xmrig | 7ea0c382afcdd8b091b5d28e306793bda8438f6a8916cb2c89426d87a1a549a8

Analysis

max time kernel
28s
max time network
28s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ea0c382afcdd8b091b5d28e306793bda8438f6a8916cb2c89426d87a1a549a8.exe
Size

1.0MB
MD5

70506bd9dbe725b87e81dc5ae62f5c23
SHA1

2536764e693ef66e47d8068aad20fe7209303be1
SHA256

7ea0c382afcdd8b091b5d28e306793bda8438f6a8916cb2c89426d87a1a549a8
SHA512

d2baa2c564c8d4b320cb314e4598fccdb74375bc363fd105a8712efa240e6d6ff01b00b357f21489574305691990466a0f836fc0d81050bf17002e6d7f1a0f01
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyWjqOW/KRDcb1XzJDaD:Lz071uv4BPMkyWvW/cD

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 9 IoCs

resource	yara_rule
behavioral2/memory/1416-657-0x00007FF749950000-0x00007FF749D42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3388-841-0x00007FF75B310000-0x00007FF75B702000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2484-845-0x00007FF74EE30000-0x00007FF74F222000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4936-847-0x00007FF6AA140000-0x00007FF6AA532000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4692-848-0x00007FF67D960000-0x00007FF67DD52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4616-849-0x00007FF70C1B0000-0x00007FF70C5A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/384-851-0x00007FF664AD0000-0x00007FF664EC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2408-852-0x00007FF6DFF50000-0x00007FF6E0342000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4120-853-0x00007FF70DB80000-0x00007FF70DF72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 18 IoCs

resource	yara_rule
behavioral2/memory/3008-0-0x00007FF74DAE0000-0x00007FF74DED2000-memory.dmp	UPX
behavioral2/files/0x0007000000023200-6.dat	UPX
behavioral2/files/0x0007000000023200-25.dat	UPX
behavioral2/files/0x000700000002321e-194.dat	UPX
behavioral2/files/0x000700000002321f-195.dat	UPX
behavioral2/memory/1416-657-0x00007FF749950000-0x00007FF749D42000-memory.dmp	UPX
behavioral2/memory/3388-841-0x00007FF75B310000-0x00007FF75B702000-memory.dmp	UPX
behavioral2/memory/2484-845-0x00007FF74EE30000-0x00007FF74F222000-memory.dmp	UPX
behavioral2/memory/4936-847-0x00007FF6AA140000-0x00007FF6AA532000-memory.dmp	UPX
behavioral2/memory/4692-848-0x00007FF67D960000-0x00007FF67DD52000-memory.dmp	UPX
behavioral2/memory/4616-849-0x00007FF70C1B0000-0x00007FF70C5A2000-memory.dmp	UPX
behavioral2/memory/384-851-0x00007FF664AD0000-0x00007FF664EC2000-memory.dmp	UPX
behavioral2/memory/2408-852-0x00007FF6DFF50000-0x00007FF6E0342000-memory.dmp	UPX
behavioral2/memory/4120-853-0x00007FF70DB80000-0x00007FF70DF72000-memory.dmp	UPX
behavioral2/memory/10748-1563-0x00007FF710310000-0x00007FF710702000-memory.dmp	UPX
behavioral2/memory/9948-2082-0x00007FF776160000-0x00007FF776552000-memory.dmp	UPX
behavioral2/memory/2232-2184-0x00007FF6B40D0000-0x00007FF6B44C2000-memory.dmp	UPX
behavioral2/memory/12388-2183-0x00007FF761E70000-0x00007FF762262000-memory.dmp	UPX

XMRig Miner payload 9 IoCs

miner

resource	yara_rule
behavioral2/memory/1416-657-0x00007FF749950000-0x00007FF749D42000-memory.dmp	xmrig
behavioral2/memory/3388-841-0x00007FF75B310000-0x00007FF75B702000-memory.dmp	xmrig
behavioral2/memory/2484-845-0x00007FF74EE30000-0x00007FF74F222000-memory.dmp	xmrig
behavioral2/memory/4936-847-0x00007FF6AA140000-0x00007FF6AA532000-memory.dmp	xmrig
behavioral2/memory/4692-848-0x00007FF67D960000-0x00007FF67DD52000-memory.dmp	xmrig
behavioral2/memory/4616-849-0x00007FF70C1B0000-0x00007FF70C5A2000-memory.dmp	xmrig
behavioral2/memory/384-851-0x00007FF664AD0000-0x00007FF664EC2000-memory.dmp	xmrig
behavioral2/memory/2408-852-0x00007FF6DFF50000-0x00007FF6E0342000-memory.dmp	xmrig
behavioral2/memory/4120-853-0x00007FF70DB80000-0x00007FF70DF72000-memory.dmp	xmrig

