows7-x64
1TheMalware.../o.vbs
windows10-2004-x64
1TheMalware...op.vbs
windows7-x64
1TheMalware...op.vbs
windows10-2004-x64
TheMalware...om.vbs
windows7-x64
1TheMalware...om.vbs
windows10-2004-x64
1TheMalware...es.exe
windows7-x64
7TheMalware...es.exe
windows10-2004-x64
7Analysis
-
max time kernel
155s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 20:29
Behavioral task
behavioral1
Sample
TheMalwaredev-s-garbage-main/Install Windows20.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
TheMalwaredev-s-garbage-main/Install Windows20.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
TheMalwaredev-s-garbage-main/Install Windows20/doom.bat
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TheMalwaredev-s-garbage-main/Install Windows20/doom.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer.exe
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/1.vbs
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/1.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/dead.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/dead.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/dos.vbs
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/dos.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/explorer.hta
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/explorer.hta
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/explorer.html
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/explorer.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/main.bat
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/main.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/matrix.bat
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/matrix.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/melter.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/melter.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/mover.exe
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/mover.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/o.vbs
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/o.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/op.vbs
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/op.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/random.vbs
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/random.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/res.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
TheMalwaredev-s-garbage-main/Install Windows20/installer/res.exe
Resource
win10v2004-20240226-en
General
-
Target
TheMalwaredev-s-garbage-main/Install Windows20/installer/res.exe
-
Size
22.0MB
-
MD5
80d4dbeb01772ef8099c55c1f58d7ce1
-
SHA1
7a6e504c80069c2e3bfe25e00cd5bd43fcbf0565
-
SHA256
52518fb62c991f5f3ff28cbf823703273069830b2aca8ab21e2a8831db4db21c
-
SHA512
2135e31ee83a1bbae77fea41429f23fdc8d2f558f925e78df564fee33723861e9f01539664adf8af0a774ce3e8b00ab97c1bb7260cb2c1795fe7fe4669518246
-
SSDEEP
393216:CHErXhRqTOmlqwnqDSB5DrQr3BloMv06j8wkvSy0ZyWN2ZXos1kPEpjrchaQXAyT:NThRqam5nqDSfwjX738wjyWN2Cs1kPc0
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
res.exeWScript.execmd.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation res.exe Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation WScript.exe Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation cmd.exe -
Executes dropped EXE 1 IoCs
Processes:
melter.exepid process 5104 melter.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
WScript.exedescription ioc process File opened (read-only) \??\B: WScript.exe File opened (read-only) \??\O: WScript.exe File opened (read-only) \??\T: WScript.exe File opened (read-only) \??\Y: WScript.exe File opened (read-only) \??\Q: WScript.exe File opened (read-only) \??\R: WScript.exe File opened (read-only) \??\A: WScript.exe File opened (read-only) \??\H: WScript.exe File opened (read-only) \??\I: WScript.exe File opened (read-only) \??\M: WScript.exe File opened (read-only) \??\P: WScript.exe File opened (read-only) \??\S: WScript.exe File opened (read-only) \??\U: WScript.exe File opened (read-only) \??\V: WScript.exe File opened (read-only) \??\E: WScript.exe File opened (read-only) \??\G: WScript.exe File opened (read-only) \??\J: WScript.exe File opened (read-only) \??\L: WScript.exe File opened (read-only) \??\W: WScript.exe File opened (read-only) \??\K: WScript.exe File opened (read-only) \??\N: WScript.exe File opened (read-only) \??\X: WScript.exe File opened (read-only) \??\Z: WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 20 IoCs
Processes:
timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exepid process 4300 timeout.exe 1928 timeout.exe 456 timeout.exe 4704 timeout.exe 3860 timeout.exe 1456 timeout.exe 4152 timeout.exe 4044 timeout.exe 4496 timeout.exe 4348 timeout.exe 2336 timeout.exe 2544 timeout.exe 1884 timeout.exe 1784 timeout.exe 3912 timeout.exe 2600 timeout.exe 440 timeout.exe 5072 timeout.exe 4480 timeout.exe 3824 timeout.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 3340 taskkill.exe -
Modifies registry class 2 IoCs
Processes:
res.execmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings res.exe Key created \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings cmd.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
Processes:
