Analysis
-
max time kernel
165s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14-03-2024 04:11
Behavioral task
behavioral1
Sample
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe
Resource
win10v2004-20240226-en
General
-
Target
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe
-
Size
145KB
-
MD5
34e55b241ba3693f35112330357a8edf
-
SHA1
5fb869a2d2f3de24e756c576f022781c4b74598e
-
SHA256
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e
-
SHA512
d3014fb73ad252eb94fd514a3b8e897eb3df93dfc217f8ee21c0e7d038fd98702005ea0edb849987ff271472fa5ea2d655176acb3e059325f268bb8ca76a7053
-
SSDEEP
3072:u6glyuxE4GsUPnliByocWepfVxexiPIIV:u6gDBGpvEByocWepeYV
Malware Config
Signatures
-
Renames multiple (643) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 2 IoCs
Processes:
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exedescription ioc process File opened for modification C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe -
Drops file in System32 directory 4 IoCs
Processes:
splwow64.exeprintfilterpipelinesvc.exedescription ioc process File created C:\Windows\system32\spool\PRINTERS\00002.SPL splwow64.exe File created C:\Windows\system32\spool\PRINTERS\PPq9_rjne6_syo18uyzdaze8k3c.TMP printfilterpipelinesvc.exe File created C:\Windows\system32\spool\PRINTERS\PP6hz1q0ww0t0i8t0nclw_tni3c.TMP printfilterpipelinesvc.exe File created C:\Windows\system32\spool\PRINTERS\PPhd_ph_97xydvth0nzqcctcyqb.TMP printfilterpipelinesvc.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
Processes:
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exepid process 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exepid process 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exedescription pid process Token: SeAssignPrimaryTokenPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeDebugPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: 36 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeImpersonatePrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeIncBasePriorityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeIncreaseQuotaPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: 33 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeManageVolumePrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeProfSingleProcessPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeRestorePrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSystemProfilePrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeTakeOwnershipPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeShutdownPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeDebugPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeBackupPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe Token: SeSecurityPrivilege 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
ONENOTE.EXEpid process 4772 ONENOTE.EXE 4772 ONENOTE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exeprintfilterpipelinesvc.exedescription pid process target process PID 2200 wrote to memory of 3392 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe splwow64.exe PID 2200 wrote to memory of 3392 2200 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe splwow64.exe PID 824 wrote to memory of 4772 824 printfilterpipelinesvc.exe ONENOTE.EXE PID 824 wrote to memory of 4772 824 printfilterpipelinesvc.exe ONENOTE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe"C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe"1⤵
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
- Drops file in System32 directory
PID:3392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:81⤵PID:380
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:3676
-
C:\Windows\system32\printfilterpipelinesvc.exeC:\Windows\system32\printfilterpipelinesvc.exe -Embedding1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:824 -
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{3809BA42-D8C7-4FF4-B891-7115CD5CA3FE}.xps" 1335486319021000002⤵
- Suspicious use of SetWindowsHookEx
PID:4772
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129B
MD59b9c19145ae3c99e5fb313e2449ce306
SHA13d568c1f7fbd6c6926bb473eb392e323fbd57c72
SHA2561f7f03023d38c4e33544c58380950691556556d52244981028b9faf933ff7d8b
SHA512fe88038223b7ba0756a50e4016ebe714d36aa3ad899a7433382002c4172fe38b72843675504bc54ebfcb9be9c9a0fd58654ccbc803e094e9548de1fcb3effbb6
-
Filesize
122B
MD51cd2c508680a93907346e98d6a1677e6
SHA142ab98d499046fe5477610f5c256aff0b0f5be5e
SHA256f722457807534d1c563d6cfaa43e3a8b90d721dcef1d48c0a3921b4025cd6bda
SHA5122757aeab0f7c2703e0dfb095b37aada25d2947d21c7c988e4dc4b842d07741f34e4f35447694bae5a60de374f6812c511fd912177c81f37a3efd578848ae574c
-
Filesize
129B
MD5692267a09866f827ed957d44d85b6b6f
SHA1a02c6746bcea0347e5b977bbe4daa3b205d39b31
SHA2562457123234c1f2b2ef5f19203d7587300ca7bdf42fe5b013f1e1c846e134d128
SHA51280692ad49546d5a5a2916db7bcd384255bedd9dca656b3402af253bbe29b7ad3aacd33eae66a081e3ce1faf56c2153b9697d55310b622b19085e9ce5825eea78