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3008-0-0x00007FF74DAE0000-0x00007FF74DED2000-memory.dmp	upx
behavioral2/files/0x0007000000023200-6.dat	upx
behavioral2/files/0x0007000000023200-25.dat	upx
behavioral2/files/0x000700000002321e-194.dat	upx
behavioral2/files/0x000700000002321f-195.dat	upx
behavioral2/memory/1416-657-0x00007FF749950000-0x00007FF749D42000-memory.dmp	upx
behavioral2/memory/3388-841-0x00007FF75B310000-0x00007FF75B702000-memory.dmp	upx
behavioral2/memory/2484-845-0x00007FF74EE30000-0x00007FF74F222000-memory.dmp	upx
behavioral2/memory/4936-847-0x00007FF6AA140000-0x00007FF6AA532000-memory.dmp	upx
behavioral2/memory/4692-848-0x00007FF67D960000-0x00007FF67DD52000-memory.dmp	upx
behavioral2/memory/4616-849-0x00007FF70C1B0000-0x00007FF70C5A2000-memory.dmp	upx
behavioral2/memory/384-851-0x00007FF664AD0000-0x00007FF664EC2000-memory.dmp	upx
behavioral2/memory/2408-852-0x00007FF6DFF50000-0x00007FF6E0342000-memory.dmp	upx
behavioral2/memory/4120-853-0x00007FF70DB80000-0x00007FF70DF72000-memory.dmp	upx
behavioral2/memory/10748-1563-0x00007FF710310000-0x00007FF710702000-memory.dmp	upx
behavioral2/memory/1676-1962-0x00007FF748400000-0x00007FF7487F2000-memory.dmp	upx
behavioral2/memory/9948-2082-0x00007FF776160000-0x00007FF776552000-memory.dmp	upx
behavioral2/memory/10108-2083-0x00007FF6D4EC0000-0x00007FF6D52B2000-memory.dmp	upx
behavioral2/memory/12312-2141-0x00007FF72F610000-0x00007FF72FA02000-memory.dmp	upx
behavioral2/memory/2232-2184-0x00007FF6B40D0000-0x00007FF6B44C2000-memory.dmp	upx
behavioral2/memory/12388-2183-0x00007FF761E70000-0x00007FF762262000-memory.dmp	upx
behavioral2/memory/11604-2133-0x00007FF706460000-0x00007FF706852000-memory.dmp	upx
behavioral2/memory/11444-2132-0x00007FF6F3F40000-0x00007FF6F4332000-memory.dmp	upx
behavioral2/memory/11428-2130-0x00007FF7B1D90000-0x00007FF7B2182000-memory.dmp	upx
behavioral2/memory/8748-2127-0x00007FF7CE7E0000-0x00007FF7CEBD2000-memory.dmp	upx
behavioral2/memory/10904-2126-0x00007FF6C40D0000-0x00007FF6C44C2000-memory.dmp	upx
behavioral2/memory/11256-2125-0x00007FF710380000-0x00007FF710772000-memory.dmp	upx
behavioral2/memory/10820-2124-0x00007FF7F8270000-0x00007FF7F8662000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\7ea0c382afcdd8b091b5d28e306793bda8438f6a8916cb2c89426d87a1a549a8.exe
"C:\Users\Admin\AppData\Local\Temp\7ea0c382afcdd8b091b5d28e306793bda8438f6a8916cb2c89426d87a1a549a8.exe"
1⤵
PID:3008
