Analysis Overview
SHA256
8e135989b7a2632e22eb4af7b6793557efb615001457393bf06ffe26dc5ad5fe
Threat Level: Known bad
The file 8e135989b7a2632e22eb4af7b6793557efb615001457393bf06ffe26dc5ad5fe was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:16
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:16
Reported
2024-04-07 23:19
Platform
win7-20240221-en
Max time kernel
144s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}\stubpath = "C:\\Windows\\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}.exe" | C:\Windows\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}\stubpath = "C:\\Windows\\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}.exe" | C:\Windows\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{066E9405-A88F-475b-B516-A11BC7FF20DE} | C:\Windows\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{68F22C96-E553-449c-86B8-D666997174A9}\stubpath = "C:\\Windows\\{68F22C96-E553-449c-86B8-D666997174A9}.exe" | C:\Users\Admin\AppData\Local\Temp\8e135989b7a2632e22eb4af7b6793557efb615001457393bf06ffe26dc5ad5fe.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4} | C:\Windows\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3} | C:\Windows\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}\stubpath = "C:\\Windows\\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}.exe" | C:\Windows\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}\stubpath = "C:\\Windows\\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}.exe" | C:\Windows\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}\stubpath = "C:\\Windows\\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}.exe" | C:\Windows\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{303224E0-AA94-47d8-957E-2698585A1C1A}\stubpath = "C:\\Windows\\{303224E0-AA94-47d8-957E-2698585A1C1A}.exe" | C:\Windows\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F} | C:\Windows\{303224E0-AA94-47d8-957E-2698585A1C1A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0FACE99A-378C-4315-9FE4-FBE55743F25C} | C:\Windows\{68F22C96-E553-449c-86B8-D666997174A9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E} | C:\Windows\{0FACE99A-378C-4315-9FE4-FBE55743F25C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A} | C:\Windows\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3} | C:\Windows\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{303224E0-AA94-47d8-957E-2698585A1C1A} | C:\Windows\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}\stubpath = "C:\\Windows\\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}.exe" | C:\Windows\{303224E0-AA94-47d8-957E-2698585A1C1A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021} | C:\Windows\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{066E9405-A88F-475b-B516-A11BC7FF20DE}\stubpath = "C:\\Windows\\{066E9405-A88F-475b-B516-A11BC7FF20DE}.exe" | C:\Windows\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{68F22C96-E553-449c-86B8-D666997174A9} | C:\Users\Admin\AppData\Local\Temp\8e135989b7a2632e22eb4af7b6793557efb615001457393bf06ffe26dc5ad5fe.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0FACE99A-378C-4315-9FE4-FBE55743F25C}\stubpath = "C:\\Windows\\{0FACE99A-378C-4315-9FE4-FBE55743F25C}.exe" | C:\Windows\{68F22C96-E553-449c-86B8-D666997174A9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}\stubpath = "C:\\Windows\\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}.exe" | C:\Windows\{0FACE99A-378C-4315-9FE4-FBE55743F25C}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{68F22C96-E553-449c-86B8-D666997174A9}.exe | N/A |
| N/A | N/A | C:\Windows\{0FACE99A-378C-4315-9FE4-FBE55743F25C}.exe | N/A |
| N/A | N/A | C:\Windows\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}.exe | N/A |
| N/A | N/A | C:\Windows\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}.exe | N/A |
| N/A | N/A | C:\Windows\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}.exe | N/A |
| N/A | N/A | C:\Windows\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}.exe | N/A |
| N/A | N/A | C:\Windows\{303224E0-AA94-47d8-957E-2698585A1C1A}.exe | N/A |
| N/A | N/A | C:\Windows\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}.exe | N/A |
| N/A | N/A | C:\Windows\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}.exe | N/A |
| N/A | N/A | C:\Windows\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}.exe | N/A |
| N/A | N/A | C:\Windows\{066E9405-A88F-475b-B516-A11BC7FF20DE}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}.exe | C:\Windows\{303224E0-AA94-47d8-957E-2698585A1C1A}.exe | N/A |
| File created | C:\Windows\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}.exe | C:\Windows\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}.exe | N/A |
| File created | C:\Windows\{0FACE99A-378C-4315-9FE4-FBE55743F25C}.exe | C:\Windows\{68F22C96-E553-449c-86B8-D666997174A9}.exe | N/A |
| File created | C:\Windows\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}.exe | C:\Windows\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}.exe | N/A |
| File created | C:\Windows\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}.exe | C:\Windows\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}.exe | N/A |
| File created | C:\Windows\{303224E0-AA94-47d8-957E-2698585A1C1A}.exe | C:\Windows\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}.exe | N/A |
| File created | C:\Windows\{066E9405-A88F-475b-B516-A11BC7FF20DE}.exe | C:\Windows\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}.exe | N/A |
| File created | C:\Windows\{68F22C96-E553-449c-86B8-D666997174A9}.exe | C:\Users\Admin\AppData\Local\Temp\8e135989b7a2632e22eb4af7b6793557efb615001457393bf06ffe26dc5ad5fe.exe | N/A |
| File created | C:\Windows\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}.exe | C:\Windows\{0FACE99A-378C-4315-9FE4-FBE55743F25C}.exe | N/A |
| File created | C:\Windows\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}.exe | C:\Windows\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}.exe | N/A |
| File created | C:\Windows\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}.exe | C:\Windows\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8e135989b7a2632e22eb4af7b6793557efb615001457393bf06ffe26dc5ad5fe.exe
"C:\Users\Admin\AppData\Local\Temp\8e135989b7a2632e22eb4af7b6793557efb615001457393bf06ffe26dc5ad5fe.exe"
C:\Windows\{68F22C96-E553-449c-86B8-D666997174A9}.exe
C:\Windows\{68F22C96-E553-449c-86B8-D666997174A9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\8E1359~1.EXE > nul
C:\Windows\{0FACE99A-378C-4315-9FE4-FBE55743F25C}.exe
C:\Windows\{0FACE99A-378C-4315-9FE4-FBE55743F25C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{68F22~1.EXE > nul
C:\Windows\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}.exe
C:\Windows\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0FACE~1.EXE > nul
C:\Windows\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}.exe
C:\Windows\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F6F00~1.EXE > nul
C:\Windows\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}.exe
C:\Windows\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B9BDB~1.EXE > nul
C:\Windows\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}.exe
C:\Windows\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2A462~1.EXE > nul
C:\Windows\{303224E0-AA94-47d8-957E-2698585A1C1A}.exe
C:\Windows\{303224E0-AA94-47d8-957E-2698585A1C1A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C6028~1.EXE > nul
C:\Windows\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}.exe
C:\Windows\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{30322~1.EXE > nul
C:\Windows\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}.exe
C:\Windows\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{00EA5~1.EXE > nul
C:\Windows\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}.exe
C:\Windows\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6EF92~1.EXE > nul
C:\Windows\{066E9405-A88F-475b-B516-A11BC7FF20DE}.exe
C:\Windows\{066E9405-A88F-475b-B516-A11BC7FF20DE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AEFB0~1.EXE > nul
Network
Files
C:\Windows\{68F22C96-E553-449c-86B8-D666997174A9}.exe
| MD5 | 9f6af2fb1d6bdfad030cf037b58f526c |
| SHA1 | 719038e916328846a8d183ed5699779df2a38703 |
| SHA256 | 633f799f66dcfed1b298eb0c634e0e9bebcd9364ea13cf887028257022321145 |
| SHA512 | 48901a80bf1b20e0914584fb046f77f11dd1b7f4d9925f91046ebf573ea5f654c83330ae5b05b803d91cebff7c86718ec47c4ccfee4076f8ff70a8f8c7d4b3c4 |
C:\Windows\{0FACE99A-378C-4315-9FE4-FBE55743F25C}.exe
| MD5 | 94f2a84bc53615bf08316f280f5c6c57 |
| SHA1 | ecd1f265fa288f0ccc4a5ba0f6cf88b687005867 |
| SHA256 | 542a23cc31a8659742cbcad7920a2a8917a3315fc72b173921d13b8d42141671 |
| SHA512 | b07faa27e978efa291707f962c5d842e0efffb12a980c4c23a87b66f5bceac7337beb90dba4f0a571a41fb99d3a2da4bf4f1b640b588ba323d147519d3eff8ab |
C:\Windows\{F6F002B2-4FCB-487e-82F6-F0CB13EE528E}.exe
| MD5 | 137ebfe52a54c96d59bf193492e8e49e |
| SHA1 | 576d57b325c59b1c0927b16af8ee78392a413f23 |
| SHA256 | b283bcd47383a5a97d7ef1b515419e1b752025ad190befccbcc9b0ef4ad83f91 |
| SHA512 | aab549d86c0008baaf626cb6c6f14e82968d6f23ec67f2882883c94445442efbc671b5302b997fd44f30be7560f69eaba898262adc2d266e060f7e740a5e74f7 |
C:\Windows\{B9BDBFF5-A8C5-4a18-9BC8-36D7F2BA3E1A}.exe
| MD5 | 8d6aa06fb642f30330b4e79a226eaa13 |
| SHA1 | 0c34adaf6d5a785fbae62a8414b141bddcde1c38 |
| SHA256 | 905d83f96d25a9a2cb8692bc37e1bcb8ad5e0ca6e4d052c0e8ff00070425e75e |
| SHA512 | 18fdae530af2bef6728c0e13c16b18bf03707642db468e9af216a0db5294d10371bc301b1f4866959bbc157830937e552bb127dc8f76ad22cbd4577972fd573d |
C:\Windows\{2A462DB3-E887-4bb0-9C9C-BD5BABDA93F3}.exe
| MD5 | 9a503735f186c5f1c7a547005e5627b7 |
| SHA1 | 619e166763683bfb463a3358e3c67aacee6fcd85 |
| SHA256 | 4feb3beedd9bd9fc33720e3a12a961e331f2c22fe3da740d1978466694d220ac |
| SHA512 | afedec6a3466b063d5355543a85f9eaec0cb0ec33b47f3ce2ec71fff98b8e968047e7a55f1eeaa471d7df4216a51f2a8c4741497e7ca65236fd7d376f213966f |
C:\Windows\{C6028977-AD9E-4ec6-847A-FB4A88FE1CF4}.exe
| MD5 | 0731f0f975ddfb10e480fc924b0e7dcb |
| SHA1 | a8fd2d42489450b2c641784657c2d085a03881c8 |
| SHA256 | 090532feae0e8530aebbce4abf2c31d7221f153523df869d8ca29ae8d8bd8539 |
| SHA512 | 124c273e82e104012265598d623f8d75eb05121aacbb43cd546110a7e9509709b1ecbd0bda4dec0518f15e4a3c8dac310cd6480b88fa118e760953099ccb9534 |
C:\Windows\{303224E0-AA94-47d8-957E-2698585A1C1A}.exe
| MD5 | 05e589f625b0564ee3ba8589566abbbe |
| SHA1 | 3f93475a6ee68e484edc62d2b3f643d2bac9a0b3 |
| SHA256 | ea14ce9eca5bf6f7386a64a42d301feaaae39c1fd22c78e118e6c41fb6dc0a43 |
| SHA512 | 3aec7139e083aabc7093351c320b153a01d407b8418d3ade6911576f047f0970edb4e3a3f2b3764c44e8cbba8b35f80465c2ff194c3863e9f90ad1ec3c82ef88 |
C:\Windows\{00EA561E-1CDB-411c-92DE-F5E8AFEA1A8F}.exe
| MD5 | f21dd0c54ffdd702af0ec41b37573c33 |
| SHA1 | 4f0ceef4fdce62eaf327f36797546d5afe9a8fc4 |
| SHA256 | 362c69ca0640db50dc4227c67221c69becf7ef66f0adcff0672b7c06499fb8fc |
| SHA512 | fd80fcdb70e8afae3d0e5fd35bfe8576b4df7591185c470109bd56885c63f4515d6d7a5b642b474e96c5abec46c37c280a4c657aa6145ca50bfc8ed0a9f3d7b7 |
C:\Windows\{6EF9215B-CF6D-459d-8751-BBA8876AC8C3}.exe
| MD5 | 72a3aa1705cdc4a4af341ec60211718a |
| SHA1 | a5ce790f066a99e024bf5a9486d08e49ee8b2098 |
| SHA256 | 0d049330559c85e516ed78dcae2671793eb21d3f449eb288d0b058df2ca87d29 |
| SHA512 | 7103b8f67378a324df8955d4e8f57c9a5dd502aae58da76f62a3630ed59cfc16638755b457cee0710a7e88ecace9c2e1c86c66571c330fb7e078a000197d0fd2 |
C:\Windows\{AEFB00FE-6DFA-47ed-8ADB-2B8750C4D021}.exe
| MD5 | 77037ec05af61aea53de36d4e550a4fd |
| SHA1 | 453e6a2533a0aa993149e52426b52e0eb4eda2ba |
| SHA256 | 5276464f860d4cd8126aabd5df38209986650f2664e4fcfdaeca9d01c2ff665c |
| SHA512 | 352d1cd375a0684cf1a6cc689458b0888ecae691984baa8c4e881b14dedca06e5283d53f1d54dfe80aea00675568665ecfaf62293c9d04ea46bb4b22dd0ec32a |
C:\Windows\{066E9405-A88F-475b-B516-A11BC7FF20DE}.exe
| MD5 | b21530b4588e71e37aac540ecf945240 |
| SHA1 | 5015cfd40393818a5ec3bfb4aab18a0ce2b665f3 |
| SHA256 | e4cd0cac4659f54250063d3a70639d069689bcbcfd0eefb32fb4c0dcac8c45cd |
| SHA512 | eb7a90288ea01425ab25951b30c9a6c580fce12946ba42760b8da3016562980e61034712cbff9bc0e2c7e6e7461bb18663623959520d7182a3be792881db9e27 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:16
Reported
2024-04-07 23:17
Platform
win10v2004-20240319-en
Max time kernel
0s
Max time network
6s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\8e135989b7a2632e22eb4af7b6793557efb615001457393bf06ffe26dc5ad5fe.exe
"C:\Users\Admin\AppData\Local\Temp\8e135989b7a2632e22eb4af7b6793557efb615001457393bf06ffe26dc5ad5fe.exe"