description	ioc	Process
File created	C:\Windows\system32\OKVndd\tabcal.exe	cmd.exe
File opened for modification	C:\Windows\system32\OKVndd\tabcal.exe	cmd.exe

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\MSCFile\shell\open\command	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\MSCFile\shell\open	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\MSCFile\shell\open\command\ = "C:\\Windows\\system32\\cmd.exe /c C:\\Users\\Admin\\AppData\\Local\\Temp\\4sao8f.cmd"	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\MSCFile\shell	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\MSCFile	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\MSCFile\shell\open\command	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\MSCFile	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\MSCFile\shell	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\MSCFile\shell\open	Process not Found

pid	Process
2164	rundll32.exe
2164	rundll32.exe
2164	rundll32.exe
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found

description	pid	Process	procid_target
PID 1192 wrote to memory of 2520	1192	Process not Found	28
PID 1192 wrote to memory of 2520	1192	Process not Found	28
PID 1192 wrote to memory of 2520	1192	Process not Found	28
PID 1192 wrote to memory of 2488	1192	Process not Found	29
PID 1192 wrote to memory of 2488	1192	Process not Found	29
PID 1192 wrote to memory of 2488	1192	Process not Found	29
PID 1192 wrote to memory of 2532	1192	Process not Found	31
PID 1192 wrote to memory of 2532	1192	Process not Found	31
PID 1192 wrote to memory of 2532	1192	Process not Found	31
PID 1192 wrote to memory of 1552	1192	Process not Found	32
PID 1192 wrote to memory of 1552	1192	Process not Found	32
PID 1192 wrote to memory of 1552	1192	Process not Found	32
PID 1192 wrote to memory of 2436	1192	Process not Found	34
PID 1192 wrote to memory of 2436	1192	Process not Found	34
PID 1192 wrote to memory of 2436	1192	Process not Found	34
PID 2436 wrote to memory of 2880	2436	eventvwr.exe	35
PID 2436 wrote to memory of 2880	2436	eventvwr.exe	35
PID 2436 wrote to memory of 2880	2436	eventvwr.exe	35
PID 2880 wrote to memory of 1492	2880	cmd.exe	37
PID 2880 wrote to memory of 1492	2880	cmd.exe	37
PID 2880 wrote to memory of 1492	2880	cmd.exe	37
PID 1192 wrote to memory of 2588	1192	Process not Found	40
PID 1192 wrote to memory of 2588	1192	Process not Found	40
PID 1192 wrote to memory of 2588	1192	Process not Found	40
PID 2588 wrote to memory of 2624	2588	cmd.exe	42
PID 2588 wrote to memory of 2624	2588	cmd.exe	42
PID 2588 wrote to memory of 2624	2588	cmd.exe	42
PID 1192 wrote to memory of 1888	1192	Process not Found	43
PID 1192 wrote to memory of 1888	1192	Process not Found	43
PID 1192 wrote to memory of 1888	1192	Process not Found	43
PID 1888 wrote to memory of 1780	1888	cmd.exe	45
PID 1888 wrote to memory of 1780	1888	cmd.exe	45
PID 1888 wrote to memory of 1780	1888	cmd.exe	45
PID 1192 wrote to memory of 2200	1192	Process not Found	46
PID 1192 wrote to memory of 2200	1192	Process not Found	46
PID 1192 wrote to memory of 2200	1192	Process not Found	46
PID 2200 wrote to memory of 320	2200	cmd.exe	48
PID 2200 wrote to memory of 320	2200	cmd.exe	48
PID 2200 wrote to memory of 320	2200	cmd.exe	48
PID 1192 wrote to memory of 532	1192	Process not Found	49
PID 1192 wrote to memory of 532	1192	Process not Found	49
PID 1192 wrote to memory of 532	1192	Process not Found	49
PID 532 wrote to memory of 636	532	cmd.exe	51
PID 532 wrote to memory of 636	532	cmd.exe	51
PID 532 wrote to memory of 636	532	cmd.exe	51
PID 1192 wrote to memory of 1692	1192	Process not Found	52
PID 1192 wrote to memory of 1692	1192	Process not Found	52
PID 1192 wrote to memory of 1692	1192	Process not Found	52
PID 1692 wrote to memory of 792	1692	cmd.exe	54
PID 1692 wrote to memory of 792	1692	cmd.exe	54
PID 1692 wrote to memory of 792	1692	cmd.exe	54
PID 1192 wrote to memory of 652	1192	Process not Found	55
PID 1192 wrote to memory of 652	1192	Process not Found	55
PID 1192 wrote to memory of 652	1192	Process not Found	55
PID 652 wrote to memory of 1744	652	cmd.exe	57
PID 652 wrote to memory of 1744	652	cmd.exe	57
PID 652 wrote to memory of 1744	652	cmd.exe	57

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads