Malware Analysis Report

2025-03-14 22:37

Sample ID 240406-1x4erada23
Target 6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c
SHA256 6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c

Threat Level: Known bad

The file 6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Adds Run key to start application

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 22:02

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 22:02

Reported

2024-04-06 22:05

Platform

win7-20240319-en

Max time kernel

131s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2004 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2004 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2004 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2004 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2004 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2004 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2004 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2004 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1580 wrote to memory of 3008 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 1580 wrote to memory of 3008 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 1580 wrote to memory of 3008 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 1580 wrote to memory of 3008 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 3008 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 3008 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 3008 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 3008 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2556 wrote to memory of 2680 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2556 wrote to memory of 2680 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2556 wrote to memory of 2680 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2556 wrote to memory of 2680 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2552 wrote to memory of 2460 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2552 wrote to memory of 2460 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2552 wrote to memory of 2460 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2552 wrote to memory of 2460 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2460 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2460 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2460 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2460 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2688 wrote to memory of 2448 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2688 wrote to memory of 2448 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2688 wrote to memory of 2448 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2688 wrote to memory of 2448 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2448 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2448 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2448 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2448 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2596 wrote to memory of 2428 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2596 wrote to memory of 2428 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2596 wrote to memory of 2428 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2596 wrote to memory of 2428 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2428 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2428 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2428 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2428 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2500 wrote to memory of 2476 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2500 wrote to memory of 2476 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2500 wrote to memory of 2476 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2500 wrote to memory of 2476 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2476 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2476 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2476 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2476 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2404 wrote to memory of 880 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2404 wrote to memory of 880 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2404 wrote to memory of 880 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 2404 wrote to memory of 880 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe
PID 880 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 880 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 880 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 880 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe C:\Users\Public\Microsoft Build\Isass.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

Network

N/A

Files

\Users\Public\Microsoft Build\Isass.exe

MD5 d07cbcbe4256c9a58b1405e8eb434a12
SHA1 195338569378a407391a5a869f40bd62e4d82220
SHA256 5128caa2869ebec814e00512c3b8dd00aa4bfd2774f663d7368105f5abb63461
SHA512 73501f0fd0574fb0b94633cfec6fb9e7c7eef816e13c068c1a0d3cb9806252646a709002c8443679a30cba99adf1a5149aa04ca2d8be6b89ae9435905826f46e

memory/2004-8-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2004-10-0x0000000004260000-0x0000000005508000-memory.dmp

memory/2004-12-0x0000000004260000-0x0000000005508000-memory.dmp

memory/2852-16-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2004-14-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2004-17-0x0000000004860000-0x0000000005B08000-memory.dmp

memory/1580-18-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-19-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/1580-20-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/1580-25-0x0000000004C00000-0x0000000005EA8000-memory.dmp

memory/3008-27-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2556-26-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2556-28-0x00000000047C0000-0x0000000005A68000-memory.dmp

memory/2680-32-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2680-33-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2552-34-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2460-38-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2680-40-0x00000000047C0000-0x0000000005A68000-memory.dmp

memory/2688-39-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2428-49-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2404-69-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2724-65-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-73-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/796-82-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/1872-77-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/796-85-0x00000000047F0000-0x0000000005A98000-memory.dmp

memory/796-81-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2496-80-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1872-83-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2696-76-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1632-71-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1520-72-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/880-64-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/344-87-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/344-90-0x0000000004820000-0x0000000005AC8000-memory.dmp

memory/344-88-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/1640-91-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1640-92-0x0000000004850000-0x0000000005AF8000-memory.dmp

memory/2752-93-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2752-97-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1656-98-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2752-94-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2404-70-0x00000000047B0000-0x0000000005A58000-memory.dmp

memory/2476-58-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2500-63-0x00000000048C0000-0x0000000005B68000-memory.dmp

memory/2500-54-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2428-53-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2404-68-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2596-60-0x00000000047E0000-0x0000000005A88000-memory.dmp

memory/2752-102-0x00000000047D0000-0x0000000005A78000-memory.dmp

memory/1772-105-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/836-104-0x0000000004820000-0x0000000005AC8000-memory.dmp

memory/2812-109-0x0000000004880000-0x0000000005B28000-memory.dmp

memory/2184-111-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2852-112-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2812-115-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2184-110-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2184-117-0x0000000004BD0000-0x0000000005E78000-memory.dmp

memory/2812-108-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/836-101-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-118-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1736-122-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1736-125-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2000-124-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/1736-126-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2184-120-0x0000000004BD0000-0x0000000005E78000-memory.dmp

memory/2680-127-0x00000000047C0000-0x0000000005A68000-memory.dmp

memory/2688-128-0x00000000048D0000-0x0000000005B78000-memory.dmp

memory/2476-55-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2688-52-0x00000000048D0000-0x0000000005B78000-memory.dmp

memory/2596-46-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2552-47-0x0000000004810000-0x0000000005AB8000-memory.dmp

memory/2688-51-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2324-132-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2460-133-0x0000000004860000-0x0000000005B08000-memory.dmp

memory/2552-134-0x0000000004810000-0x0000000005AB8000-memory.dmp

memory/432-136-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/432-135-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2460-45-0x0000000004860000-0x0000000005B08000-memory.dmp

memory/2752-138-0x00000000047D0000-0x0000000005A78000-memory.dmp

memory/432-139-0x0000000004BD0000-0x0000000005E78000-memory.dmp

memory/1400-140-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2184-144-0x0000000004BD0000-0x0000000005E78000-memory.dmp

memory/1400-143-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2880-146-0x0000000004BE0000-0x0000000005E88000-memory.dmp

memory/2880-145-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2448-44-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2596-43-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/2552-35-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1084-152-0x00000000003B0000-0x00000000003B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

MD5 40e6081a84568a750c469df520dd0ae1
SHA1 fcc160e9f213a7ce674861c9f4efab2b9f0b13d5
SHA256 b33db48ce11539130b143caa2eec3a38c439de13a2aeffed07cb9b89bcc82fd4
SHA512 91feb528a2c033d0f5261a6c244b640a988d1a42caf0b8bd144a458555a1172e9ac7b23d2ff9304366559008cf3f92445ce59398a3756c0ed3ef343b824f82a2

memory/1084-156-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1388-160-0x0000000004B20000-0x0000000005DC8000-memory.dmp

memory/2852-167-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-168-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-176-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-177-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-183-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-184-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-195-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-196-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-204-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2852-205-0x0000000000400000-0x00000000016A8000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 22:02

Reported

2024-04-06 22:05

Platform

win10v2004-20240226-en

Max time kernel

21s

Max time network

26s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

"C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\6ba4fec5da19fee332e609af370d33543bdf4881408d9e85e1786528fbaacb1c.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 26.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp

Files

memory/2152-1-0x0000000000400000-0x00000000016A8000-memory.dmp

C:\Users\Public\Microsoft Build\Isass.exe

MD5 d07cbcbe4256c9a58b1405e8eb434a12
SHA1 195338569378a407391a5a869f40bd62e4d82220
SHA256 5128caa2869ebec814e00512c3b8dd00aa4bfd2774f663d7368105f5abb63461
SHA512 73501f0fd0574fb0b94633cfec6fb9e7c7eef816e13c068c1a0d3cb9806252646a709002c8443679a30cba99adf1a5149aa04ca2d8be6b89ae9435905826f46e

memory/2420-5-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2420-7-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/2152-6-0x0000000003E50000-0x0000000003E51000-memory.dmp

memory/2152-9-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1400-10-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1400-11-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/1400-12-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3972-13-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3972-14-0x0000000001A50000-0x0000000001A51000-memory.dmp

memory/3972-16-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4816-18-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

memory/4816-17-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4640-19-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2420-21-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4640-23-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/4640-22-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4592-24-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4592-25-0x0000000000180000-0x0000000000181000-memory.dmp

memory/4592-26-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2704-27-0x0000000001C00000-0x0000000001C01000-memory.dmp

memory/2704-29-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1932-30-0x0000000001B50000-0x0000000001B51000-memory.dmp

memory/1932-31-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2420-32-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4132-33-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4132-34-0x0000000002000000-0x0000000002001000-memory.dmp

memory/3532-37-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3532-38-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/4272-40-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4272-41-0x00000000019C0000-0x00000000019C1000-memory.dmp

C:\Users\Public\Microsoft Build\Isass.exe

MD5 bf795842926d1d3dc456b701c438a95d
SHA1 b12decc9f964b5d875952a35b2908a80ccc839e4
SHA256 060867801a7b7403fba43ee36a4b05347ce6df0642e89a9bdefa617b939af0a9
SHA512 f535dbbc2ce4b9a84e809617d00dba3d195dc1a64063878e67c98c4564675850771ea75548052fb4379e3aef0738fdc06561f0369b03bf15c7bda4c7fb12a84e