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  PID:3484
- C:\Windows\System\hIioTIx.exe
  C:\Windows\System\hIioTIx.exe
  2⤵
  PID:3856
- C:\Windows\System\PKnNARJ.exe
  C:\Windows\System\PKnNARJ.exe
  2⤵
  PID:1644
- C:\Windows\System\oUAQNtz.exe
  C:\Windows\System\oUAQNtz.exe
  2⤵
  PID:3608
- C:\Windows\System\KZUdylr.exe
  C:\Windows\System\KZUdylr.exe
  2⤵
  PID:64
- C:\Windows\System\ddUAXTs.exe
  C:\Windows\System\ddUAXTs.exe
  2⤵
  PID:2260
- C:\Windows\System\sYxroIX.exe
  C:\Windows\System\sYxroIX.exe
  2⤵
  PID:2736
- C:\Windows\System\SIFbwBp.exe
  C:\Windows\System\SIFbwBp.exe
  2⤵
  PID:4544
- C:\Windows\System\eOYFfaV.exe
  C:\Windows\System\eOYFfaV.exe
  2⤵
  PID:3060
- C:\Windows\System\XITWMBy.exe
  C:\Windows\System\XITWMBy.exe
  2⤵
  PID:8176
- C:\Windows\System\aLKyvck.exe
  C:\Windows\System\aLKyvck.exe
  2⤵
  PID:5768
- C:\Windows\System\JrqPJZM.exe
  C:\Windows\System\JrqPJZM.exe
  2⤵
  PID:3656
- C:\Windows\System\XEvSdSD.exe
  C:\Windows\System\XEvSdSD.exe
  2⤵
  PID:12728
- C:\Windows\System\DomzGQr.exe
  C:\Windows\System\DomzGQr.exe
  2⤵
  PID:12744
- C:\Windows\System\HpOtDhS.exe
  C:\Windows\System\HpOtDhS.exe
  2⤵
  PID:12764
- C:\Windows\System\MdHMDXa.exe
  C:\Windows\System\MdHMDXa.exe
  2⤵
  PID:12788
- C:\Windows\System\vCYkNbq.exe
  C:\Windows\System\vCYkNbq.exe
  2⤵
  PID:12804
- C:\Windows\System\FDwbENd.exe
  C:\Windows\System\FDwbENd.exe
  2⤵
  PID:12820
- C:\Windows\System\VaRGrAD.exe
  C:\Windows\System\VaRGrAD.exe
  2⤵
  PID:12840
- C:\Windows\System\vOdsFJO.exe
  C:\Windows\System\vOdsFJO.exe
  2⤵
  PID:12860
- C:\Windows\System\SpSJzRy.exe
  C:\Windows\System\SpSJzRy.exe
  2⤵
  PID:12876
- C:\Windows\System\lODdain.exe
  C:\Windows\System\lODdain.exe
  2⤵
  PID:12892
- C:\Windows\System\wStddAk.exe
  C:\Windows\System\wStddAk.exe
  2⤵
  PID:12912
- C:\Windows\System\mLdZvFA.exe
  C:\Windows\System\mLdZvFA.exe
  2⤵
  PID:12932
- C:\Windows\System\WPstBML.exe
  C:\Windows\System\WPstBML.exe
  2⤵
  PID:12948
- C:\Windows\System\wEEbDcy.exe
  C:\Windows\System\wEEbDcy.exe
  2⤵
  PID:12968
- C:\Windows\System\VCklxWM.exe
  C:\Windows\System\VCklxWM.exe
  2⤵
  PID:12984
- C:\Windows\System\KdEAznM.exe
  C:\Windows\System\KdEAznM.exe
  2⤵
  PID:13004
- C:\Windows\System\LpJoSWc.exe
  C:\Windows\System\LpJoSWc.exe
  2⤵
  PID:13024
- C:\Windows\System\FNsEPkh.exe
  C:\Windows\System\FNsEPkh.exe
  2⤵
  PID:13044
- C:\Windows\System\mEtxKDQ.exe
  C:\Windows\System\mEtxKDQ.exe