WScript.exeAUDIODG.EXEtaskkill.exedescription pid process Token: SeShutdownPrivilege 2352 WScript.exe Token: SeCreatePagefilePrivilege 2352 WScript.exe Token: 33 2568 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2568 AUDIODG.EXE Token: SeShutdownPrivilege 2352 WScript.exe Token: SeCreatePagefilePrivilege 2352 WScript.exe Token: SeDebugPrivilege 3340 taskkill.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
res.exeWScript.execmd.exedescription pid process target process PID 2800 wrote to memory of 3608 2800 res.exe WScript.exe PID 2800 wrote to memory of 3608 2800 res.exe WScript.exe PID 2800 wrote to memory of 3608 2800 res.exe WScript.exe PID 3608 wrote to memory of 4380 3608 WScript.exe cmd.exe PID 3608 wrote to memory of 4380 3608 WScript.exe cmd.exe PID 3608 wrote to memory of 4380 3608 WScript.exe cmd.exe PID 4380 wrote to memory of 2352 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 2352 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 2352 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 1784 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 1784 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 1784 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 5104 4380 cmd.exe melter.exe PID 4380 wrote to memory of 5104 4380 cmd.exe melter.exe PID 4380 wrote to memory of 5104 4380 cmd.exe melter.exe PID 4380 wrote to memory of 3496 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 3496 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 3496 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 4152 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 4152 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 4152 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 3128 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 3128 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 3128 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 3912 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 3912 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 3912 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 1192 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 1192 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 1192 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 4044 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 4044 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 4044 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 2364 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 2364 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 2364 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 4496 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 4496 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 4496 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 848 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 848 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 848 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 4348 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 4348 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 4348 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 1500 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 1500 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 1500 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 2600 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 2600 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 2600 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 2480 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 2480 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 2480 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 1928 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 1928 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 1928 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 752 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 752 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 752 4380 cmd.exe WScript.exe PID 4380 wrote to memory of 456 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 456 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 456 4380 cmd.exe timeout.exe PID 4380 wrote to memory of 2512 4380 cmd.exe WScript.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TheMalwaredev-s-garbage-main\Install Windows20\installer\res.exe"C:\Users\Admin\AppData\Local\Temp\TheMalwaredev-s-garbage-main\Install Windows20\installer\res.exe"1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\run.vbs"2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3608 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\cmd.bat" "3⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4380 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\snd.vbs"4⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:2352
-
-
C:\Windows\SysWOW64\timeout.exetimeout 804⤵
- Delays execution with timeout.exe
PID:1784
-
-
C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\melter.exemelter.exe4⤵
- Executes dropped EXE
PID:5104
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:3496
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:4152
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:3128
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:3912
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:1192
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:4044
