Analysis
-
max time kernel
39s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
18-03-2024 20:55
General
-
Target
d481e2d245f695d8aca4cc7b632d8e3a.exe
-
Size
279KB
-
MD5
d481e2d245f695d8aca4cc7b632d8e3a
-
SHA1
d447cb89af35b54fabe023cbff811baff4338ba0
-
SHA256
a329f3d5055e743843208af6de237564fe6ba8886ead568d5426718569a92a9a
-
SHA512
866e0e70879ffeb319ffd9ae314b770196df9dd21f7d8cfd172625a225f59df223adc8750c922f16a4ed3abbeb3db8a96dd70d6ae08d556d36873ccd674907b9
-
SSDEEP
6144:u7OS0l65RAHqjeEnoz5OEKS64y5eUSqX5kdpfkQr7ZBfE9M:u7TRGgdoz5LDsOddkUBc9M
Score
10/10
Malware Config
Signatures
-
Modifies security service 2 TTPs 1 IoCs
-
Disables taskbar notifications via registry modification
-
Modifies Installed Components in the registry 2 TTPs 4 IoCs
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 11 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 8 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 3 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 58 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
-
System policy modification 1 TTPs 2 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\d481e2d245f695d8aca4cc7b632d8e3a.exe"C:\Users\Admin\AppData\Local\Temp\d481e2d245f695d8aca4cc7b632d8e3a.exe"1⤵
- Modifies security service
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\d481e2d245f695d8aca4cc7b632d8e3a.exeC:\Users\Admin\AppData\Local\Temp\d481e2d245f695d8aca4cc7b632d8e3a.exe startC:\Users\Admin\AppData\Roaming\08F95\E555B.exe%C:\Users\Admin\AppData\Roaming\08F952⤵
-
C:\Users\Admin\AppData\Local\Temp\d481e2d245f695d8aca4cc7b632d8e3a.exeC:\Users\Admin\AppData\Local\Temp\d481e2d245f695d8aca4cc7b632d8e3a.exe startC:\Program Files (x86)\95EBF\lvvm.exe%C:\Program Files (x86)\95EBF2⤵
-
C:\Program Files (x86)\LP\5B00\DE5A.tmp"C:\Program Files (x86)\LP\5B00\DE5A.tmp"2⤵
- Executes dropped EXE
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\LP\5B00\DE5A.tmpFilesize
99KB
MD5cb853d0e676be7b23903aa89175d8d69
SHA12066462d42c45133df60c5e5f9e8956373d191b0
SHA2567291b34528651c542a4e09036bb828f27c9f75c134d2be3aed3e1c5a0db5fe20
SHA512bf96f4c8511929ef380562004211a72821330465538db6da3367cbce387092384265e0bfd4ab54e62b742d68d668ff1457f43381d7a770fd3027f3bab1f36038
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53Filesize
471B
MD503fcd4c14fa4126f0548524210dca6ee
SHA1c1a62ff008d05d477004bc283be5861c1420eaf9
SHA25644ae314692f7c8f503bdf716f437fc8bdeac7d21ff48b001d17106feec512934
SHA51221f705d531e50c65bd8b93459ddee7c1d0b4a1a9088b1ecb72cbb7d5adc5cca632ae25ef226caea5659669bd91e0b3049be1e2964f4dfd57ad580c930e82ab3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53Filesize
412B
MD52a747245581d41ee7d6732dc99bce267
SHA1793e1876958278c6f18b810d2a52cdec925b7382
SHA25665a677f115d5342f2febfbf684aca92a4996a87583283e7c2346102fdec97c8b
SHA512f1ff61fc8ecbdcc53421f1d0cdfbade9e9ffaf876d08b607a5b0ca07945acfde68a92bf479ab7e1459ec19b9f540167a76de6025c0f2249f3dba20ccd070dc93
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbresFilesize
2KB
MD512aafc48e55535ed3db6de9055f983bf
SHA10e9d9c3c6afc615f7b7c6bdc5187259d7ebd167d
SHA256b56422bd8a0707c7ada291e99a8969a05d6d28c967e96b926b202271642ce2f2
SHA5124d8f11ea3ec8de9ea6ec86d0d448f4ccb109d8f0728415974784c3325c96484bf81d62c126f4cf982fdbba6cd04aa024db8244005c1a857a156595571bfd0c5b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SL9YLD9N\microsoft.windows[1].xmlFilesize
97B
MD5bb7934efe1e99dde2a4be53178ce8fd7
SHA149e6b2f364b597c34832d1878259d5eb671f21a4
SHA25611904522eefd80ce753b37f72e745a251ea2a9bd65cbccbc8993944280db3426