  2⤵
  PID:13064
- C:\Windows\System\woehPuT.exe
  C:\Windows\System\woehPuT.exe
  2⤵
  PID:13080
- C:\Windows\System\YpwFdQY.exe
  C:\Windows\System\YpwFdQY.exe
  2⤵
  PID:13100
- C:\Windows\System\OwCrAxT.exe
  C:\Windows\System\OwCrAxT.exe
  2⤵
  PID:13120
- C:\Windows\System\pvZnGZN.exe
  C:\Windows\System\pvZnGZN.exe
  2⤵
  PID:13136
- C:\Windows\System\HuCsVku.exe
  C:\Windows\System\HuCsVku.exe
  2⤵
  PID:13156
- C:\Windows\System\tuTPxGf.exe
  C:\Windows\System\tuTPxGf.exe
  2⤵
  PID:13172
- C:\Windows\System\wjxDwGL.exe
  C:\Windows\System\wjxDwGL.exe
  2⤵
  PID:13192
- C:\Windows\System\PlsuDEi.exe
  C:\Windows\System\PlsuDEi.exe
  2⤵
  PID:13208
- C:\Windows\System\sBZSNPB.exe
  C:\Windows\System\sBZSNPB.exe
  2⤵
  PID:13228
- C:\Windows\System\OCZNqXC.exe
  C:\Windows\System\OCZNqXC.exe
  2⤵
  PID:13248
- C:\Windows\System\EBrLpsw.exe
  C:\Windows\System\EBrLpsw.exe
  2⤵
  PID:13268
- C:\Windows\System\YMnnaUn.exe
  C:\Windows\System\YMnnaUn.exe
  2⤵
  PID:13284
- C:\Windows\System\ijHAGAB.exe
  C:\Windows\System\ijHAGAB.exe
  2⤵
  PID:13300
- C:\Windows\System\zisKCxW.exe
  C:\Windows\System\zisKCxW.exe
  2⤵
  PID:13320
- C:\Windows\System\atVuLgL.exe
  C:\Windows\System\atVuLgL.exe
  2⤵
  PID:13340
- C:\Windows\System\wSTUYnL.exe
  C:\Windows\System\wSTUYnL.exe
  2⤵
  PID:13356
- C:\Windows\System\PrHuNUq.exe
  C:\Windows\System\PrHuNUq.exe
  2⤵
  PID:13376
- C:\Windows\System\wcctVwU.exe
  C:\Windows\System\wcctVwU.exe
  2⤵
  PID:13392
- C:\Windows\System\ziRGnmI.exe
  C:\Windows\System\ziRGnmI.exe
  2⤵
  PID:11964
- C:\Windows\System\feULgIN.exe
  C:\Windows\System\feULgIN.exe
  2⤵
  PID:2316
- C:\Windows\System\HyCYmCF.exe
  C:\Windows\System\HyCYmCF.exe
  2⤵
  PID:12136
- C:\Windows\System\MAdJUCq.exe
  C:\Windows\System\MAdJUCq.exe
  2⤵
  PID:13352
- C:\Windows\System\QbaQrNy.exe
  C:\Windows\System\QbaQrNy.exe
  2⤵
  PID:6368
- C:\Windows\System\bUDFQur.exe
  C:\Windows\System\bUDFQur.exe
  2⤵
  PID:9124
- C:\Windows\System\YMTQHAu.exe
  C:\Windows\System\YMTQHAu.exe
  2⤵
  PID:1692
- C:\Windows\System\XcbzKdt.exe
  C:\Windows\System\XcbzKdt.exe
  2⤵
  PID:2028
- C:\Windows\System\BIwhtZr.exe
  C:\Windows\System\BIwhtZr.exe
  2⤵
  PID:14328
- C:\Windows\System\pukPKPI.exe
  C:\Windows\System\pukPKPI.exe
  2⤵
  PID:13180
- C:\Windows\System\EJRSIFr.exe
  C:\Windows\System\EJRSIFr.exe
  2⤵
  PID:13204
- C:\Windows\System\CgaUzme.exe
  C:\Windows\System\CgaUzme.exe
  2⤵