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:2364
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:4496
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:848
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:4348
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:1500
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:2600
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:2480
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:1928
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:752
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:456
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:2512
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:440
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:1720
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:4704
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:5048
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:3860
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:1784
-
-
C:\Windows\SysWOW64\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
PID:5072
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\likeme.vbs"4⤵PID:1956
-
-
C:\Windows\SysWOW64\timeout.exetimeout 54⤵
- Delays execution with timeout.exe
PID:4300
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\NoEscape.vbs"4⤵PID:208
-
-
C:\Windows\SysWOW64\timeout.exetimeout 54⤵
- Delays execution with timeout.exe
PID:2336
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\NoEscape.vbs"4⤵PID:3240
-
-
C:\Windows\SysWOW64\timeout.exetimeout 54⤵
- Delays execution with timeout.exe
PID:2544
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\NoEscape.vbs"4⤵PID:2148
-
-
C:\Windows\SysWOW64\timeout.exetimeout 54⤵
- Delays execution with timeout.exe
PID:4480
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\op.vbs"4⤵PID:1944
-
-
C:\Windows\SysWOW64\timeout.exetimeout 84⤵
- Delays execution with timeout.exe
PID:3824
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\CmdDesktop\Users\a\b\c\d\temp\op.vbs"4⤵PID:3376
-
-
C:\Windows\SysWOW64\timeout.exetimeout 84⤵
- Delays execution with timeout.exe
PID:1884
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im melter.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3340
-
-
C:\Windows\SysWOW64\timeout.exetimeout 204⤵
- Delays execution with timeout.exe
PID:1456
-
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x4501⤵
- Suspicious use of AdjustPrivilegeToken
PID:2568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4244 --field-trial-handle=2588,i,14229658658073991926,6938034815163866135,262144 --variations-seed-version /prefetch:81⤵PID:2464
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b17223e59994f60c5833030795f2bcac
SHA166f5f5caf68849cfe574cbef7f8278dacdafdd5f
SHA25649fdaa4ee215c3a142144184d0e82964efb4c11c7d8ce726c5806bfca13888ca
SHA512c7aea16c9327e9c19860c4a1487a94cb7edc8953d57aef9617a6d9accd645eb3fecf5e81f0eca6348f9dea86077d55d00546fc270bcd5d5cb9d8c864d9bf0003
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
62B
MD5c613a5c08c5326e673704395d63dcdcc
SHA1dbccc7410a67d633bef046dab24ee55b64d0f1af
SHA2568c7609a125582d9d5bab8b5b020e4f9ef9467795fecc9a5fb38895ee7f6e9418
SHA512d02fc6e220f7f5a7acedc1fece4e282f4889f824e926d73a3ed573767eb8a86c8d21dbd1ed63627b9cc8ad2c4aa532c58adebad98f7c8d3cdaa360a1198c2c9e
-
Filesize
1.8MB
MD5fb74ebc977bcb28d26d23989dfded4fe
SHA1f2e419d0605de9682496a7c191a9723fe55c1779
SHA256d2466e56374b453b8a0c0df3be04b8dd5aa002f3113c73525d586d42f080e434
SHA512b33a23b4c76c9d22df7e738a1ecab0d717d748ef1c2a73cac6362ec8ee18b356a9811996d24d6b4c150bab88137d48910a08e91652c3b6d1f120378083cc88f2
-
Filesize
787B
MD5dfd87cce00d2ea4bb4bf851f28cc0d8f
SHA1d8e679b4bc879ee3ce960fc675a2e32cf9ec4c73
SHA256d036988fa00174c637f2fafa9ac0ca3150bdc4bc9449b319536dfafc33abe4e1
SHA5120356c8b95e0f18b79ead2cf74368e779b145c7c3436123d2034996a91e9dae2d3a7fe84dde5a7a1572686cd76422d261ef3f6c307ddfaa8badc4d5d66350006d
-
Filesize
26B
MD5c11dcd084c37d3efafe67ba11bb6c02a
SHA17041fe5b22b2a373593601a0f7b53bf91b4f8468
SHA2569faf3a654b5139565960b5977d08ca08e03667c2bd1b151d4813a01555f7ec64
SHA512e8d7ba4e76997a144d6a4538ddba5c31e77d2d48c67efa88e86809b5de4748c7ba9a08b4e98582f7a5e07a62bc9c5c98fe16ab947bc8a1b0ea7821cf0a69da1a
-
Filesize
3KB
MD5d9baac374cc96e41c9f86c669e53f61c
SHA1b0ba67bfac3d23e718b3bfdfe120e5446d0229e8
SHA256a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412
SHA5124ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457
-
Filesize
16B
MD5b03f8296e9ca8c4e0775aa97046e7b0f
SHA1ad54c88af769649efbf634050050da2a93fb5699
SHA2569a9c16495a8222ec14d2a276d9235751b498a7cd4c69ab4a78b41f7a7462ea98
SHA5121b3a71e7e7f7a90bcad2ff37727881f3a2063d796ff4551a36eae5ad923c081dd6f0dd2d0ec568b8a94defd5bb9dd2678b1c2a55791784590a605752b566fb6d
-
Filesize
55B
MD5cdfafa9e845ccc0facf0e9338c1ef55c
SHA1ac8e7e70cd63fbb5cb2c3d1635117e9308946cb2
SHA256e8dcb3afcd37591ebc9e959151f1249dab477ac68ad01761600f07dda804d2d2
SHA51201bb8942927bd050d35bd30937ab9d4380b5bd2722da58d0347e3d0f8d39b2ac626ad36fd505c25816b5fcc67635f754cdf7ca19df9af066b4deceb23a0f3803
-
Filesize
221B
MD57f1f2f18b81c7ff47430c518defb9f48
SHA133642f35825428762b8133721ca38466e7b69559
SHA256208337c0a3656061ad50d85b608cc0fec353f71d16ccd6896aae2ed4e5bdfa58
SHA512c441e17a5f48c7b381a233f95b88b640f167ac053584a77e20cf5f9cc0e199527051ce7d39d450573af6db4ea5c8056ed62189322c2e0ba9a6779dae1dbbfc04