SHA51223ae797546cd1b9884c23e593c371e99ec872b54d5f0856729137ad78507e6e120de7bc75aa7dd7c7556217a628bcf8824175ea0982d6c3236cd22b15455c1d6
-
C:\Users\Admin\AppData\Roaming\08F95\5EBF.8F9Filesize
600B
MD5aabbf3cd38ad080876bef8523577e4e0
SHA1efcce62d089c8be16537fdd2c03b95b3695f1853
SHA256bdfb441adfe79c2e784618dce6a462234af2acd47125ffb691b0aa53872071a1
SHA512e66275b2ee37032728208d4dca7deb0a7c10bd1342432ecaab503fb5b03064775360d8ed2de3301f91f191a3ea9d1410b93c4e29afc692a879f7e272e06477a3
-
C:\Users\Admin\AppData\Roaming\08F95\5EBF.8F9Filesize
996B
MD5629d07d181bc85e8b1da8a93b27eea99
SHA1eb06f3f239365d7b1f4c3597fe6d3519bfe45de7
SHA256446446b6521b4b4f6abbff4b67cc6ea86592e6991792349b2fd581c0a9fc3a90
SHA512b418de3ea57776a8ca11db7e70d5dbfdf699ede6338a2266fb43df3a08ef20c22a6351cb8421de2b0fa7c89db59478c068feb402f99aaccbb406ccae28bdf82e
-
C:\Users\Admin\AppData\Roaming\08F95\5EBF.8F9Filesize
1KB
MD565aba429bd2050a20388a07cd9911e8a
SHA1828bf0446cac3b017a785ec73f5a1b80dbed93c5
SHA2565767d5ef771f331a9c4c1d0ee8fd435885394c9cfa5a968e4051ac57ce454b56
SHA512d1e552f598ea3d28ed2cd4591c53d4ef4646cb4a28ee04cc2e59b578e8574424705ba64c76d2404c86f68345dadb0ed123202fd8e2847d76466239e078f81f24
-
C:\Users\Admin\AppData\Roaming\08F95\5EBF.8F9Filesize
1KB
MD5e16d64a3715737abf423532d78ed827a
SHA16d38ee59b074ba9c62a4b2f0fe30a648f06ca2e9
SHA2565e1e90b1a4f7b33bf1309342d678d977c2fe17543ad126f48d335bb59c1d4740
SHA512cf784d1669d93a3407ea98c306b2e84974062250b1c395778615b7a406f08e372a08cec460a4587c240107f63e61b494f9b54c1cc01b03b1612782479725fe5e
-
memory/400-323-0x000001F04B210000-0x000001F04B230000-memory.dmpFilesize
128KB
-
memory/400-319-0x000001F04AE40000-0x000001F04AE60000-memory.dmpFilesize
128KB
-
memory/400-321-0x000001F04AE00000-0x000001F04AE20000-memory.dmpFilesize
128KB
-
memory/700-252-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/700-3-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/700-46-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/700-285-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/700-117-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/700-381-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/700-118-0x00000000006D0000-0x00000000007D0000-memory.dmpFilesize
1024KB
-
memory/700-1-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/700-2-0x00000000006D0000-0x00000000007D0000-memory.dmpFilesize
1024KB
-
memory/1184-343-0x0000022355320000-0x0000022355340000-memory.dmpFilesize
128KB
-
memory/1184-345-0x00000223552E0000-0x0000022355300000-memory.dmpFilesize
128KB
-
memory/1184-347-0x0000022355900000-0x0000022355920000-memory.dmpFilesize
128KB
-
memory/1316-44-0x0000000000480000-0x0000000000580000-memory.dmpFilesize
1024KB
-
memory/1316-43-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/1316-45-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/1384-234-0x00000000045B0000-0x00000000045B1000-memory.dmpFilesize
4KB
-
memory/1940-254-0x0000000000400000-0x000000000041C000-memory.dmpFilesize
112KB
-
memory/1940-258-0x0000000000690000-0x0000000000790000-memory.dmpFilesize
1024KB
-
memory/1940-259-0x0000000000400000-0x000000000041C000-memory.dmpFilesize
112KB
-
memory/2208-480-0x0000000004250000-0x0000000004251000-memory.dmpFilesize
4KB
-
memory/2348-444-0x000002330B300000-0x000002330B320000-memory.dmpFilesize
128KB
-
memory/2348-440-0x000002330AD30000-0x000002330AD50000-memory.dmpFilesize
128KB
-
memory/2348-442-0x000002330ACF0000-0x000002330AD10000-memory.dmpFilesize
128KB
-