  PID:13336
- C:\Windows\System\IsxNbQb.exe
  C:\Windows\System\IsxNbQb.exe
  2⤵
  PID:13388
- C:\Windows\System\AynKzcT.exe
  C:\Windows\System\AynKzcT.exe
  2⤵
  PID:13416
- C:\Windows\System\ZSxFCtS.exe
  C:\Windows\System\ZSxFCtS.exe
  2⤵
  PID:10660
- C:\Windows\System\kswNiyi.exe
  C:\Windows\System\kswNiyi.exe
  2⤵
  PID:3128
- C:\Windows\System\CqdUscD.exe
  C:\Windows\System\CqdUscD.exe
  2⤵
  PID:4728
- C:\Windows\System\VzPyYFp.exe
  C:\Windows\System\VzPyYFp.exe
  2⤵
  PID:12088
- C:\Windows\System\YVSvNbZ.exe
  C:\Windows\System\YVSvNbZ.exe
  2⤵
  PID:7120
- C:\Windows\System\bpJlkjd.exe
  C:\Windows\System\bpJlkjd.exe
  2⤵
  PID:2624
- C:\Windows\System\KpJiLFo.exe
  C:\Windows\System\KpJiLFo.exe
  2⤵
  PID:7736
- C:\Windows\System\gezQLDr.exe
  C:\Windows\System\gezQLDr.exe
  2⤵
  PID:8356
- C:\Windows\System\svqiCFy.exe
  C:\Windows\System\svqiCFy.exe
  2⤵
  PID:4832
- C:\Windows\System\VdCVWBr.exe
  C:\Windows\System\VdCVWBr.exe
  2⤵
  PID:9264
- C:\Windows\System\RrXITAV.exe
  C:\Windows\System\RrXITAV.exe
  2⤵
  PID:9316
- C:\Windows\System\xRGxiqA.exe
  C:\Windows\System\xRGxiqA.exe
  2⤵
  PID:9516
- C:\Windows\System\IjoFRBo.exe
  C:\Windows\System\IjoFRBo.exe
  2⤵
  PID:9920
- C:\Windows\System\BtiSBPx.exe
  C:\Windows\System\BtiSBPx.exe
  2⤵
  PID:10064
- C:\Windows\System\LsvHHQw.exe
  C:\Windows\System\LsvHHQw.exe
  2⤵
  PID:10028
- C:\Windows\System\TVSFpVz.exe
  C:\Windows\System\TVSFpVz.exe
  2⤵
  PID:10284
- C:\Windows\System\tbxghnR.exe
  C:\Windows\System\tbxghnR.exe
  2⤵
  PID:10576
- C:\Windows\System\vUmCbaM.exe
  C:\Windows\System\vUmCbaM.exe
  2⤵
  PID:10624
- C:\Windows\System\TytBdYp.exe
  C:\Windows\System\TytBdYp.exe
  2⤵
  PID:8460
- C:\Windows\System\xBZrwAb.exe
  C:\Windows\System\xBZrwAb.exe
  2⤵
  PID:13864
- C:\Windows\System\rFeOzYu.exe
  C:\Windows\System\rFeOzYu.exe
  2⤵
  PID:11996
- C:\Windows\System\TiHBLKx.exe
  C:\Windows\System\TiHBLKx.exe
  2⤵
  PID:14168
- C:\Windows\System\gdMwJlP.exe
  C:\Windows\System\gdMwJlP.exe
  2⤵
  PID:13896
- C:\Windows\System\AmfXWZV.exe
  C:\Windows\System\AmfXWZV.exe
  2⤵
  PID:6768
- C:\Windows\System\CcEPxCM.exe
  C:\Windows\System\CcEPxCM.exe
  2⤵
  PID:7320
- C:\Windows\System\rFxUAKV.exe
  C:\Windows\System\rFxUAKV.exe
  2⤵
  PID:13548
- C:\Windows\System\NtdWobw.exe
  C:\Windows\System\NtdWobw.exe
  2⤵
  PID:11040
- C:\Windows\System\XdvAXVE.exe
  C:\Windows\System\XdvAXVE.exe
  2⤵
  PID:2144
- C:\Windows\System\eGasUIr.exe
  C:\Windows\System\eGasUIr.exe
  2⤵
  PID:14160
- C:\Windows\System\MIrRQDs.exe
  C:\Windows\System\MIrRQDs.exe
  2⤵
  PID:9852
- C:\Windows\System\RrGiAtv.exe
  C:\Windows\System\RrGiAtv.exe
  2⤵
  PID:13624
- C:\Windows\System\eSEsJHj.exe
  C:\Windows\System\eSEsJHj.exe
  2⤵
  PID:13648
- C:\Windows\System\YTeDMnd.exe
  C:\Windows\System\YTeDMnd.exe
  2⤵
  PID:7956
- C:\Windows\System\LqWUcJO.exe
  C:\Windows\System\LqWUcJO.exe
  2⤵
  PID:10812
- C:\Windows\System\ieeKNQy.exe
  C:\Windows\System\ieeKNQy.exe
  2⤵
  PID:11980
- C:\Windows\System\pEOePwD.exe
  C:\Windows\System\pEOePwD.exe
  2⤵
  PID:9884
- C:\Windows\System\UvMHAxx.exe
  C:\Windows\System\UvMHAxx.exe
  2⤵
  PID:8852
- C:\Windows\System\WKAeVrS.exe
  C:\Windows\System\WKAeVrS.exe
  2⤵
  PID:872
- C:\Windows\System\Zrbvjsf.exe
  C:\Windows\System\Zrbvjsf.exe
  2⤵
  PID:4236
- C:\Windows\System\OIsbyCo.exe
  C:\Windows\System\OIsbyCo.exe
  2⤵
  PID:8960
- C:\Windows\System\KrFyCOJ.exe
  C:\Windows\System\KrFyCOJ.exe
  2⤵
  PID:13112
- C:\Windows\System\wTCQEAF.exe
  C:\Windows\System\wTCQEAF.exe
  2⤵
  PID:4004
- C:\Windows\System\vgqHBwK.exe
  C:\Windows\System\vgqHBwK.exe
  2⤵
  PID:8344
- C:\Windows\System\SDdTwir.exe
  C:\Windows\System\SDdTwir.exe
  2⤵
  PID:10376
- C:\Windows\System\uULcIjy.exe
  C:\Windows\System\uULcIjy.exe
  2⤵
  PID:5536
- C:\Windows\System\aihLvuk.exe
  C:\Windows\System\aihLvuk.exe
  2⤵
  PID:1256
- C:\Windows\System\CkYUxRW.exe
  C:\Windows\System\CkYUxRW.exe
  2⤵
  PID:11612
- C:\Windows\System\PfjAdyV.exe
  C:\Windows\System\PfjAdyV.exe
  2⤵
  PID:13348
- C:\Windows\System\rlhWRmJ.exe
  C:\Windows\System\rlhWRmJ.exe
  2⤵
  PID:10640
- C:\Windows\System\ybxuJaq.exe
  C:\Windows\System\ybxuJaq.exe
  2⤵
  PID:840
- C:\Windows\System\vTUuCGz.exe
  C:\Windows\System\vTUuCGz.exe
  2⤵
  PID:9164
- C:\Windows\System\xHlFmzQ.exe
  C:\Windows\System\xHlFmzQ.exe
  2⤵
  PID:12140
- C:\Windows\System\cEpgnTt.exe
  C:\Windows\System\cEpgnTt.exe
  2⤵
  PID:10720
- C:\Windows\System\ITDvsNH.exe
  C:\Windows\System\ITDvsNH.exe
  2⤵
  PID:12324
- C:\Windows\System\WOAoiVH.exe
  C:\Windows\System\WOAoiVH.exe
  2⤵
  PID:4536
- C:\Windows\System\Gbuqwvy.exe
  C:\Windows\System\Gbuqwvy.exe
  2⤵
  PID:3964
- C:\Windows\System\XLXQJXV.exe
  C:\Windows\System\XLXQJXV.exe
  2⤵
  PID:9760
- C:\Windows\System\aCjBDqh.exe
  C:\Windows\System\aCjBDqh.exe
  2⤵
  PID:9460
- C:\Windows\System\hxZBJLx.exe
  C:\Windows\System\hxZBJLx.exe
  2⤵
  PID:14084
- C:\Windows\System\lbqoEIm.exe
  C:\Windows\System\lbqoEIm.exe
  2⤵
  PID:628
- C:\Windows\System\TWtGcHg.exe
  C:\Windows\System\TWtGcHg.exe
  2⤵
  PID:6220
- C:\Windows\System\fLdXlTL.exe
  C:\Windows\System\fLdXlTL.exe
  2⤵
  PID:14288
- C:\Windows\System\tBJcDNb.exe
  C:\Windows\System\tBJcDNb.exe
  2⤵
  PID:4056
- C:\Windows\System\EfXqhAV.exe
  C:\Windows\System\EfXqhAV.exe
  2⤵
  PID:4872
- C:\Windows\System\pOIWTjP.exe
  C:\Windows\System\pOIWTjP.exe
  2⤵
  PID:10496
- C:\Windows\System\xdLsRFA.exe
  C:\Windows\System\xdLsRFA.exe
  2⤵
  PID:12920
- C:\Windows\System\liCYpsk.exe
  C:\Windows\System\liCYpsk.exe
  2⤵
  PID:12412
- C:\Windows\System\AEUbYDq.exe
  C:\Windows\System\AEUbYDq.exe
  2⤵
  PID:1500
- C:\Windows\System\ZgGzBGx.exe
  C:\Windows\System\ZgGzBGx.exe
  2⤵
  PID:7836
- C:\Windows\System\jOuXbNt.exe
  C:\Windows\System\jOuXbNt.exe
  2⤵
  PID:13412
- C:\Windows\System\onkjeYN.exe
  C:\Windows\System\onkjeYN.exe
  2⤵
  PID:1240
- C:\Windows\System\NHrxYsj.exe
  C:\Windows\System\NHrxYsj.exe
  2⤵
  PID:6784
- C:\Windows\System\iiuJvaj.exe
  C:\Windows\System\iiuJvaj.exe
  2⤵
  PID:2668
- C:\Windows\System\OLTMvnY.exe
  C:\Windows\System\OLTMvnY.exe
  2⤵
  PID:12756
- C:\Windows\System\TkeyZdC.exe
  C:\Windows\System\TkeyZdC.exe
  2⤵
  PID:4724
- C:\Windows\System\jlqazhk.exe
  C:\Windows\System\jlqazhk.exe
  2⤵
  PID:12360
- C:\Windows\System\dNWHjkm.exe
  C:\Windows\System\dNWHjkm.exe
  2⤵
  PID:13888
- C:\Windows\System\YDABYDZ.exe
  C:\Windows\System\YDABYDZ.exe
  2⤵
  PID:9532
- C:\Windows\System\SyJvgBV.exe
  C:\Windows\System\SyJvgBV.exe
  2⤵
  PID:7612
- C:\Windows\System\dFROXxc.exe
  C:\Windows\System\dFROXxc.exe
  2⤵
  PID:14092
- C:\Windows\System\jIqZRUi.exe
  C:\Windows\System\jIqZRUi.exe
  2⤵
  PID:6732
- C:\Windows\System\tIovLqn.exe
  C:\Windows\System\tIovLqn.exe
  2⤵
  PID:452
- C:\Windows\System\ainFLaM.exe
  C:\Windows\System\ainFLaM.exe
  2⤵
  PID:3768
- C:\Windows\System\GvZhwcV.exe
  C:\Windows\System\GvZhwcV.exe
  2⤵
  PID:14200
- C:\Windows\System\icgFIkU.exe
  C:\Windows\System\icgFIkU.exe
  2⤵
  PID:13576
- C:\Windows\System\pvpRigh.exe
  C:\Windows\System\pvpRigh.exe
  2⤵
  PID:10032
- C:\Windows\System\pffQaFE.exe
  C:\Windows\System\pffQaFE.exe
  2⤵
  PID:12816
- C:\Windows\System\QTcGauk.exe
  C:\Windows\System\QTcGauk.exe
  2⤵
  PID:8500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\SIFbwBp.exe

Filesize
128KB

MD5
4faadaeab68805f04a3264b24b4484e7

SHA1
1506c8fa28d842c0dbf87aa4fae07f0c1d21c224

SHA256
023ac7fc351f6d2e4691b22c68fbc17c1895254a67982bf0958242ced6e67f29

SHA512
933034705851d18a168ec6a4a2f7a5330c92a605b28011dc44e331b0baa53be92639772e268a3dcd0b9551cd627b9185e234399894d0a898c1ae6ffdbb38edec

Download Submit
C:\Windows\System\oUAQNtz.exe

Filesize
64KB

MD5
2b844d5b6b62dc9a3481183eddaa5d38

SHA1
87d636595dfedf6c2d0e0dff07b8562c1756b097

SHA256
701fd725195e6f41fa8c30a535b7c6fe836dda87218adae65589c77aac994408

SHA512
b48efac78940e6733b31810b8151f5b393d25eb481bcf3aa4f899e0ef27db951cc3620a8ae4658e19daeed7ac299c394da82ad4efd782b4ad07d1d3e507148d9

Download Submit
C:\Windows\System\oUAQNtz.exe

Filesize
320KB

MD5
f8515607e38f00a39fa6baf1fde6dd70

SHA1
01e333a1c1d9a929b5be146b2c47f40aee831176

SHA256
950561c68e6cde68beedfdaa6b1c51cd4429220934b59298dc5df8b6902b7efd

SHA512
ddf5a2558700cfbc69f6e62bcc458f18de7603a3d72f83dde1a5e666215517a196573730fe8c511f61aa15cb902b6b65cc438cf9feb33984edad2e9144947014

Download Submit
memory/384-851-0x00007FF664AD0000-0x00007FF664EC2000-memory.dmp

Filesize
3.9MB

Download
memory/1416-657-0x00007FF749950000-0x00007FF749D42000-memory.dmp

Filesize
3.9MB

Download
memory/1676-1962-0x00007FF748400000-0x00007FF7487F2000-memory.dmp

Filesize
3.9MB

Download
memory/2232-2184-0x00007FF6B40D0000-0x00007FF6B44C2000-memory.dmp

Filesize
3.9MB

Download
memory/2408-852-0x00007FF6DFF50000-0x00007FF6E0342000-memory.dmp

Filesize
3.9MB

Download
memory/2484-845-0x00007FF74EE30000-0x00007FF74F222000-memory.dmp

Filesize
3.9MB

Download
memory/3008-0-0x00007FF74DAE0000-0x00007FF74DED2000-memory.dmp

Filesize
3.9MB

Download
memory/3008-1-0x000001B3B81E0000-0x000001B3B81F0000-memory.dmp

Filesize
64KB

Download
memory/3388-841-0x00007FF75B310000-0x00007FF75B702000-memory.dmp

Filesize
3.9MB

Download
memory/4120-853-0x00007FF70DB80000-0x00007FF70DF72000-memory.dmp

Filesize
3.9MB

Download
memory/4616-849-0x00007FF70C1B0000-0x00007FF70C5A2000-memory.dmp

Filesize
3.9MB

Download
memory/4692-848-0x00007FF67D960000-0x00007FF67DD52000-memory.dmp

Filesize
3.9MB

Download
memory/4936-847-0x00007FF6AA140000-0x00007FF6AA532000-memory.dmp

Filesize
3.9MB

Download
memory/8748-2127-0x00007FF7CE7E0000-0x00007FF7CEBD2000-memory.dmp

Filesize
3.9MB

Download
memory/9948-2082-0x00007FF776160000-0x00007FF776552000-memory.dmp

Filesize
3.9MB

Download
memory/10108-2083-0x00007FF6D4EC0000-0x00007FF6D52B2000-memory.dmp

Filesize
3.9MB

Download
memory/10748-1563-0x00007FF710310000-0x00007FF710702000-memory.dmp

Filesize
3.9MB

Download
memory/10820-2124-0x00007FF7F8270000-0x00007FF7F8662000-memory.dmp

Filesize
3.9MB

Download
memory/10904-2126-0x00007FF6C40D0000-0x00007FF6C44C2000-memory.dmp

Filesize
3.9MB

Download
memory/11256-2125-0x00007FF710380000-0x00007FF710772000-memory.dmp

Filesize
3.9MB

Download
memory/11428-2130-0x00007FF7B1D90000-0x00007FF7B2182000-memory.dmp

Filesize
3.9MB

Download
memory/11444-2132-0x00007FF6F3F40000-0x00007FF6F4332000-memory.dmp

Filesize
3.9MB

Download
memory/11604-2133-0x00007FF706460000-0x00007FF706852000-memory.dmp

Filesize
3.9MB

Download
memory/12312-2141-0x00007FF72F610000-0x00007FF72FA02000-memory.dmp

Filesize
3.9MB

Download
memory/12388-2183-0x00007FF761E70000-0x00007FF762262000-memory.dmp

Filesize
3.9MB

Download