Analysis
-
max time kernel
153s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16-03-2024 02:58
Static task
static1
Behavioral task
behavioral1
Sample
a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe
Resource
win10v2004-20240226-en
General
-
Target
a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe
-
Size
29KB
-
MD5
3860023d0534f7b5e84b77da9a7eaca7
-
SHA1
9072ddac934b457ea37c14d1080479cd81b3fc83
-
SHA256
a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d
-
SHA512
f3a34f0edafe327a3cb7b2f6288687aeb038f3f505c660819e34e1442b54ab83db9d16f4bd145982b427d13ee5b500d92a1108b74296f30067df2cc17e4a4599
-
SSDEEP
384:NbbCI8WU7tx1Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOnj:p2ssf16GVRu1yK9fMnJG2V9dHS8
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\T: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\Q: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\J: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\H: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\W: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\U: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\V: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\S: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\P: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\N: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\G: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\Z: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\Y: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\L: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\R: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\O: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\K: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\I: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\E: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\X: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened (read-only) \??\M: a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\VideoLAN\VLC\locale\or\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pt-PT\View3d\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\ModifiableWindowsApps\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\logger\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\mk-MK\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\server\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\sr-latn-cs\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\dotnet\swidtag\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fi\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\Microsoft Office 15\ClientX64\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\Windows Portable Devices\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.People_2019.305.632.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\ringless_calls\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\tr-TR\View3d\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\GameBar.exe a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\Mozilla Firefox\fonts\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\VideoLAN\VLC\locale\es\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\jsaddins\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\7-Zip\7zG.exe a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe File created C:\Program Files\VideoLAN\VLC\locale\fi\_desktop.ini a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\rundl132.exe a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 3452 wrote to memory of 1928 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 98 PID 3452 wrote to memory of 1928 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 98 PID 3452 wrote to memory of 1928 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 98 PID 1928 wrote to memory of 4444 1928 net.exe 101 PID 1928 wrote to memory of 4444 1928 net.exe 101 PID 1928 wrote to memory of 4444 1928 net.exe 101 PID 3452 wrote to memory of 3348 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 57 PID 3452 wrote to memory of 3348 3452 a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe 57
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3348
-
C:\Users\Admin\AppData\Local\Temp\a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe"C:\Users\Admin\AppData\Local\Temp\a9bb2f6d8d93e8d59a51dd8b80eb1aded5775602bef2155d6df7f9349854f81d.exe"2⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3452 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"3⤵
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"4⤵PID:4444
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3976 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:81⤵PID:2136
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD54e9105279f3ae3a04f0df99913e41164
SHA1ed4a3d39a412ed86297a47124273cf2f67df4285
SHA25648447c896938077a019e9c26c0e8f0b9ed8a700fb7df5e08458353a814497b83
SHA512ac4355f413a66e39f0ce154c5ce544970d802fb71f4c2004c214e9d89029a6c6a3e0a4b837efeb8ef44c1d54d8a5c3a5e442ecf19a2fbf141fa2b12acd46d6e9
-
Filesize
9B
MD5cbff752523567179ac32a14f905e1944
SHA1446aa136e2ec27c083df7dd49d0252f1c0243bde
SHA256eb7756d2a0d4fe754f1fe3d1d30c92a3f7ac52252b13cd171fd7ce553d760371
SHA5129131c53463d7ce35aa85fbd70b312fdbc04c7c649fae0f6a762758e8e39ee863bdf84a6d23d1879814f69a6d4c4fe38501235c2e557b68309d560f06c18e9eff