memory/2448-204-0x000001495A120000-0x000001495A140000-memory.dmpFilesize
128KB
-
memory/2448-206-0x0000014959DD0000-0x0000014959DF0000-memory.dmpFilesize
128KB
-
memory/2448-207-0x000001495A4E0000-0x000001495A500000-memory.dmpFilesize
128KB
-
memory/3184-372-0x0000029D65F60000-0x0000029D65F80000-memory.dmpFilesize
128KB
-
memory/3184-369-0x0000029D65B50000-0x0000029D65B70000-memory.dmpFilesize
128KB
-
memory/3184-367-0x0000029D65B90000-0x0000029D65BB0000-memory.dmpFilesize
128KB
-
memory/3192-243-0x000001EEA9220000-0x000001EEA9240000-memory.dmpFilesize
128KB
-
memory/3192-241-0x000001EEA9260000-0x000001EEA9280000-memory.dmpFilesize
128KB
-
memory/3192-245-0x000001EEA9630000-0x000001EEA9650000-memory.dmpFilesize
128KB
-
memory/3344-197-0x0000000004A30000-0x0000000004A31000-memory.dmpFilesize
4KB
-
memory/3788-464-0x000001DF399E0000-0x000001DF39A00000-memory.dmpFilesize
128KB
-
memory/3788-468-0x000001DF39DB0000-0x000001DF39DD0000-memory.dmpFilesize
128KB
-
memory/3788-466-0x000001DF399A0000-0x000001DF399C0000-memory.dmpFilesize
128KB
-
memory/3812-262-0x0000000004C30000-0x0000000004C31000-memory.dmpFilesize
4KB
-
memory/4044-432-0x0000000003030000-0x0000000003031000-memory.dmpFilesize
4KB
-
memory/4148-420-0x000001FF67EC0000-0x000001FF67EE0000-memory.dmpFilesize
128KB
-
memory/4148-418-0x000001FF678A0000-0x000001FF678C0000-memory.dmpFilesize
128KB
-
memory/4148-416-0x000001FF678E0000-0x000001FF67900000-memory.dmpFilesize
128KB
-
memory/4172-273-0x0000018EB2880000-0x0000018EB28A0000-memory.dmpFilesize
128KB
-
memory/4172-271-0x0000018EB2260000-0x0000018EB2280000-memory.dmpFilesize
128KB
-
memory/4172-269-0x0000018EB22A0000-0x0000018EB22C0000-memory.dmpFilesize
128KB
-
memory/4364-296-0x00000270B7850000-0x00000270B7870000-memory.dmpFilesize
128KB
-
memory/4364-299-0x00000270B7C60000-0x00000270B7C80000-memory.dmpFilesize
128KB
-
memory/4364-294-0x00000270B7890000-0x00000270B78B0000-memory.dmpFilesize
128KB
-
memory/4636-120-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/4636-122-0x0000000000480000-0x0000000000580000-memory.dmpFilesize
1024KB
-
memory/4636-309-0x0000000000480000-0x0000000000580000-memory.dmpFilesize
1024KB
-
memory/4636-121-0x0000000000400000-0x000000000046B000-memory.dmpFilesize
428KB
-
memory/5124-359-0x0000000004110000-0x0000000004111000-memory.dmpFilesize
4KB
-
memory/5268-396-0x0000027A477A0000-0x0000027A477C0000-memory.dmpFilesize
128KB
-
memory/5268-394-0x0000027A47390000-0x0000027A473B0000-memory.dmpFilesize
128KB
-
memory/5268-392-0x0000027A473D0000-0x0000027A473F0000-memory.dmpFilesize
128KB
-
memory/5400-408-0x0000000004950000-0x0000000004951000-memory.dmpFilesize
4KB
-
memory/5476-503-0x0000000004C20000-0x0000000004C21000-memory.dmpFilesize
4KB
-
memory/5580-384-0x0000000004AA0000-0x0000000004AA1000-memory.dmpFilesize
4KB
-
memory/5608-311-0x0000000004820000-0x0000000004821000-memory.dmpFilesize
4KB
-
memory/5632-511-0x0000015ED2B60000-0x0000015ED2B80000-memory.dmpFilesize
128KB
-
memory/5632-514-0x0000015ED2B20000-0x0000015ED2B40000-memory.dmpFilesize
128KB
-
memory/5912-456-0x0000000004800000-0x0000000004801000-memory.dmpFilesize
4KB
-
memory/6096-488-0x0000025138780000-0x00000251387A0000-memory.dmpFilesize
128KB
-
memory/6096-490-0x0000025138740000-0x0000025138760000-memory.dmpFilesize
128KB
-
memory/6096-492-0x0000025138B50000-0x0000025138B70000-memory.dmpFilesize
128KB
-
memory/6104-286-0x00000000041B0000-0x00000000041B1000-memory.dmpFilesize
4KB
-
memory/6136-335-0x0000000004490000-0x0000000004491000-memory.dmpFilesize
4KB